Page 92 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 92

SBU is used to protect information that could violate the privacy rights
               of individuals. This is not technically a classification label; instead, it is

               a marking or label used to indicate use or management.

               Unclassified Unclassified is used for data that is neither sensitive
               nor classified. The disclosure of unclassified data does not
               compromise confidentiality or cause any noticeable damage. This is
               not technically a classification label; instead, it is a marking or label
               used to indicate use or management.




                             An easy way to remember the names of the five levels of

                  the government or military classification scheme in least secure to
                  most secure order is with a memorization acronym: U.S. Can Stop

                  Terrorism. Notice that the five uppercase letters represent the five
                  named classification levels, from least secure on the left to most
                  secure on the right (or from bottom to top in the preceding list of
                  items).



               Items labeled as confidential, secret, and top secret are collectively
               known as classified. Often, revealing the actual classification of data to
               unauthorized individuals is a violation of that data. Thus, the term
               classified is generally used to refer to any data that is ranked above the

               unclassified level. All classified data is exempt from the Freedom of
               Information Act as well as many other laws and regulations. The
               United States (U.S.) military classification scheme is most concerned
               with the sensitivity of data and focuses on the protection of
               confidentiality (that is, the prevention of disclosure). You can roughly
               define each level or label of classification by the level of damage that

               would be caused in the event of a confidentiality violation. Data from
               the top-secret level would cause grave damage to national security,
               whereas data from the unclassified level would not cause any serious
               damage to national or localized security.

               Commercial business/private sector classification systems can vary
               widely because they typically do not have to adhere to a standard or
               regulation. The CISSP exam focuses on four common or possible

               business classification levels (listed highest to lowest and shown in
   87   88   89   90   91   92   93   94   95   96   97