Data Classification Standard
Table of Contents
- CONFIDENTIAL (historically referred to as Category I)
- CONTROLLED (historically referred to as Category II)
- PUBLISHED (historically referred to as Category III)
To classify your data, you must start by understanding what the classifications are. There are specific laws and regulations that govern some specific types of data. Additionally, there are situations where you must consider whether the confidentiality, integrity, or availability of the data is a factor. Finally, consider that you may be storing information on more than one system, such as moving data between computers by CD or flash drive, for example. If you rate only your primary computer as Confidential, but not your secondary computer or the transfer media, the secondary computer could put data at risk because it won't be well protected.
4.1. Confidential Data
Examples of How Data Can Be Lost
|
Impact of Confidential Data Loss
|
---|---|
|
|
Protect your Confidential data by applying the appropriate Minimum Security Standards.
4.2. Controlled Data
Controlled university data that is not otherwise identified as Confidential data, but which is releasable in accordance with the Texas Public Information Act (e.g., contents of specific e-mail, date of birth, salary, etc.) Such data must be appropriately protected to ensure a controlled and lawful release.
Examples of How Data Can Be Lost
|
Impact of Controlled Data Loss
|
---|---|
|
|
Protect your Controlled data by applying the appropriate Minimum Security Standards.
4.3. Published Data
University data not otherwise identified as Confidential or Controlled data (e.g., publicly available). Such data have no requirement for confidentiality, integrity, or availability.
Examples of How Data Can Be Lost
|
Impact of Published Data Loss
|
---|---|
|
|
Protect your Published data by applying the appropriate Minimum Security Standards.
The policies and practices listed here inform the system hardening procedures mentioned in this document; you should be familiar with these documents. (This is not an all-inclusive list of policies and procedures that affect information technology resources.)
- UT System (UTS 165) Information Resources Use and Security Policy
- UTRGV (AUP) Acceptable Use Policy
- Computer Security Standard
- Extended list of confidential data
- Data Classification Guide
- Data Protection Standard for Personally Owned Mobile Devices
Revision History
Version | Date | New | Original |
---|---|---|---|
1.0 | 2/16/2017 | Created document | Entire document has changed. |
2.0 | 3/20/2017 | Minor changes | Corrections and added new links |
UT – Austin Information Security Office (https://security.utexas.edu/)
Name |
Role |
Date |
Thomas Owen | Approval | 4/13/2017 |