Thursday, June 7, 2012

Companies Urged to Security Classify their Information

Australia - Private companies must institute a classification system similar to the one used by spies and the military, assigning confidential, secret or top-secret status to information rather than assuming computer networks can be defended from increasingly sophisticated cyber attacks.


The former head of the Defence Signals Directorate's highly secretive Cyber Security Operations Centre, Tim Scully, has called for a reorganisation of cyber security, saying the present approach focuses too much on protecting networks and not the information in them. 

He said the private sector must begin to think like government and create a classification system that reflects the value and sensitivity of the information in its possession.

From there, risk assessments can be performed about how, if at all, the most sensitive information is conveyed across the internet. Under the new national security classification system information is marked protected, confidential, secret or top-secret.

The most sensitive information is then "air-gapped" - or stored on a closed network not accessible via the internet. (more) (see also) (see also)