Overlooking declassification

Overlooking declassification



Most security environments have classification schemes that are used to define and determine the sensitivity of the resources contained within. These classification schemes usually define elaborate classification procedures, criteria and security mechanisms. However, one aspect that is overlooked far too often is that of declassification.

Declassification is the means by which out of date, obsolete or marginalized data is moved from a higher classification level to a lower one. Declassification is an important part of any classification scheme for several reasons. If all resources remain at their initially assigned classification level forever, then the value of each classification scheme is reduced. This devaluation occurs as resources age or the reality they represent changes so that those resources no longer warrant the higher level of protection offered by the higher classification schemes.

The security provided at the higher classification levels is also more costly than the security offered at lower classification levels. If resources are not declassified when they no longer need the higher grade of protection, then the organization is wasting money providing high levels of protection when it is not needed. By declassifying data as needed, each classification level retains its value and the security each level provides is the most cost effective possible.

A clearly defined declassification process should be outlined and included in

    Requires Free Membership to View

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

the security documentation that outlines the classification structure. The declassification process should define when data is re-evaluated for a classification change, who has authority to recommend a classification change, the checks and balances procedures for validating that a resource should be re-classified, and the actual steps by which the label on a resource is changed and that resource is moved from one classification environment to another.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.


This was first published in January 2003

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.