Classifying an Organization’s Sensitive Data

Respond to the following in a minimum of 175 words: 

 Organizations need to know the value of their data to find the best way to protect it. The data must be categorized according to the organization’s level of concern for confidentiality, integrity, and availability. The potential impact on assets and operations should be known in case data, systems, and/or networks are compromised (through unauthorized access, use, disclosure, disruption, modification, or destruction).

Choose an organization that you are familiar with preferably from the Manufacturing, Retail, Health Care, Finance, or Education sectors to study throughout this course. You can use your own employer or another organization. I do encourage you to choose one that you have some experience with as there are significant differences and requirements between the different vertical markets.

Based on your chosen organization, ensure you:

• Discuss the organization’s data. What types of data does it have? Is any of the data subject to regulatory security requirements (FERPA, HIPPA, GDPR, etc.) Is some of the data used or generated outside of the US?
• Discuss the organization’s categorization of the data based on the Standards for Security Categorization of Federal Information and Information Systems.

Note: You will use information from this discussion in this week’s assignment Encryption Methodologies to Protect an Organization’s Data.