“Information classification can and should be viewed as a kind of risk analysis”
The figure above shows a general model for information classification (Source: www.informationssakerhet.se)
“An important element of work on information classification is the creation of a register of information assets”
“Which information flow should be mapped is an important question”
“When the information assets have been identified and recorded, it is important to confirm responsibilities for the information”
“To summarise, bear this in mind when creating a cloud strategy”
- Consider Information Classification to be an element of risk analysis work.
- Identify the information assets in the most important business process. The best way to do this is in a workshop with those responsible for information security, a legal advisor, IT manager, quality manager and personal data representative, all under the guidance of a moderator.
- Classify the assets and identify the level of protection needed in order to assess the risks of processing data in the cloud.
- Appoint information owners in order to implement information management requirements in day-to-day work.
Finally, a tip on a good Swedish source for support and inspiration in the task of developing a structured, systematic work process for information security – www.informationssakerhet.se.
Please get in touch if you have any thoughts on the subject. My colleagues and I are happy to take part in a discussion on how your organisation can not only survive, but be one of the winners in our wonderful new digitised world.
Kennet Wahlberg, Senior Advisor in the field of business continuity, information security and security awareness, Enfo Zipper.