Information Protection and Data-Centric Security Management: Data Classification Workshop

Thursday, October 24, 2019

The purpose of this workshop is to discuss the challenges and opportunities with data classification in the context of data management and information protection to support various business use cases. The outcome of the workshop will help the National Institute of Standards and Technology (NIST) develop a National Cybersecurity Center of Excellence (NCCoE) demonstration project that may be divided into multiple phases to support the full life cycle of managing information security at the data level and demonstrating compliance. We recognize that policies and controls are necessary to secure the data, but the initial scope of this project will focus on classification.

 

Data Classification

There are a few NIST guidelines and practices for data security, but data classification—a key foundational element—is not well defined. Data classification is a mechanism to help organizations determine the type of data, its criticality with respect to a categorization schema, the adequate access level, and the level of protection.

Data classification is an activity that is often overlooked. And, there is limited guidance available covering taxonomy, methodology, and practical approaches to help organizations discover, classify, and label data. Several challenges related to data discovery and classification are driven by the fact that:

  • Data is everywhere—on devices (e.g., laptops, desktops, mobile) and in applications running in an on-premise and/or outsourced environment, and/or in the cloud.
  • Relying on end users to identify and classify is error prone and often incomplete.
  • There is a lack of common definitions and understanding of classifiers, which results in the same information potentially being classified and labeled in a contradictory manner.
  • Lack of persistence of the label in the Information that are interoperable across various vendor technology clients and tamper detectable.
  • There are inconsistent global standards across technologies and industries.

About the Workshop

During the workshop, NIST will present a summary of existing and ongoing work related to data classification, data security, data-centric threat modeling, and zero-trust architecture. Next, industry and other parties will present their views of the challenges in data discovery and classification, and recommended approaches and practices to address the challenges with managing the security of the data throughout its lifecycle driven by the business use cases to support the organizations’ mission. NIST welcomes input from workshop participants on all aspects of the planned NCCoE demonstration project, including the proposed scope, use cases, technologies to be considered, and sources of specifications and guidance. NIST will use the findings and feedback received from the workshop to develop a project description that will be released for public review. Then, NIST will solicit organizations to directly collaborate on the technical project and development of its outputs.

A final agenda is coming soon.

Register Today!

The workshop is free and open to the public; however, advance registration is required. Please complete this short form by October 21, 2019.

For our international visitors, registration is suggested no later than October 17, 2019, to allow for the registration process. Please download this file and fax the hard copy to 301-975-0321. Once the form has been faxed, email keri.bray@nist.gov to confirm receipt.

Logistics:

Date/Time: Thursday, October 24, 2019. Check-in begins at 8:30 a.m. The formal program begins at 9 a.m. and concludes at 1 p.m.

Location: NCCoE, 9700 Great Seneca Highway, Rockville, Maryland 20850

Dress: Business Casual

Note: This is not a virtual event. You must join us in person at the NCCoE to attend this event.

Questions? Please email your questions to data-nccoe@nist.gov.