Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Minimum Control Sets for Data Classifications
Those of you who have implemented a data or asset classification schema, do you also have minimum control sets (admin, physical, technical) that are tied to each category of data? For example, if the data handled is categorized as "highly sensitive," "confidential," or whatever label you've assigned to the data that presents the highest institutional risk, is there a minimum set of controls that have to be in place in the offices or business/academic units that routinely use this type of information? And if the answer is yes, would mind replying with a reference to those controls? Marty -- Martin Manjak CISSP, GIAC GSEC-G Information Security Officer University at Albany MSC 209 518/437-3813 The University at Albany will never ask you to reveal your password. Please ignore all such requests.