Data classification is used to determine how much effort, money and resources are allocated to protect certain assets (data).

Only securing low level → Sensitive data is easily accessible

Securing everything → Too expensive and restricts access (to unclassified and noncritical data)

Data States

Data at rest

Data stored on harddrives, on external USB drives, backup tapes etc.

Data in transit

Data that is bein transmitted over a network. Public networks (internet) or private networks using wires.

Data in use

Encrypted data that is stored in memory or in storage buffers, while an application uses it.

Sensitive data types

Personally identifiable information, protected health information, proprietary data

Personally Identifiable Information (PII)

Data that can help identify an individual.

• Any information that can be used to distinguish or trace an individuals identity.

Examples: Name, social security number, date and place of birth, biometric records

• Any information that is linkable to an individual

Examples: Medical, education, financial and employment information

Organizations have to protect the PII of their employees and their customers.