1. Paper Review: Data Handling Guidelines
Dublin City University
Amnah Alowies Arwa Alamer
Information Security - Fall 2019
Summarized by:
2. Those guidelines provide the bases to people who are in charge of
protecting the data as it give them a way to handle and classify
these data.
Data Classification:
Controlled : The protection of the information is at the hand of the custodian and
there is a low risk of embarrassment or repetitional harm.
Restricted : Revelation, disclosure, loss of availability or integrity could hurt the
reputation, or may have a short negative impact on the financial aspect.
Highly Restricted : Disclosure could cause an exceptional or a long term damage to the
reputation, it could also put those whose information is disclosed at risk, or may have serious
impact or a long term negative financial circuses.
Data Handling Guidelines
3. these classification/activity include:
1. Access Control
2. Backup
3. Labelling
4. Physical Transfer (paper)
5. Electronic Storage
6. Electronic Transfer – Internal
7. Electronic Transfer – External
8. Disposal
9. System Controls
10.System Availability
Data Handling Guidelines
4. 1.Access Control
Controlled : Available to all users who need these information.
Restricted : Available to authorized users only. Access should be monitored and reviewed on a
regular basis. When the access is given to a third party, a non-disclosure agreement should be
taken.
Highly Restricted : Available only to those who have an absolute requirement and authorization
for access. This requirement should be submitted in a writing form and authorized by the data
custodian.
2. Backup
Controlled : Information should be protected and secured and have a backup.
Restricted : Information should be protected by backups and put in a secure location far away
from the source data.
Highly Restricted : Information should be highly secured. Backups should be taken and checked
a nightly basis. Backups should be in a secure fire-proof- place removed from the data source.
3.Labelling
Controlled/Restricted/Highly Restricted : the labels should be used to convey the importance of
the data, e.g. Confidential or Strictly Confidential.
4.Physical Transfer (paper)
Controlled/Restricted/Highly Restricted : Data should be transfer with care when it in a physical
form.
Data Handling Guidelines
5. 5. Electronic Storage
Controlled : Must be stored in a system that is accessible to those authorized under the access
control above.
Restricted : Must be stored in a system that is accessible to those authorized under the access
control above. Where information is held outside the source must be encrypted.
Highly Restricted : Must be stored in a system that is accessible to those authorized under the
access control above. Servers that hold the information must be held in a secure
environment.
6. Electronic Transfer – Internal
Controlled : Data should be encrypted when it necessary.
Restricted : if data is transform over wireless the data must be encrypted.
Highly Restricted : Data transfers have to be encrypted. Usb can not be use to transfer
sensitive personal data.
7. Electronic Transfer – External
Controlled : Data should be encrypted when it necessary.
Restricted : Data should be encrypted if it was emailed.
Highly Restricted :Data transfers have to be encrypted. USB can not be use to transfer
sensitive personal data. Data should be encrypted if it was emailed.
Data Handling Guidelines
6. 8. Disposal
Controlled : Normal fashion disposal.
Restricted /Highly Restricted: papers should be shredded and other storage media should
be disposed in a secure manner.
9. System Controls
Controlled :Data should be processed on the basis of basic best practice.
Restricted/ Highly Restricted: approved system it is the the only way to processed Data,
which is mange by designated systems manager.
10. System Availability
Controlled :To ensure the availability of the data it should be should be subject to the
appropriate industry standards
Restricted : To ensure the availability of the data when it needed it should be should be
subject to the appropriate industry standards
Highly Restricted : Data should be hosted by a resilient infrastructure if the data
availability requirement is high.
Data Handling Guidelines