Register now or log in to join your professional community.
Not all information is equal and so not all information requires the same degree of protection. This requires information to be assigned a security classification.
Step1. Identify those information elements that are important
Step2. Have the strategy for protecting those data elements (Information Risk Management)
Step3. Data classification helps as part of the awareness for protecting the right types of data.
Yes not all of the "Information Systems" are equal but there is a standard plan or security architect used to protect your information system which is ofcourse based on the computer network/s used in your system.
The difference will come to what type of data I will be protecting and how far the company or the organization is willing to secure it.
Each and every organization is having its own security policy for data protection;
The links below might help;
http://www.websense.com/content/support/library/deployctr/v76/dic_data_protect.aspx
http://web.stanford.edu/group/security/securecomputing/dataclass_chart.html
http://www.cmu.edu/iso/governance/guidelines/data-classification.html
https://security.berkeley.edu/content/draft-data-classification-standard