Creation of Information Assets Inventory and Classification According to Confidentiality Degrees
Information assets, refer to any data stored, produced and/or processed by an institution.
Information assets can be personal and commercial information of customers, private financial information about the organization, information about products and services, sensitive personal information about employees and other important data.
The degree of confidentiality of information assetsis determined to the extent that the security and confidentiality of the data must be protected, and may vary according to the content of this data, their intended use and other factors.
Information assets are classified according to their degree of confidentiality. This classification is made in order to determine the necessary measures to ensure the security of data and protect its confidentiality. For example, customers' personal information or an organization's financial information may have a higher level of confidentiality because this data could have serious consequences if it falls into the hands of unauthorized persons. In addition, this classification ensures that the necessary precautions are taken for the correct and up-to-date storage, processing and backup of data.
Gizlilik sınıflandırmaları, TSE’nin Bilgi Varlıklarının Gizlilik Derecelerine Göre Sınıflandırılması Kriteri (TES K 523’e göre gerçekleştirilir.
One of the most important cyber security vulnerabilities/risks in institutions is data leakage. To prevent data leakage, the following basic steps can be followed, based on classified information assets:
1-Access Controls: Access controls can be created to protect the security of classified data. These controls enable access to data only for authorized personnel and aim to prevent unauthorized access.
2-Encryption: Data can be encrypted to increase the security of the data. Encryption can prevent unauthorized access and maintain the security of data if data is leaked.
3-Data Monitoring and Detection: Leaks need to be detected first and resolved quickly. Therefore, data monitoring and detection systems must be installed. These systems can instantly detect data leaks and other potential security threats and make it possible to respond.
4-Policies and Procedures: Institutions should establish policies and procedures to prevent data leakage. These policies and procedures determine how to act with regard to data security and privacy and must be implemented by all personnel.
5-Education: Awareness in this area should be increased by training all personnel on data security and privacy issues. Trainings have an important role in preventing potential security threats by ensuring that the necessary care and attention is paid to the security and confidentiality of data.
