Page 322 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 322
names, addresses, and birthdates, of approximately 143 million
Americans.
However, even though you might never hear about smaller data
breaches, they are happening regularly, with an average of more than
25 reported data breaches a week in 2017. The following sections
identify basic steps people within an organization follow to limit the
possibility of data breaches.
Marking Sensitive Data and Assets
Marking (often called labeling) sensitive information ensures that
users can easily identify the classification level of any data. The most
important information that a mark or a label provides is the
classification of the data. For example, a label of top secret makes it
clear to anyone who sees the label that the information is classified top
secret. When users know the value of the data, they are more likely to
take appropriate steps to control and protect it based on the
classification. Marking includes both physical and electronic marking
and labels.
Physical labels indicate the security classification for the data stored
on assets such as media or processed on a system. For example, if a
backup tape includes secret data, a physical label attached to the tape
makes it clear to users that it holds secret data.
Similarly, if a computer processes sensitive information, the computer
would have a label indicating the highest classification of information
that it processes. A computer used to process confidential, secret, and
top secret data should be marked with a label indicating that it
processes top secret data. Physical labels remain on the system or
media throughout its lifetime.
Many organizations use color-coded hardware assets to
help mark it. For example, some organizations purchase red USB
flash drives in bulk, with the intent that personnel can copy only
classified data onto these flash drives. Technical security controls
identify these flash drives using a universally unique identifier
