Most security environments have classification schemes that are used to define and determine the sensitivity of the resources contained within. These classification schemes usually define elaborate classification procedures, criteria and security mechanisms. However, one aspect that is overlooked far too often is that of declassification.
Declassification is the means by which out of date, obsolete or marginalized data is moved from a higher classification level to a lower one. Declassification is an important part of any classification scheme for several reasons. If all resources remain at their initially assigned classification level forever, then the value of each classification scheme is reduced. This devaluation occurs as resources age or the reality they represent changes so that those resources no longer warrant the higher level of protection offered by the higher classification schemes.
The security provided at the higher classification levels is also more costly than the security offered at lower classification levels. If resources are not declassified when they no longer need the higher grade of protection, then the organization is wasting money providing high levels of protection when it is not needed. By declassifying data as needed, each classification level retains its value and the security each level provides is the most cost effective possible.
A clearly defined declassification process should be outlined and included in
About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.
This was first published in January 2003