SlideShare a Scribd company logo

Clasify information in education field

Nebojsa Stefanovic
Nebojsa Stefanovic

Each information is a set of new data about a fact or event, hitherto unknown by increasing the knowledge increment. In the field of education and knowledge, information is created, transmitted and received extremely dynamically. The paper describes the procedures for categorizing information sets according to the set security goals represented in the field of education, transferring levels of influence higher or lower than the default based on the magnitude of the damage caused by compromising information. Due to the fact that the level of influence of information is related to the activity of the Commissioner for Information of Public Importance, when analyzing the content, there is a compromise of different types of information.

Government & Nonprofit
1 of 22
Download to read offline
CLASSIFICATION OF INFORMATION IN EDUCATION FIELD Prof. NEBOJŠA STEFANOVIĆ
DEFINITION AND CLASSIFICATION OF INFORMATION • A set of new data about a fact, an event that increases The former level of knowledge. • Area of education is particularly dynamic In the receipt and exchange of information. • Setting security objectives. • The method receives information which unambiguously corresponding categorical tag represents the degree of sensitivity of information classification. • In accordance with a defined level of categories of managed information. 2
CLASSIFICATION OF INFORMATION - TYPES SECRECY –PRESENT SITUATION • The level of impact of information is associated with the activities of the commissioner for information of public importance and personal data protection • Area classification is regulated by the law legislation. • Generally, information according to the type of secrecy are divided into the following categories: • ARMY, • STATE, • OFFICIAL. 3
TYPES AND DEGREE SECRECY OF INFORMATION Certain types of classification to be added • Business and • Professional secret. The degree of secrecy is generally defined as state, strictly confidential, confidential and internal without determining the degree of classification. Wrong assumption that all other information that does not belong to the above treated as public information, phone numbers, addresses, .. (except personal). 4
INFORMATIONS - INFORMATION SYSTEMS Different approach presented in this paper is based primarily on the integration of informations - information systems (IS) is based on a holistic approach to classifying information, the establishment of sustainable processes and operational implementation of categorization. 5
SAFETY CATEGORY Security categories are based on the potential impact of events on the institution that endanger information and IS in accomplishing assigned tasks, asset protection, fulfillment of legal obligations and maintenance functions and the protection of individuals. The proposed three levels of influence • LOW, • MODERATE AND • HIGH 6
SECURITY OBJECTIVES Mandatory security objectives are: • CONFIDENTIALITY, • INTEGRITY AND • THE AVAILABILITY OF INFORMATION Definitions: CONFIDENTIALITY - Represents preserving authorized restrictions on information access and disclosure, including means for personal privacy and information about property ownership. The loss of confidentiality is the unauthorized disclosure of information.7
SECURITY OBJECTIVES • INTEGRITY - Is protection of the improper information modification or destruction of information, and includes providing information of authentication and non-repudiation. Loss of integrity is the unauthorized modification or destruction of data. • AVAILABILITY - Is the provision of timely and reliable access to and use of information. The loss of availability to interrupt access to or use of data or availability of an information system. 8
LEVEL OF INFLUENCE • The potential impact is low if the loss of confidentiality, integrity and availability of such is to be expected limited negative impact on business operations, assets, or individuals. • The potential impact is moderate if the loss of confidentiality, integrity and availability such that it can be expected to have a serious negative impact on business operations, assets, or individuals and can cause significant drop capabilities in scope and duration that the institutions are able to perform as its primary function, 9
LEVEL OF INFLUENCE • The potential impact is high if the loss of confidentiality, integrity and availability such that it can be expected to have a severe or catastrophic adverse effect on the operations or individuals. • Serious or catastrophic adverse effect means that, loss of confidentiality, integrity and availability may cause a serious decline or loss of ability in relation to the scope and duration so that the institution is unable to perform one or more of its basic functions and result in great damage on resources, large financial losses or cause a serious or catastrophic harm to individuals resulting in death or serious life threatening injuries. 10
SECURITY CATEGORY EXPRESSION FORM SAFETY CATEGORY(TYPEOFINFORMATION) = {[(COFIDENTIALITY, INFLUENCE,); (INTEGRITY, INFLUENCE); (AVAILABILITY, INFLUENCE)} 11
A METHOD OF CATEGORIZING • The methodology used to identify the type of information is as follows: • Identifying core business areas and tasks which supports IS considered; • Identifying the internal and / or external operations for each business area and the assigned task, area or business flows and description of IS in functional terms; • Identifying sub function necessary for the performance of each business areas or activities; • Identifying the main types of information with the identified sub-functions where necessary. 12
13 1 2 3 5 IDENTIFY THE TYPE OF INFORMATION CHOOSE THE TEMPORARY LEVE IMPACT INFORMATION CRITICAL EVELUATION ALLOCATED TO LEVEL OF INFLUENCE INFORMATION HARMONIZE LEVEL IMPACT OF INFORMATION ASSIGN SECURITY CATEGORY OF INFORMATION RECOMMENDATION FOR LEVEL IMPACT OF THE INFORMATION SYSTEM 4 RECOMENDATION FOR LEVEL IMPACT COMMON TYPE OF INFORMATION RECOMENDATION FOR LEVEL ON INFLUENCE OF SPECIFIC TYPE OF INFORMATION ASSIGN SAFETY LEVEL INFORMATION SYSTEM
IMPLEMENTATION OF CLASSIFICATION • For the classification of confidential information in each educational institution it is necessary to establish a special expert working group to identify confidential information, ways of storing, transmitting, copying and destroying them. 14
MANAGEMENT • Operating results of educational institutions consist of common and specific types of information. 15
Management Information and technology management Information resource management Development system Human Resource Management Life Cycle / Change Management Human Resource Management IT security Manage earnings / expense reimbursements Information management information Training and development resources Financial management Manage confidentiality checks Accounting Employment Finances Administration Management Collections and receivables Facility Management / Time / Equipment Asset and Liability Management Ancillary services of the institution Reporting and information Security Supply Chain Management Management Procurement of goods Workplace Management and Development Policy Inventory control Maintenance system Procurement service Logistics management 16 THE BUSINESS MODEL OF EDUCATIONAL INSTITUTIONS
OTHER FACTORS When the educational institution determines the level of influence and categorize safety by applying the above criteria, considering the effects on safety for each type of information, analyzing the aforementioned conditions in the table below: • Factors confidentiality common information • Factors integrity common information: • Factors availability of common information 17
CATEGORIZATION OF INFORMATION IN EDUCATION FIELD. SECURITY OBJECTIVES LOW MODERATE HIGH Confidentiality Keeping the authorized limit access to information and discovery, including the means for personal privacy and ownership information. Unauthorized disclosure of information may have limited negative impact on business operations, assets, or individuals. Unauthorized disclosure of information may have a serious negative impact on business operations, assets, or individuals. Unauthorized disclosure could have serious or catastrophic bad impact on business operations, assets, or individuals. Integrity Storing information from unauthorized modification or destruction, and includes ensuring non-repudiation and authenticity of information. Unauthorized modification or destruction of information can have a limited negative impact on business operations, assets, or individuals. Unauthorized modification or destruction of information can have a serious negative impact on business operations, assets, or individuals. Unauthorized modification or destruction of information can have a severe or catastrophic adverse effect on business operations, assets, or individuals. Availability The provision of timely and reliable access to and use of information. Obstruction of access to information system or the use of data or may have a limited negative impact on business operations, assets, or individuals. Obstruction of access to information system or use of data can have a serious negative impact on business operations, assets, or individuals. Obstruction of access to information system or use of data can have serious negative or disastrous bad impact on business operations, assets, or individuals. 18
RECOMMENDED SECURITY LEVEL INFORMATION Security categorization support the transfer of inf. Confidentiality Integrity Availability Public affairs Relations with local government / Ministry Moderate Moderate Low Jobs educational institutions Execution of the function of education Low Low Low Human Resources Management Strategy and Human resource management Low Low Low Internal risk management services Recovery costs of information system Moderate Low Low Information and management system System development Low Moderate Low IT System maintenance Moderate Moderate Niska Maintenance of infrastructure IS Niska Moderate Moderate 19
WHICH WAY TO GO • Creating a catalog of information • Determining the degree of granulation information 20
BUSINESS AREAS MINISTRY OF EDUCATUON REPUBLIC OF SERBIA • Information in the primary, secondary and vocational education, • Information in higher education • Other types of information in education, • Information regarding counseling and types of consulting information, • Information related to permits and licenses, • Information related to the implementation and respect of legislation regarding inspection and audit, • Information about the security of certain kinds of information, • Information related to the information system and monitoring networks • Information exchange type of information, • Information of general-purpose and statistical information 21
CONCLUSION • Disorganized system of protection of information is reflected in security. • The awareness of employees about the importance of compliance with data protection regulations still not at a satisfactory level. • Adopting regulations, directives and other regulations governing protection of information and practical application in dealing with classified information and continuous training of employees in the areas of information security. • Join the categorization of information by defining security objectives. • Access and categorization of is that create, preserve, process and transmit such information. • Security categorization does not require the investment 22

Recommended

Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftDavid J Rosenthal
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsNicholas Van Exan
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)ITNet
 

Recommended

Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftDavid J Rosenthal
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsNicholas Van Exan
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)ITNet
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor PrivacyRaymond Cunningham
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityJasleen Khalsa
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgEric Vanderburg
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset SecurityHamed Moghaddam
 
Information security
Information securityInformation security
Information securitySanjay Tiwari
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointbradleyl2
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsRd. R. Agung Trimanda
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 
Himss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiHimss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiFeisal Nanji
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overviewstevemarsden
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilitiesPeter Henley
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
2021FSAConfSession22.pptx
2021FSAConfSession22.pptx2021FSAConfSession22.pptx
2021FSAConfSession22.pptxssuser4102fa
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 

More Related Content

What's hot

Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgEric Vanderburg
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset SecurityHamed Moghaddam
 
Information security
Information securityInformation security
Information securitySanjay Tiwari
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointbradleyl2
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsRd. R. Agung Trimanda
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 
Himss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiHimss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiFeisal Nanji
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overviewstevemarsden
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilitiesPeter Henley
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 

What's hot (19)

Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset Security
 
Information security
Information securityInformation security
Information security
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power point
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloud
 
Himss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiHimss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanji
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilities
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 

Similar to Clasify information in education field

Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
2021FSAConfSession22.pptx
2021FSAConfSession22.pptx2021FSAConfSession22.pptx
2021FSAConfSession22.pptxssuser4102fa
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 
Information Asset Classification .pptx
Information Asset Classification .pptxInformation Asset Classification .pptx
Information Asset Classification .pptxDrRajapraveen
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehAnne Starr
 
Information and network security 4 osi architecture
Information and network security 4 osi architectureInformation and network security 4 osi architecture
Information and network security 4 osi architectureVaibhav Khanna
 
NIST Privacy Engineering Working Group - Risk Model
NIST Privacy Engineering Working Group - Risk ModelNIST Privacy Engineering Working Group - Risk Model
NIST Privacy Engineering Working Group - Risk ModelDavid Sweigert
 
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptxVITNetflix
 
Closing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsClosing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsPrivacera
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach CostResilient Systems
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
Information classification
Information classificationInformation classification
Information classificationJyothsna Sridhar
 
ISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptxISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptxcomstarndt
 
Introduction to Information Management.pptx
Introduction to Information Management.pptxIntroduction to Information Management.pptx
Introduction to Information Management.pptxRodolfoIII2
 
Introduction to Incident Response Management
Introduction to Incident Response ManagementIntroduction to Incident Response Management
Introduction to Incident Response ManagementDon Caeiro
 
Data Classification .pptx
Data Classification .pptxData Classification .pptx
Data Classification .pptxshalinityagi112
 
005. Ethics, Privacy and Security
005. Ethics, Privacy and Security005. Ethics, Privacy and Security
005. Ethics, Privacy and SecurityArianto Muditomo
 

Similar to Clasify information in education field (20)

Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
2021FSAConfSession22.pptx
2021FSAConfSession22.pptx2021FSAConfSession22.pptx
2021FSAConfSession22.pptx
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security Program
 
Information Asset Classification .pptx
Information Asset Classification .pptxInformation Asset Classification .pptx
Information Asset Classification .pptx
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
Information and network security 4 osi architecture
Information and network security 4 osi architectureInformation and network security 4 osi architecture
Information and network security 4 osi architecture
 
Responsible for information
Responsible for informationResponsible for information
Responsible for information
 
NIST Privacy Engineering Working Group - Risk Model
NIST Privacy Engineering Working Group - Risk ModelNIST Privacy Engineering Working Group - Risk Model
NIST Privacy Engineering Working Group - Risk Model
 
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
 
Closing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsClosing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service Analytics
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
 
Information classification
Information classificationInformation classification
Information classification
 
ISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptxISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptx
 
Introduction to Information Management.pptx
Introduction to Information Management.pptxIntroduction to Information Management.pptx
Introduction to Information Management.pptx
 
Introduction to Incident Response Management
Introduction to Incident Response ManagementIntroduction to Incident Response Management
Introduction to Incident Response Management
 
1200 clare sanderon hse ireland
1200 clare sanderon hse ireland1200 clare sanderon hse ireland
1200 clare sanderon hse ireland
 
Data Classification .pptx
Data Classification .pptxData Classification .pptx
Data Classification .pptx
 
005. Ethics, Privacy and Security
005. Ethics, Privacy and Security005. Ethics, Privacy and Security
005. Ethics, Privacy and Security
 

Recently uploaded

Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Call Girls in Nagpur High Profile
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlEdouardHusson
 
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.Christina Parmionova
 
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Call Girls in Nagpur High Profile
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...MOHANI PANDEY
 
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...tanu pandey
 
2024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 292024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 29JSchaus & Associates
 
Climate change and occupational safety and health.
Climate change and occupational safety and health.Climate change and occupational safety and health.
Climate change and occupational safety and health.Christina Parmionova
 
Climate change and safety and health at work
Climate change and safety and health at workClimate change and safety and health at work
Climate change and safety and health at workChristina Parmionova
 
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...SUHANI PANDEY
 
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...tanu pandey
 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Regional Snapshot Atlanta Aging Trends 2024
Regional Snapshot Atlanta Aging Trends 2024Regional Snapshot Atlanta Aging Trends 2024
Regional Snapshot Atlanta Aging Trends 2024ARCResearch
 
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore EscortsVIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escortsaditipandeya
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxtsionhagos36
 
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...ranjana rawat
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...ranjana rawat
 

Recently uploaded (20)

Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
 
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
 
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
 
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
 
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
 
2024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 292024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 29
 
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
 
Climate change and occupational safety and health.
Climate change and occupational safety and health.Climate change and occupational safety and health.
Climate change and occupational safety and health.
 
Climate change and safety and health at work
Climate change and safety and health at workClimate change and safety and health at work
Climate change and safety and health at work
 
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
 
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Bhavnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
 
Regional Snapshot Atlanta Aging Trends 2024
Regional Snapshot Atlanta Aging Trends 2024Regional Snapshot Atlanta Aging Trends 2024
Regional Snapshot Atlanta Aging Trends 2024
 
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore EscortsVIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptx
 
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
 

Clasify information in education field

  • 1. CLASSIFICATION OF INFORMATION IN EDUCATION FIELD Prof. NEBOJŠA STEFANOVIĆ
  • 2. DEFINITION AND CLASSIFICATION OF INFORMATION • A set of new data about a fact, an event that increases The former level of knowledge. • Area of education is particularly dynamic In the receipt and exchange of information. • Setting security objectives. • The method receives information which unambiguously corresponding categorical tag represents the degree of sensitivity of information classification. • In accordance with a defined level of categories of managed information. 2
  • 3. CLASSIFICATION OF INFORMATION - TYPES SECRECY –PRESENT SITUATION • The level of impact of information is associated with the activities of the commissioner for information of public importance and personal data protection • Area classification is regulated by the law legislation. • Generally, information according to the type of secrecy are divided into the following categories: • ARMY, • STATE, • OFFICIAL. 3
  • 4. TYPES AND DEGREE SECRECY OF INFORMATION Certain types of classification to be added • Business and • Professional secret. The degree of secrecy is generally defined as state, strictly confidential, confidential and internal without determining the degree of classification. Wrong assumption that all other information that does not belong to the above treated as public information, phone numbers, addresses, .. (except personal). 4
  • 5. INFORMATIONS - INFORMATION SYSTEMS Different approach presented in this paper is based primarily on the integration of informations - information systems (IS) is based on a holistic approach to classifying information, the establishment of sustainable processes and operational implementation of categorization. 5
  • 6. SAFETY CATEGORY Security categories are based on the potential impact of events on the institution that endanger information and IS in accomplishing assigned tasks, asset protection, fulfillment of legal obligations and maintenance functions and the protection of individuals. The proposed three levels of influence • LOW, • MODERATE AND • HIGH 6
  • 7. SECURITY OBJECTIVES Mandatory security objectives are: • CONFIDENTIALITY, • INTEGRITY AND • THE AVAILABILITY OF INFORMATION Definitions: CONFIDENTIALITY - Represents preserving authorized restrictions on information access and disclosure, including means for personal privacy and information about property ownership. The loss of confidentiality is the unauthorized disclosure of information.7
  • 8. SECURITY OBJECTIVES • INTEGRITY - Is protection of the improper information modification or destruction of information, and includes providing information of authentication and non-repudiation. Loss of integrity is the unauthorized modification or destruction of data. • AVAILABILITY - Is the provision of timely and reliable access to and use of information. The loss of availability to interrupt access to or use of data or availability of an information system. 8
  • 9. LEVEL OF INFLUENCE • The potential impact is low if the loss of confidentiality, integrity and availability of such is to be expected limited negative impact on business operations, assets, or individuals. • The potential impact is moderate if the loss of confidentiality, integrity and availability such that it can be expected to have a serious negative impact on business operations, assets, or individuals and can cause significant drop capabilities in scope and duration that the institutions are able to perform as its primary function, 9
  • 10. LEVEL OF INFLUENCE • The potential impact is high if the loss of confidentiality, integrity and availability such that it can be expected to have a severe or catastrophic adverse effect on the operations or individuals. • Serious or catastrophic adverse effect means that, loss of confidentiality, integrity and availability may cause a serious decline or loss of ability in relation to the scope and duration so that the institution is unable to perform one or more of its basic functions and result in great damage on resources, large financial losses or cause a serious or catastrophic harm to individuals resulting in death or serious life threatening injuries. 10
  • 11. SECURITY CATEGORY EXPRESSION FORM SAFETY CATEGORY(TYPEOFINFORMATION) = {[(COFIDENTIALITY, INFLUENCE,); (INTEGRITY, INFLUENCE); (AVAILABILITY, INFLUENCE)} 11
  • 12. A METHOD OF CATEGORIZING • The methodology used to identify the type of information is as follows: • Identifying core business areas and tasks which supports IS considered; • Identifying the internal and / or external operations for each business area and the assigned task, area or business flows and description of IS in functional terms; • Identifying sub function necessary for the performance of each business areas or activities; • Identifying the main types of information with the identified sub-functions where necessary. 12
  • 13. 13 1 2 3 5 IDENTIFY THE TYPE OF INFORMATION CHOOSE THE TEMPORARY LEVE IMPACT INFORMATION CRITICAL EVELUATION ALLOCATED TO LEVEL OF INFLUENCE INFORMATION HARMONIZE LEVEL IMPACT OF INFORMATION ASSIGN SECURITY CATEGORY OF INFORMATION RECOMMENDATION FOR LEVEL IMPACT OF THE INFORMATION SYSTEM 4 RECOMENDATION FOR LEVEL IMPACT COMMON TYPE OF INFORMATION RECOMENDATION FOR LEVEL ON INFLUENCE OF SPECIFIC TYPE OF INFORMATION ASSIGN SAFETY LEVEL INFORMATION SYSTEM
  • 14. IMPLEMENTATION OF CLASSIFICATION • For the classification of confidential information in each educational institution it is necessary to establish a special expert working group to identify confidential information, ways of storing, transmitting, copying and destroying them. 14
  • 15. MANAGEMENT • Operating results of educational institutions consist of common and specific types of information. 15
  • 16. Management Information and technology management Information resource management Development system Human Resource Management Life Cycle / Change Management Human Resource Management IT security Manage earnings / expense reimbursements Information management information Training and development resources Financial management Manage confidentiality checks Accounting Employment Finances Administration Management Collections and receivables Facility Management / Time / Equipment Asset and Liability Management Ancillary services of the institution Reporting and information Security Supply Chain Management Management Procurement of goods Workplace Management and Development Policy Inventory control Maintenance system Procurement service Logistics management 16 THE BUSINESS MODEL OF EDUCATIONAL INSTITUTIONS
  • 17. OTHER FACTORS When the educational institution determines the level of influence and categorize safety by applying the above criteria, considering the effects on safety for each type of information, analyzing the aforementioned conditions in the table below: • Factors confidentiality common information • Factors integrity common information: • Factors availability of common information 17
  • 18. CATEGORIZATION OF INFORMATION IN EDUCATION FIELD. SECURITY OBJECTIVES LOW MODERATE HIGH Confidentiality Keeping the authorized limit access to information and discovery, including the means for personal privacy and ownership information. Unauthorized disclosure of information may have limited negative impact on business operations, assets, or individuals. Unauthorized disclosure of information may have a serious negative impact on business operations, assets, or individuals. Unauthorized disclosure could have serious or catastrophic bad impact on business operations, assets, or individuals. Integrity Storing information from unauthorized modification or destruction, and includes ensuring non-repudiation and authenticity of information. Unauthorized modification or destruction of information can have a limited negative impact on business operations, assets, or individuals. Unauthorized modification or destruction of information can have a serious negative impact on business operations, assets, or individuals. Unauthorized modification or destruction of information can have a severe or catastrophic adverse effect on business operations, assets, or individuals. Availability The provision of timely and reliable access to and use of information. Obstruction of access to information system or the use of data or may have a limited negative impact on business operations, assets, or individuals. Obstruction of access to information system or use of data can have a serious negative impact on business operations, assets, or individuals. Obstruction of access to information system or use of data can have serious negative or disastrous bad impact on business operations, assets, or individuals. 18
  • 19. RECOMMENDED SECURITY LEVEL INFORMATION Security categorization support the transfer of inf. Confidentiality Integrity Availability Public affairs Relations with local government / Ministry Moderate Moderate Low Jobs educational institutions Execution of the function of education Low Low Low Human Resources Management Strategy and Human resource management Low Low Low Internal risk management services Recovery costs of information system Moderate Low Low Information and management system System development Low Moderate Low IT System maintenance Moderate Moderate Niska Maintenance of infrastructure IS Niska Moderate Moderate 19
  • 20. WHICH WAY TO GO • Creating a catalog of information • Determining the degree of granulation information 20
  • 21. BUSINESS AREAS MINISTRY OF EDUCATUON REPUBLIC OF SERBIA • Information in the primary, secondary and vocational education, • Information in higher education • Other types of information in education, • Information regarding counseling and types of consulting information, • Information related to permits and licenses, • Information related to the implementation and respect of legislation regarding inspection and audit, • Information about the security of certain kinds of information, • Information related to the information system and monitoring networks • Information exchange type of information, • Information of general-purpose and statistical information 21
  • 22. CONCLUSION • Disorganized system of protection of information is reflected in security. • The awareness of employees about the importance of compliance with data protection regulations still not at a satisfactory level. • Adopting regulations, directives and other regulations governing protection of information and practical application in dealing with classified information and continuous training of employees in the areas of information security. • Join the categorization of information by defining security objectives. • Access and categorization of is that create, preserve, process and transmit such information. • Security categorization does not require the investment 22