Security classifications#

Data classification of security classification is a specialised term used in the fields of cybersecurity to describe the process of:

  • identifying

  • categorising and

  • protecting content according to its sensitivity or impact level. Data classification is needed before starting a risk analysis and defining an architecture to protect your assets.

Tip

Simple security classifications are the best.

A security classification specifies how people must protect the information and equipment they handle.

The classifications for material that should be protected because of security are:

  • RESTRICTED

  • CONFIDENTIAL

  • SECRET

  • TOP SECRET.

The classifications for material that should be protected because of personal privacy are:

  • IN CONFIDENCE or

  • SENSITIVE.

Unclassified information#

Information that doesn’t need a security classification is called ‘unclassified’ information. Most information fits in this category.

UNCLASSIFIED isn’t a real security classification, but it is used as a protective marking because it shows that the impact from unauthorised disclosure or misuse has been assessed.

Every large organisation must have a policy on how you will mark, protect, and handle information that needs increased protection but doesn’t qualify for a security classification.

Examples#

Defining a good security classification standard should not be made complex. Simple is remembered.

But in order to give you some more inspiration for defining your own security classification we provide you with a limited list of examples. This speeds up the process when you need to develop your classification system.