Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO2.3 - Data Classification Scheme

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO2.3 - Data Classification Scheme is contained within Process Popup Define the Information Architecture

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
130 Members
0 Online
5459 Visits

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer

Data Classification Scheme

Establish a classification scheme that applies throughout the enterprise, based on the criticality and sensitivity (e.g., public, confidential, top secret) of enterprise data. This scheme should include details about data ownership; definition of appropriate security levels and protection controls; and a brief description of data retention and destruction requirements, criticality and sensitivity. It should be used as the basis for applying controls such as access controls, archiving or encryption.

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Ensured availability of information that supports decision making
  • The focus of security investments based on criticality
  • Defined accountability for information integrity, availability and security
  • Data access consistently permitted based on defined security levels
  Risk Drivers
  • Inappropriate security requirements
  • Inadequate or excessive investments in security controls
  • Occurrence of privacy, data confidentiality, integrity and availability incidents
  • Non-compliance with regulatory or third-party requirements
  • Inefficient or inconsistent information for decision making

View Control Practices  help

Hide Control Practices  help

  1. Create a classification scheme that defines attributes for data classification, such as data ownership, definition of security levels (confidentiality, integrity and availability), a brief description of data retention and destruction requirements.
  2. Define data classification levels for each of the defined attributes (e.g., for confidentiality: public, internal, confidential).
  3. Identify business owners accountable for information (data owners).
  4. Ensure that the data owner classifies all information using the defined scheme and levels. Classification covers the whole life cycle of information from creation to disposal. Where an asset has been assessed as having a certain classification, any component inherits the same classification.
  5. Make owners understand the consequences of the classification, and balance security needs against cost considerations and other business requirements considering the value of the assets they own.
  6. Ensure that information and data are labelled, handled, protected and otherwise secured in a manner consistent with the data classification categories.

Discussions: 1 total

Must be a Topic member to contribute
Hi, I am performing an analysis on the impact of combining Internal and Confidential classification of information and the impact on Company policies and standards.  For example, what is the impact (riks and/or value) of combining Internal and Confidentia...
AdamPC | 11/2/2015 1:42:14 PM | COMMENTS(0)

Documents & Publications: 40 total

Must be a Topic member to contribute
View All »
Posted by ISACA 63 days ago
Posted by ISACA 532 days ago
Posted by ISACA 746 days ago
Posted by ISACA 798 days ago
Posted by ISACA 861 days ago

Events & Online Learning: 10 total

Journal Articles: 109 total

Volume 2, 2018
by Steven J. Ross, CISA, CISSP, MBCP
In this era of multi-modal technology, many disaster recovery issues are solved, some are simply transferred and a few are made worse.
Volume 2, 2018
by Rassoul Ghaznavi-Zadeh, CISM, COBIT Foundation, SABSA SCF, TOGAF 9
A top-down approach to enterprise security architecture can be used to build a business-driven security architecture.
Volume 2, 2018
by Joshua McDermott, CISA, CEH, CISSP, PMP
Over the past several years, big data has emerged as one of the top strategic technology priorities for organizations.
Volume 1, 2018
by Mike Van Stone, CISA, CISSP, CPA, and Ben Halpert
Ever-changing laws continue to increase the risk and cost of noncompliance when unintentional data losses occur.
Volume 1, 2018
by Mohammed J. Khan, CISA, CRISC, CIPM
To facilitate and administer the implementation of controls around the subject of big data, one must truly understand the concepts of deidentification, reidentification and anonymization.
Volume 1, 2018
by Adeniyi Akanni, Ph. D., CISA, CRISC, ITIL
This article describes a six-stage cycle of implementing big data in commercial banks, points out the major challenges in implementation and provides a suggested solution.

Wikis: 2 total

Blog Posts: 30 total

What do you think: when artificial intelligence (AI) will be smarter than humans? Can you predict it and if yes, when it will approximately happen in your opinion? Vote in poll at link below, please:
Posted By : Dragan Pleskonjic | 3 comments
Have you experienced ransomware attack so far and, if yes, what did you do to resolve? I set up Twitter poll here: It lasts for seven days. Thank you for taking part in the poll.
Posted By : Dragan Pleskonjic | 5 comments
My personal thoughts after listening to C-level executives at the CxO Roundtable Series sponsored by Intel, IBM, HyTrust & ReedSmith. For an invite, please reach out to me. Data Protection under the GDPR For past few months, I’ve been helping to org...
Posted By : Thomas152 | 1 comments
16 Jan 2018
Is it possible to use crowd-sourced security intelligence to predict future events? For this exercise, experimental web site Security Predictions has been built to harness the ‘wisdom of crowds’....
Posted By : Dragan Pleskonjic | 3 comments
Information Security and Privacy is hot issue at present time. Number of security breaches is rapidly increasing.  In case of late detection, costs of breaches are skyrocketing. In the same time Artificial Intelligence (AI), Machine Learning (ML) are fast...
Posted By : Dragan Pleskonjic | 0 comments
My previous blog under name "Dragan on Security" was at location: It was active from August 28, 2005 to October 3, 2012. By beginning of 2017 it is moved to new location With possibility to...
Posted By : Dragan Pleskonjic | 0 comments