C3WG / DSMM

Data Security Maturity Model
5 stars 1 forks source link

P9: Data classification #17

Open GuillaumeRoss opened 1 year ago

GuillaumeRoss commented 1 year ago

For an identify and classify domain, I feel it prudent to advise companies to define a data classification policy. Now, that's not the same as DLP-based data pattern matching. I mean a policy that outlines company data classification levels and the forms of data that could be in scope for each classification.

I don’t think we can ship this in V1 as the inclusion of a ‘governance’ domain feels like the right play and that has other moving parts.