The Information Security Forum (ISF) said introducing new security measures is daunting but is necessary to avoid a repetition of the high-profile data losses of recent months.
The members’ organisation had released a new report that claims businesses can save operational resources and reduce the risk of overspending by making sure information is adequately protected.
“While introducing an effective, enterprise-wide scheme is daunting, organisations can no longer afford to ignore its importance if further embarrassing data loses are to be avoided,” said Nick Frost, the report’s author.
Three-step process
Strong information classification procedures are also said to help enforce access control policies and can be used to demonstrate compliance with legislation like the Data Protection Act.
The ISF said businesses looking to classify information more effectively need to use a consistent three-step process. First, the level of confidentiality for a piece of information has to be determined. Then techniques need to be developed for communicating this level of classification around the business. Finally, the measures to protect the information have to be implemented accordingly.
Frost’s report says organisations that successfully improve their classification procedures will involve staff from HR, legal, audit and IT departments, as well as getting board level support.
“Having senior managers with a shared strategic vision and understanding of information classification and the value it can deliver is critical to overcome budgetary and organisational issues,” he said.
“It is also vital to run a successful pilot project to show a ‘quick win’ to demonstrate the benefits.”
To find out more, click here.