Security Labelling Policy Study

In today’s cyber-focused world, there is a growing demand for business level communication to enable the delivery of enhanced capabilities and increased efficiency. This communication requires the electronic exchange of information; it is no longer an option to maintain isolated silos of data. However, information has different levels of sensitivity which need to be understood when determining what it is appropriate to share, with whom and what levels of security should be applied to ensure adequate protection from data leakage.

Every organisation should have an information handling policy. These policies will typically contain comprehensive details regarding handling of paper documents including protective marking schemes for sensitive documents. However, policies often do not address how the management of sensitive information should be implemented electronically within an IT system. One solution, particularly common in the public and defence sectors, is to augment sensitive information with a security label that identifies how the information should be handled. This security label needs to have a consistent electronic format and location to enable interoperability and to ensure appropriate handling.

Nexor’s Labelling Policy Definition Service will assist organisations to create labelling policies to support the implementation of data handling initiatives on IT systems.