CMGT 431 Wk 1 Discussion: Sensitive Data Classification

Post a minimum total of 3 substantive responses over 2 separate days for full participation. This includes your initial post and 2 replies to other students. For more information on what is considered a substantive response, please review the announcement on this topic.

Due Thursday

Respond to the following in a minimum of 175 words:

Organizations need to know the value of their data to find the best way to protect it. The data must be categorized according to the organization’s level of concern for confidentiality, integrity, and availability. The potential impact on assets and operations should be known in case data, systems, and/or networks are compromised (through unauthorized access, use, disclosure, disruption, modification, or destruction).

Choose an organization that you are familiar with from the Manufacturing, Retail, Health Care, Finance, or Education sectors to study throughout this course. You can use your own employer or another organization. I do encourage you to choose one that you have some experience with as there are significant differences and requirements between the different vertical markets.

Based on your chosen organization, ensure you:

Discuss the organization’s data. What types of data does it have? Is any of the data subject to regulatory security requirements (FERPA, HIPPA, GDPR, etc.) Is some of the data used or generated outside of the US?

Discuss the organization’s categorization of the data based on the Standards for Security Categorization of Federal Information and Information Systems.

Note: You will use information from this discussion in this week’s assignment Encryption Methodologies to Protect an Organization’s Data.