With a heightened level of data security taking place throughout the world, protecting customer data has never been more important. In this day and age, data has become a valuable commodity, and companies go to great lengths to protect it at all costs. When asked by the hiring manager, don't be afraid to offer examples of how you set data classification policies or reclassified data to a classified status with access limited to administrators for example. Also, highlight your knowledge about the different levels of data classification too (IE. Restricted, Private and Public).
"Setting data classification policy if very important, because if you don't have a policy in place, you won't know what your level of sensitivity is, which means you have no baseline or security controls to protect your data. This is an important topic to me, and I take it very seriously. My involvement goes deeper into data classification than any other team member, so I typically take the lead for data classification in three main levels. Restricted Data, Private Data, and Public Data classification. Here's how I classify these three into workable tasks.
1. Restricted Data - I apply the highest level of security to a restricted classification, because it has the highest level of risk.
2. Private Data - This one is a moderate risk level, but should still be treated as private data and protected nonetheless.
3. Public Data - Normally this level is low or no risk. While there are still controls in place, some level of control is still required."
"There are a number of different ways that classification of data can be performed. I've always had an interest in data collection and classification, which has led me into a Cyber Security occupation. Interestingly enough, many organizations collect and classify data in different ways. As a Data Steward, it is my obligation to reclassify data - this is conducted periodically - determine what frequency is most appropriate based on available - if after doing a data reclassification, it is determined that the data has changed or was modified, then I look at whether existing controls are consistent with the new data classification. If gaps are found within existing controls, they are immediately corrected."