Define the Levels of Protection

Once you have classified your Information, you next need to define the degree of protection required for each class.

As you define the levels of protection keep in mind that information classification applies primarily to ensuring Confidentiality of information. It does not have a direct impact on assessing the controls necessary to ensure the Integrity or Availability of information. One of the primary tools to ensure Confidentiality is encryption and, as a result, most information classification procedures are ultimately designed to determine whether encryption is required. You also need to consider access controls over who can see the data and over non-electronic forms of data.

For a further explanation of the classifications see the information classification discussion and the Encryption section.

©2008 ISRMC, LLC