Categorizing information
Assign topic to the user
ISO 27001 INFORMATION SECURITY POLICY
Define the main rules for information security management.
Get it now 
ISO 27001 INFORMATION SECURITY POLICY
Define the main rules for information security management.
Get it now
ISO 27001 INFORMATION SECURITY POLICY
Define the main rules for information security management.
Get it now
Answer: Usually, information categorization is done based on the results of the risk assessment: the higher the value of information (the higher the consequence of breaching the confidentiality), the higher the classification level should be. As for the number of levels, ISO 27001 does not prescribe the levels of classification – this is something you should develop on your own, based on what is common in your country or in your industry. The most common arrangements consider 3 or 5 levels.
This article will provide you further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
These materials will also help you regarding information classification:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 11, 2018