A New Approach to Data Centric Security

Tuesday, October 18, 2011

Article by Michael Oberländer

Data Classification – A New Approach to Data Centric Security

The security of data is basically defined through the following three main parameters:

  • Availability
  • Integrity
  • Confidentiality

Classification is the approach to standardize or categorize something according to specified classes in order to sort out special attributes or subjects from a group of assets.

Commonly, data has been – if at all – classified only by its confidentiality (sensitivity) requirements.  This has led to a wrong focus solely on this single parameter, overachieving access controls over availability or integrity controls. 

This often resulted in money spent at the false issue or wasted since one had forgotten to assess the availability and integrity requirements as well, leaving the need for a second or third round of classification assessment.

Data has to be independently classified based on availability, integrity and confidentiality. The classification needs to be data centric, not focusing on the systems or databases (those will be addressed after the classification is being done), and being stored within the data itself. 

This will ensure that while data “travels” through the infrastructure, it will keep these attributes without relying on source systems or similar.  It will therefore allow decentralized filters or decision controls, what needs to be done with this data.

Finally, to allow for an easy to understand data & control markup, the Oberlaender-(C3) cube is being introduced.  It will also help to follow the necessary (and to be defined) practices and mechanisms to safeguard such data which is available in printed (document) form...

Download the rest of this white paper here:

13107
General
Information Security
Databases Data Classification Network Security Systems Information Security File Integrity Management Data Centric Security
Post Rating I Like this!