An posting from Dark Reading about Developing Data Classification For Stronger Database Security:
Data discovery may be an important early step in developing a sound database security program, but in the end it’s just the first step. Ultimately data security controls have to be driven by the different sorts of risk faced by the various types of data that need protection. And the only way to assess the risks to those different types of data is to classify that data based on priorities that matter to the business. It may not sound like a glamorous task, but data classification provides a critical foundation for managing risk to data both outside and within the database.
“A risk-based approach to security requires an understanding of the value, sensitivity or importance of the information when determining appropriate security controls,” says Andrew Wild, CSO of Qualys. “When most people think of data classification, they envision assigning a classification level to documents, spreadsheets and presentations. However, organizations have a tremendous amount of information stored in database systems, and it is important to ensure this structured data is properly classified as well.”
To read more click here: