Skip to main content

023: Identify Critical Assets

Overview

Critical Data Assets are defined here to be Mission-critical which require special data security and/or cryptographic requirements, such as in the Defense or Military industries.

Such resources are, either permanently or temporarily, accessible only to a very limited set of users, and never shared with personnel outside of the organization. Examples include documents with secret product design plans or formulas, critical PII for VIP employees or customers, undisclosed financial or business results, high value R&D and exploration data, etc.

Identify emails (not individually, but as patterns, e.g. "email sent to the executive board that discuss undisclosed financial results"), documents and other data assets that can be considered critical data assets. This step will not be applicable for most industries and most organizations.

Also identify the optimal means for detecting such data. Data that resides in a specific document that would never be transformed into other formats or incorporated into other documents can be just labeled accordingly, so the label will always travel with the document allowing easy identification. Content that can be transformed into other formats or copied in part or in full in other documents but that is only valuable if present in complete or semi-complete form (e.g. some forms of source code and CAD designs or numerical data) can be detected using fingerprints with full or high percentage match. Content that can be transformed into other formats or copied in part or in full in other documents and that is only valuable even if only obtained in part (e.g. financial results, product plans, etc.) can be detected using either labels that don't allow for copying and which include dynamic watermarks, or via fingerprints configured for partial match.

Reference