Adding more Security classes to Data Set Security classifications

As of this moment we have the following Data Set security classifications:

  • Restricted – Data can only be accessed by authorized individuals or processes.

  • Public – Data is public facing, such as company name etc.

  • Personal – Data is personal

A customer has requested that we add in further security. At their organization, they use the following security:

  • Restricted - Restricted data requires strict privacy and security protections. Special authorization may be required for use and collection. Examples - data sets with individual Social Security Numbers (or last four of SSN), credit card transaction or cardholder data, patient health data, financial data, etc.

  • Sensitive - Data confidentiality required by law, policy, or contractual obligation but requires only internal privacy and security user protections.

  • Internal - Confidentiality of data is preferred, but information contained in data may be subject to open records disclosure. Examples - email correspondence, budget plans, etc.

  • Public - Data can be disclosed without restriction. Examples - directories, maps, sales materials, de-identified data sets, etc.

  • Tracy Goldberg
  • Jul 20 2020
  • Likely to Implement
  • Jul 20, 2020

    Admin response

    We have plans to make this configurable. We will update this Idea when we can tie this to a release plan.

  • Attach files
  • Dylan Wilbanks commented
    20 Jul, 2020 08:14pm

    Syniti team needs to identify how we want to support security classifications:

    1. What is our POV when it comes to classifications out of the box (e.g. support GIAC/SANS standard)?

    2. How customizable should this be for customers? (Highly customizable may create an immense amount of configuration overhead for users.)