Shen should a user classify and tag a sensitive document???
Answers
Answer:
Dynamic data classification requires the integration of both manual processes involving employees as well as tools for automation and enforcement.”1
Within that spectrum, these three different approaches are the industry standard for data classification:
Content-based classification
Context-based classification
User-based classification
Each method analyzes a document and assigns a classification level to it; this “tag” is what drives data protection decisions and actions. How each company arrives at that decision, however, varies.
Content-based classification inspects and interprets files looking for sensitive information. Methods include fingerprinting and regular expression. This approach answers the question “What is in the document?” and relies upon examining the information inside the file, using a number of different techniques such as regular expression, fingerprinting, or Bayesian engines.
Context-based classification looks at application, location, or creator among other variables as indirect indicators of sensitive information. Context-based answers: How is the data being used? Who is accessing it? Where are they moving it? When are they accessing it? If content looks inside the box, context looks at the shipping label.
Both content- and context-based classification have varying levels of automation in them to drive rapid deployment, scalability, and accuracy.
Finally, user-based classification depends on a manual, end-user selection of each document. User-based classification relies on user knowledge and discretion at creation, edit, review, or dissemination to flag sensitive documents.
Each of those three deliver value, but to be most effective they need to align with the primary business need.