Excellent video. I'm trying to find more information about how an organization specifically identifies data/information as Restricted, Confidential, Public, once the organization defines those terms at the higher policy level as you showed. 1) What kind of document does a person use to determine if their data/information is in one of the categories, (is it typically a database of data types, a spreadsheet, appendix to some other document), 2) If the data is not yet described in the organizations reference, can any individual decide the data's classification at the time of its use/sharing (if not, then who (which department head(s)) is classification authority for the business). I've seen examples in other organization's policies that they direct individuals to go look up the information's classification in *some reference that is inaccessible to me*, but I've never been able to get an example of that *reference*. Coming from the federal government/DoD side, it is all spelled out. But on a commercial business side, it appears ambiguous.
thank you
Excellent video. I'm trying to find more information about how an organization specifically identifies data/information as Restricted, Confidential, Public, once the organization defines those terms at the higher policy level as you showed. 1) What kind of document does a person use to determine if their data/information is in one of the categories, (is it typically a database of data types, a spreadsheet, appendix to some other document), 2) If the data is not yet described in the organizations reference, can any individual decide the data's classification at the time of its use/sharing (if not, then who (which department head(s)) is classification authority for the business). I've seen examples in other organization's policies that they direct individuals to go look up the information's classification in *some reference that is inaccessible to me*, but I've never been able to get an example of that *reference*. Coming from the federal government/DoD side, it is all spelled out. But on a commercial business side, it appears ambiguous.