Effectively Explaining the Purpose of Information Classification to Employees

The topic for my Q2 2009 issue of Protecting Information was helping employees to understand why different types of information need different levels of security. Yes, this is information classification, but I describe it in a way that employees of all levels and responsibilities throughout an organization can understand, here’s how…

Information security and privacy leaders know that all information is not created equally. However, most personnel don’t really think about it. That is why it is so important to establish information classifications and then to effectively describe them to help personnel to more easily and quickly determine the types of safeguards necessary for each type of information.
However, making information classification interesting is usually a struggle for most information security and privacy leaders. The best way to get personnel to really pay attention to these types of requirements is to explain how it applies to them, personally.
I’ve found it works best to raise awareness of the need for information security and privacy activities within the workplace if you can first communicate why personnel need to be concerned about the issues involved in their own homes and personal activities. So, I’ve explained information classification using the types of items that personnel care about most in their own homes and lives.
I relate protecting different types of information to how they are more concerned about protecting some types of things in their homes, like specific photos or videos, or birthday gifts before it is time for the birthday, and how the concepts of providing different security is the same for different types of information they handle, access or otherwise use at work.
I think this is an important topic that is not addressed enough with training and awareness within organizations, so I’m making my podcast of the feature article for this issue of the Protecting Information Journal, “Different Protection For Different Information: All Information Is Not Created Equally” available for free access.
Here is the link to download the companion MP3 podcast of the featured article: http://www.privacyguidance.com/piq42009/
Here is how to download the MP3 file; it is a little over 11 minutes long:

  1. Click on the link, or copy it and paste into your browser.
  2. Right-click on Q2Spring2009ProtectingInformationPodcast.mp3 and select Save Target As… in the context menu.
  3. Select a location to save the MP3 on your computer or network.
  4. Enjoy!

I’m interested in hearing your feedback. Would this message get through to some, most or all of your employees?
If you are not an infosec or privacy leader, does this podcast help make the purpose for information classification more clear?

Tags: , , , , , , , , ,

Leave a Reply