
CYB 410 Project Two Milestone One Guidelines and Rubric
Data Inventory and Data Classification
Overview
It is important to understand the different kinds of data that an organization is collecting. As a cybersecurity analyst, you need to know the data. Know the criticality of the data you organize and analyze, and the impact on the organization in case of a breach or loss of data. As you develop the data life cycle plan, keep in mind that one of the goals is to protect the confidentiality, integrity, and availability of the organization’s data. Consider the following questions:
- Is some information highly confidential?
- Would your company be at risk if certain data were leaked?
- Would your customers be at risk?
- What if your data disappeared?
As a security analyst, you will use your adversarial mindset to view this task.
Part of data life cycle management and risk management is to classify the data. Classifying data can vary between organizations. Classification is based on the criticality of the information and the risks of possible attacks. For example, in the case of a data breach, a customer’s email address would be considered low risk. However, a customer’s credit card information or Social Security number would be high risk so it would have higher security protection. Data classification is simply a way of grouping the data based on its level of criticality. This classification allows for varying degrees of security protection for each group.
Scenario
You are part of a cybersecurity consulting firm that has been hired to help Green Thumb Nursery develop its risk management plan. The initial round of on-site, in-person interviews has already been conducted by your leadership team and you are tasked with helping the team complete the finalized documentation for the data life cycle plan. This plan includes performing a data inventory to identify data that is critical to the organization in order to implement a data classification standard.
Prompt
Using your expertise as a cybersecurity consultant, complete the Data Inventory and Data Classification tab in your Project Two Milestone One Template, which is linked in the What to Submit section below. One row of the template has been completed to provide you with an example. Begin by reviewing the Classification Matrix tab to learn about the categories used for data classifications. You must address the critical elements listed below.
- Data Inventory: Using the components listed in the System Resource/Component column, complete the Data Inventory column.
- Identify the appropriate types of data found in each system resource/component.
- Data Classification: Using the information in the Data Inventory column, complete the Data Classification column.
- Apply the appropriate classification to the data you identified in your data inventory.
- Justification: Complete the Data Classification Justification column.
- Justify your rationale for applying each classification.
What to Submit
Submit the completed Project Two Milestone One Template for the data life cycle. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.xlsx.