Figure 5.1 shows the relationship between these different
               classifications with the government classifications on the left and the

               nongovernment (or civilian) classifications on the right. Just as the
               government can define the data based on the potential adverse impact
               from a data breach, organizations can use similar descriptions.

               Both government and civilian classifications identify the relative value
               of the data to the organization, with top secret representing the
               highest classification for governments and confidential representing

               the highest classification for organizations in Figure 5.1. However, it’s
               important to remember that organizations can use any labels they
               desire. When the labels in Figure 5.1 are used, sensitive information is
               any information that isn’t unclassified (when using the government
               labels) or isn’t public (when using the civilian classifications). The
               following sections identify the meaning of some common
               nongovernment classifications. Remember, even though these are
               commonly used, there is no standard that all private organizations

               must use.







































               FIGURE 5.1 Data classifications