What is it?
Information classification is an on-going risk management process that helps identify critical information assets - data, records, files - so that appropriate information security controls can be applied to protect them. It is the cornerstone of an effective and efficient business-aligned information security program.
Your agencies retain a wide variety of information assets, many of which are sensitive and/or critical to your mission and business functions and services. Information is being accessed through, and maintained in, a wider variety of formats and environments. If you do not know what information assets you have, their value to the business, and where they are stored, how can you assure they are protected properly?
Why is it important?
We are obligated to protect the information that New York State (NYS) citizens and business partners have entrusted to our care. Agency heads are ultimately responsible for assuring this occurs. Loss of information can lead to operational and productivity impact, compliance, legal, financial and reputational risk and potential loss of public trust. It is far less expensive to apply resources toward ensuring appropriate controls, than to experience a breach and have to notify affected parties and remediate after-the-fact.
What resources are available to me?
Resources to support your information classification efforts are available for download below:
Information Classification Toolkit
- Presentation to Pilot Agency Commissioners
- Information Classification Overview
- Information Security Policy
- Information Classification Standard
- Information Security Controls Standard
- Secure System Development Life Cycle (SDLC) Standard
- Online IACS Demo (MP4 video format - video is provided by the ITS Training Unit and is hosted on an ITS server.)
- Online Information Classification Training
- Information Asset Classification System (IACS) General Information
- Access Request Form
- User Guide
- Information Classification and Information Security Controls Standards Frequently Asked Questions
- Recommended Classifications of Common Data Sets
For further information, please contact the Office of Information Technology Services Enterprise Information Security Office at 518-242-5200 or email at [email protected].