Problem solve Get help with specific problems with your technologies, process and projects.

Overlooking declassification

Classification schemes are important to security policies, but so are the often overlooked declassification schemes.

Most security environments have classification schemes that are used to define and determine the sensitivity of...

the resources contained within. These classification schemes usually define elaborate classification procedures, criteria and security mechanisms. However, one aspect that is overlooked far too often is that of declassification.

Declassification is the means by which out of date, obsolete or marginalized data is moved from a higher classification level to a lower one. Declassification is an important part of any classification scheme for several reasons. If all resources remain at their initially assigned classification level forever, then the value of each classification scheme is reduced. This devaluation occurs as resources age or the reality they represent changes so that those resources no longer warrant the higher level of protection offered by the higher classification schemes.

The security provided at the higher classification levels is also more costly than the security offered at lower classification levels. If resources are not declassified when they no longer need the higher grade of protection, then the organization is wasting money providing high levels of protection when it is not needed. By declassifying data as needed, each classification level retains its value and the security each level provides is the most cost effective possible.

A clearly defined declassification process should be outlined and included in the security documentation that outlines the classification structure. The declassification process should define when data is re-evaluated for a classification change, who has authority to recommend a classification change, the checks and balances procedures for validating that a resource should be re-classified, and the actual steps by which the label on a resource is changed and that resource is moved from one classification environment to another.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

This was last published in January 2003

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.