New government security classification policy introduced

A new UK government security classification policy comes into force today, describing how the government classifies information assets to ensure they are appropriately protected. The policy applies to all information that government collects, stores, processes, generates or shares.

The new scheme is part of the Cabinet Office’s ongoing efforts to improve data security across all government and public sector organisations, which are required to classify or protectively mark all of its information assets.

With the amount of data, both structured and unstructured, being created on a daily basis, understanding the value and importance of that data is increasingly relevant, and it is hoped that the introduction of the government's latest policy will encourage others to follow suit with a layered approach to information security.

Welcoming the introduction of the government's latest security policy, Martin Sugden of Boldon James, said: "Data classification brings many additional benefits over and above compliance. The metadata created by the label can be used to drive archiving, rights management and access control software. Irrespective of the legislation an organisation is subject to, data classification makes good data security sense and is best practice for a layered security approach. We hope to see private organisations take note and follow suit -- without data classification, organisations are flying blind when they allow employees to create and move data and they lose the insight into the value of the data they hold."

Sugden says getting users to label that data as they create it is the best way to ensure appropriate decision making about its storage and which partners, employees or customers should be allowed access to it. "Data classification not only empowers the user to understand the data they create, it also helps them understand the importance and business value of that data and enables the organisation to secure it appropriately," he added.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.