From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 23,100 courses taught by industry experts.

Labeling

Labeling

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Labeling

- [Instructor] Documenting your data classification policy is a fantastic first step towards securing your data. But if no one acts on that policy, if it just sits in a folder collecting virtual dust, then it hasn't really changed anything, has it? A crucial connection between your data classification policy and the security controls that provide true data protection are the labels that help data owners and data custodians determine which controls are appropriate for each data set. At a high level, there are two labels that you'll want to apply to the data that your apps process in store. The first label is sensitivity. This label helps you determine who should have access to your data based on how much harm someone could do to your organization if that data were to ever fall in the wrong hands, which is why you need the second label, which is impact. This label helps you measure that level of harm. It answers the question, "How much damage could an adversary inflict on our…

Contents