The Security Administrator agrees that the set of labels mandated by the legal department is a good start but realizes that the labels need to be analyzed further before they can be encoded.
The PROPRIETARY/CONFIDENTIAL: INTERNAL_USE_ONLY label is for information that is proprietary to the company but which, because of its low level of sensitivity, may be distributed to all employees, all of whom have signed nondisclosure agreements before starting employment. Information with this label may also be distributed to others such as the employees of vendors and contractors, as long as each person who receives the information has also signed a nondisclosure agreement. Because the Internet may be snooped, information with this label may not be sent over the Internet, but it may be sent via email within the company.
Memos containing spending guidelines |
Internal job postings |
The PROPRIETARY/CONFIDENTIAL: NEED_TO_KNOW label is intended for information that is proprietary to the company, has a higher level of sensitivity than INTERNAL_USE_ONLY, and has a more limited audience. Distribution is limited to employees who have a need to know the information and to others who have signed nondisclosure agreements who also have a need to know.
For example, if only the group of people working in a particular project should see certain information, then NEED_TO_KNOW should be used on that information. People who receive information with this label can copy it and pass it on to other people who also have a need to know and have signed a nondisclosure agreement. Whenever information should be restricted to a particular group, the name of the group should be specified on the printed or otherwise-copied version of the information.
Having the name of a group in this label makes it clear that the information should not be given to anyone outside of the group. Information with this label may not be sent over the Internet but it may be sent via email within the company.
Product design documents |
Project details |
Employee Status Change Form |
The PROPRIETARY/CONFIDENTIAL: REGISTERED classification is intended for information that is proprietary to the company, has a very high level of sensitivity, and could significantly harm the company if released to the wrong parties or if it was released at the wrong time. Registered information must be numbered and tracked by the owner. Each copy must be assigned to a specific person and returned to the owner for destruction after being read. Copies may be made only by the owner of the information. Use of brownish-red paper is recommended because this color cannot be copied.
This label is to be used when only one specific group of people should be allowed to see the proprietary information. This information cannot be shown to anyone who is not authorized by the owner, and it cannot be shown to employees of other companies who have not signed a nondisclosure agreement--even if the owner authorizes them to see it. Information with this label may not be sent via email.
End of quarter financial information not yet released |
Sales forecasts |
Marketing forecasts |
The Security Administrator decided that the NEED_TO_KNOW label should contain the names of groups or departments. The Security Administrator asked for suggestions about what words to use to define groups or areas of interest within the organization, and came up with the following list.
Engineering |
Executive Management |
Finance |
Human Resources |
Legal |
Manufacturing |
Marketing |
Sales |
System Administration |
The next step is to decide:
How to encode the labels into the classifications and compartments that make up sensitivity labels and clearances,
What kinds of handling instructions should appear on printed output.
The Security Administrator used a large board and pieces of paper marked with the words that should be in the labels, as shown in Figure 5-7, to visualize the relationships and rearrange the pieces until they all fit together.
The administrator came up with the following:
The four labels are hierarchical with the label containing REGISTERED the highest and the PUBLIC label the lowest.
Only one label needs to be associated with group names
The list of those cleared to receive registered information is limited on a case by case basis, so REGISTERED does not need any group names. INTERNAL_USE_ONLY applies to all employees and those that have signed nondisclosure agreements, and PUBLIC labels are for everybody, so neither of these labels needs further qualification. The NEED_TO_KNOW label does need to be associated with non-hierarchical words, such as NEED_TO_KNOW MARKETING or NEED_TO_KNOW ENGINEERING. The words that identify the group or department can also be included in a user's clearance, as part of establishing that user's need to know.
Each of the labels except PUBLIC require that the person accessing the information must have signed a nondisclosure agreement.
A phrase such as NON-DISCLOSURE AGREEMENT REQUIRED would be a good reminder that this requirement exists.
The handling instructions on banner and trailer pages should have clear wording on how to handle the information based on the classification and on any group name that may appear in the label.
Along with information on the sensitivity of the printer output, handling instructions should remind the reader that a nondisclosure agreement is required for any output whose label requires it.