You can't secure what you don't acknowledge.SM

Wednesday, April 13, 2016

Why data classification is a joke

I just saw this post on Slashdot about 0bama saying that classified means whatever it needs to mean. It reminds me of how data classification is treated as an information risk management function in the enterprise: mostly non-existent:



Data classification programs that do exist are typically a joke whereby IT and security handles everything with no involvement from the business or legal or legal handles everything with IT and security being out off the loop altogether. I wrote an article related to this for Ziff Davis a couple of years ago:
The funny thing about "confidential" information

...I'm not even sure why we bother going through the motions...it's like security policies that are not enforced - who are we kidding!?

No comments:

Post a Comment