The security administrator agrees that the set of labels that are mandated by the legal department is a useful starting point. However, the further analysis is needed before the labels can be encoded.
The CONFIDENTIAL: INTERNAL_USE_ONLY label is for
information that is proprietary to the company but which, because of its low
level of sensitivity, can be distributed to all employees. All employees have
signed nondisclosure agreements before starting employment. Information with
this label might also be distributed to others. For example, the employees
of vendors and contractors who have signed a nondisclosure agreement can receive
the information. Because the Internet can be snooped, information with this
label cannot be sent over the Internet. The information can be sent over email
within the company.
Candidates for the CONFIDENTIAL: INTERNAL_USE_ONLY label
include the following:
-
Spending guidelines
-
Internal job postings
The CONFIDENTIAL: NEED_TO_KNOW label is intended
for information that is proprietary to the company, has a higher level of
sensitivity than INTERNAL_USE_ONLY, and has a more limited
audience. Distribution is limited to employees who need to know the information.
Other people who need to know the information and who have signed nondisclosure
agreements might also be in the audience.
For example, if only the group of people working in a particular project
should see certain information, then NEED_TO_KNOW should
be used on that information. Whenever information should be restricted to
a particular group, the name of the group should be specified on the paper
version of the information.
Having the name of a group in this label makes it clear that the information should not be given to anyone outside of the group. Information with this label cannot be sent over the Internet but it can be sent over email within the company.
Candidates for the NEED_TO_KNOW label include the
following:
-
Product design documents
-
Project details
-
Employee Status Change form
The CONFIDENTIAL: REGISTERED classification is intended
for information that is proprietary to the company, has a very high level
of sensitivity, and could significantly harm the company if released. Registered
information must be numbered and be tracked by the owner. Each copy must be
assigned to a specific person. The copy must be returned to the owner for
destruction after being read. Copies can be made only by the owner of the
information. Use of brownish-red paper is recommended because this color cannot
be copied.
This label is to be used when only one specific group of people should be allowed to see the proprietary information. This information cannot be shown to anyone who is not authorized by the owner. The information cannot be shown to employees of other companies who have not signed a nondisclosure agreement, even if the owner authorizes the disclosure. Information with this label cannot be sent through email.
Candidates for the CONFIDENTIAL: REGISTERED label
include the following:
-
End of quarter financial information that has not yet been released
-
Sales forecasts
-
Marketing forecasts
The security administrator decided that the NEED_TO_KNOW label
should contain the names of groups or departments. The security Administrator
asked for suggestions about what words to use to define groups or areas of
interest within the organization. The following items were in the initial
list:
-
Engineering
-
Executive Management
-
Finance
-
Human Resources
-
Legal
-
Manufacturing
-
Marketing
-
Sales
-
System Administration
Later, the security administrator added the Project Team group, which enabled all members of the Engineering and Marketing groups to share project data.
The next step is to resolve the following issues:
-
How to use the classifications and compartments to encode the labels and clearances
-
Which handling instructions should appear on printed output
The security administrator used a large board. Pieces of paper were marked with the words that should be in the labels, as shown in Figure 6–5. This setup graphed the relationships. The pieces could be rearranged until all the pieces fit together.
The administrator drafted the following label relationships:
-
The four labels are hierarchical with the label that contains
REGISTEREDthe highest. ThePUBLIClabel is the lowest. -
Only one label needs to be associated with group names
The list of people who are cleared to receive registered information is limited on a case by case basis. Therefore,
REGISTEREDdoes not need any group names.INTERNAL_USE_ONLYapplies to all employees and people who have signed nondisclosure agreements andPUBLIClabels are for everybody. Therefore,INTERNAL_USE_ONLYandPUBLIClabels do not need further qualification. TheNEED_TO_KNOWlabel does need to be associated with non-hierarchical words, such asNEED_TO_KNOW MARKETINGorNEED_TO_KNOW ENGINEERING. The words that identify the group or department can also be included in a user's clearance, as part of establishing that user's need to know. -
Each of the labels except
PUBLICrequires the person who is accessing the information to have signed a nondisclosure agreement.A phrase such as
NON-DISCLOSURE AGREEMENT REQUIREDwould be a good reminder that this requirement exists. -
The handling instructions on banner and trailer pages should have clear wording on how to handle the information. How to handle the information is based on the classification and on any group name that can appear in the label.
Along with information on the sensitivity of the printer output, handling instructions should print that a nondisclosure agreement is required when the label requires such an agreement.
