Database Reference
In-Depth Information
Sensitivity
Classiication
Definition
Typical Documents
Confidential business
information
Confidential business information
refers to information whose
disclosure may harm the business.
Such information may
include trade secrets as
described in the
Economic
Espionage Act of 1996 (18
U.S.C. ยง 1831-1839)
. In
practice, it may include sales
and marketing plans, new
product plans, and notes
associated with patentable
inventions. In publicly held
companies, confidential
information may include
"insider" financial data,
whose disclosure is regulated
by the United States
Securities and Exchange
Commission.
Typical Security Groups that reflect Security
Boundaries and Sensitivity Classifications
You want to ensure that sensitive documents are not available to people without
a need to know. You will want to set up the boundaries for access to documents
even if they are available to people within the enterprise. For example, accounting
information may be company confidential and available to people working in the
accounting department, but not available to people working in the sales department
or research and development.
On the other hand, we do not want to overburden security administrators with too
many security groups to associate to roles. The system will also slow down if a user
is authorized to too many security groups. We want the coarsest grain of security
classification that is consistent with the need to know.
Search WWH ::
Custom Search