Information classification schemes

Also from ComputerWeekly, Chief Information Officers need to take a leading role in setting up formal information classification schemes to stop them over-engineering them to comply with security regulations, according to a report from the Information Security Forum.

Well, yes – classifying information correctly is a corner stone of effective information security management. A simple scheme, that assumes that the bulk of information should be available to all employees with only specific types of information restricted on a need to know basis is the most practical approach available. It’s all discussed at length in my book, International IT Governance.