Information sensitivity
Encyclopedia
Information sensitivity is the control of access to information
or knowledge
that might result in loss of an advantage or level of security if disclosed to others who might have low or unknown trustability or undesirable intentions.
Loss, misuse, modification or unauthorized access
to sensitive information can adversely affect the privacy
or welfare of an individual, trade secret
s of a business or even the security
, internal and foreign affairs
of a nation depending on the level of sensitivity and nature of the information.
generally refers to information that is subject to special security classification regulations imposed by many national governments. The term "Unclassified" as used in the below refers to information that is not subject to security classification regulations. Information can be reclassified to a different level or declassified (made available to the public) depending on changes of situation or new intelligence.
However, there are situations in which the release of personal information could have a negative effect on its owner. For example, a person trying to avoid a stalker will be inclined to further restrict access to such personal information.
A person's SSN
, credit card numbers, and other financial information should be considered private, since their disclosure might lead to crime
s such as identity theft
or fraud
.
Some types of private information, including records of a person's health care
, education, and employment may be protected by privacy
laws in some cases. Disclosing private information can make the perpetrator liable for civil remedies and may in some cases be subject to criminal penalties.
s as described in the "Economic Espionage Act of 1996
". In practice, it may include sales and marketing plans, new product plans, and notes associated with patentable inventions. In publicly held companies, confidential information may include "insider" financial data whose disclosure is regulated by the United States Securities and Exchange Commission
.
of a project
, document
or piece of information by its relevancy to national security
. Only those with appropriate security clearance
can access information of certain sensitivity and might face additional special access restrictions.
The indicator can also be the name of a classified project such as "Project Blue Book
" or "Ultra", further restricting access to or handling of information.
Information
Information in its most restricted technical sense is a message or collection of messages that consists of an ordered sequence of symbols, or it is the meaning that can be interpreted from such a message or collection of messages. Information can be recorded or transmitted. It can be recorded as...
or knowledge
Knowledge
Knowledge is a familiarity with someone or something unknown, which can include information, facts, descriptions, or skills acquired through experience or education. It can refer to the theoretical or practical understanding of a subject...
that might result in loss of an advantage or level of security if disclosed to others who might have low or unknown trustability or undesirable intentions.
Loss, misuse, modification or unauthorized access
Access control
Access control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
to sensitive information can adversely affect the privacy
Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
or welfare of an individual, trade secret
Trade secret
A trade secret is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known or reasonably ascertainable, by which a business can obtain an economic advantage over competitors or customers...
s of a business or even the security
National security
National security is the requirement to maintain the survival of the state through the use of economic, diplomacy, power projection and political power. The concept developed mostly in the United States of America after World War II...
, internal and foreign affairs
Foreign Affairs
Foreign Affairs is an American magazine and website on international relations and U.S. foreign policy published since 1922 by the Council on Foreign Relations six times annually...
of a nation depending on the level of sensitivity and nature of the information.
Levels
The term classified informationClassified information
Classified information is sensitive information to which access is restricted by law or regulation to particular groups of persons. A formal security clearance is required to handle classified documents or access classified data. The clearance process requires a satisfactory background investigation...
generally refers to information that is subject to special security classification regulations imposed by many national governments. The term "Unclassified" as used in the below refers to information that is not subject to security classification regulations. Information can be reclassified to a different level or declassified (made available to the public) depending on changes of situation or new intelligence.
Public information
This refers to information that is already a matter of public record or knowledge.Personal information
This is information belonging to a private individual, but the individual commonly may share with others for personal or business reasons. This generally includes contact information such as addresses, telephone numbers, e-mail addresses, and so on. It may be considered a breach of privacy to disclose such information, but for most people its disclosure is not considered a serious matter.However, there are situations in which the release of personal information could have a negative effect on its owner. For example, a person trying to avoid a stalker will be inclined to further restrict access to such personal information.
Routine business information
This includes business information that is not subjected to special protection and may be routinely shared with anyone inside or outside of the business.Private information
Information is private if it is associated with an individual and its disclosure might not be in the individual's best interests. This would include a broad range of information that could be exploited to cause a person damage.A person's SSN
Social Security number
In the United States, a Social Security number is a nine-digit number issued to U.S. citizens, permanent residents, and temporary residents under section 205 of the Social Security Act, codified as . The number is issued to an individual by the Social Security Administration, an independent...
, credit card numbers, and other financial information should be considered private, since their disclosure might lead to crime
Crime
Crime is the breach of rules or laws for which some governing authority can ultimately prescribe a conviction...
s such as identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
or fraud
Fraud
In criminal law, a fraud is an intentional deception made for personal gain or to damage another individual; the related adjective is fraudulent. The specific legal definition varies by legal jurisdiction. Fraud is a crime, and also a civil law violation...
.
Some types of private information, including records of a person's health care
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 was enacted by the U.S. Congress and signed by President Bill Clinton in 1996. It was originally sponsored by Sen. Edward Kennedy and Sen. Nancy Kassebaum . Title I of HIPAA protects health insurance coverage for workers and their...
, education, and employment may be protected by privacy
Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
laws in some cases. Disclosing private information can make the perpetrator liable for civil remedies and may in some cases be subject to criminal penalties.
Confidential business information
Confidential business information refers to information whose disclosure may harm the business. Such information may include trade secretTrade secret
A trade secret is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known or reasonably ascertainable, by which a business can obtain an economic advantage over competitors or customers...
s as described in the "Economic Espionage Act of 1996
Economic Espionage Act of 1996
The Economic Espionage Act of 1996 was a 6 title Act of Congress dealing with a wide range of issues, including not only industrial espionage , but the insanity defense, the Boys & Girls Clubs of America, requirements for presentence investigation reports, and the United...
". In practice, it may include sales and marketing plans, new product plans, and notes associated with patentable inventions. In publicly held companies, confidential information may include "insider" financial data whose disclosure is regulated by the United States Securities and Exchange Commission
United States Securities and Exchange Commission
The U.S. Securities and Exchange Commission is a federal agency which holds primary responsibility for enforcing the federal securities laws and regulating the securities industry, the nation's stock and options exchanges, and other electronic securities markets in the United States...
.
Confidential
- Requires protection
- Unauthorized disclosure could damage national security e.g. compromise information that indicates the strength of armed forces or disclosure of technical information about weapons, such as performance characteristics, test data, design, and production data.
Secret
- Requires substantial protection
- Unauthorized disclosure could seriously damage national security
- Wrongful disclosure could lead to a disruption of foreign relations, impair a program or policy directly related to national security, reveal significant military plans or intelligence operations, or compromise significant scientific or technological development relating to national security
- Most classified information falls into this category
- Penalty can be a large fine and/or a 5 year to life imprisonmentLife imprisonmentLife imprisonment is a sentence of imprisonment for a serious crime under which the convicted person is to remain in jail for the rest of his or her life...
sentence
Top secret
- Requires the highest degree of protection
- Unauthorized disclosure could severely damage national security
- Wrongful disclosure could lead to war against a nation or its allies, disrupt vital relations, compromise vital defense plans or cryptologic and communications intelligence systems, reveal sensitive intelligence operations, or could jeopardize a vital advantage in an area of science or technology
- Penalty can range from 5 years to life imprisonmentLife imprisonmentLife imprisonment is a sentence of imprisonment for a serious crime under which the convicted person is to remain in jail for the rest of his or her life...
or even the death penalty if considered treasonTreasonIn law, treason is the crime that covers some of the more extreme acts against one's sovereign or nation. Historically, treason also covered the murder of specific social superiors, such as the murder of a husband by his wife. Treason against the king was known as high treason and treason against a...
Sensitivity Indicator in the USA
In the intelligence community the sensitivity indicator (aka. sensitivity label) specifies the level of secrecyClassified information
Classified information is sensitive information to which access is restricted by law or regulation to particular groups of persons. A formal security clearance is required to handle classified documents or access classified data. The clearance process requires a satisfactory background investigation...
of a project
Project
A project in business and science is typically defined as a collaborative enterprise, frequently involving research or design, that is carefully planned to achieve a particular aim. Projects can be further defined as temporary rather than permanent social systems that are constituted by teams...
, document
Document
The term document has multiple meanings in ordinary language and in scholarship. WordNet 3.1. lists four meanings :* document, written document, papers...
or piece of information by its relevancy to national security
National security
National security is the requirement to maintain the survival of the state through the use of economic, diplomacy, power projection and political power. The concept developed mostly in the United States of America after World War II...
. Only those with appropriate security clearance
Security clearance
A security clearance is a status granted to individuals allowing them access to classified information, i.e., state secrets, or to restricted areas after completion of a thorough background check. The term "security clearance" is also sometimes used in private organizations that have a formal...
can access information of certain sensitivity and might face additional special access restrictions.
The indicator can also be the name of a classified project such as "Project Blue Book
Project Blue Book
Project Blue Book was one of a series of systematic studies of unidentified flying objects conducted by the United States Air Force. Started in 1952, it was the second revival of such a study...
" or "Ultra", further restricting access to or handling of information.
See also
- EspionageEspionageEspionage or spying involves an individual obtaining information that is considered secret or confidential without the permission of the holder of the information. Espionage is inherently clandestine, lest the legitimate holder of the information change plans or take other countermeasures once it...
- Federal Standard 1037CFederal Standard 1037CFederal Standard 1037C, titled Telecommunications: Glossary of Telecommunication Terms is a United States Federal Standard, issued by the General Services Administration pursuant to the Federal Property and Administrative Services Act of 1949, as amended....
and the National Information Systems Security Glossary - Mandatory Access ControlMandatory access controlIn computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
- Seal of the ConfessionalSeal of the ConfessionalIn the Roman Catholic Church, the Seal of Confession is the absolute duty of priests not to disclose anything that they learn from penitents during the course of the Sacrament of Penance.-History:...
- Privacy protocolPrivacy protocolPrivacy protocols are guildlines intended to allow computation while still protecting the individuals involved. It can be developed from just two individuals trying to discover if they both know the same secret, without leaking information about the secret itself...