Contributed by Organizations or Campuses and Data Security

The purpose of this policy is to protect the confidentiality, integrity, and availability of Pima Community College data.

The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world. This report seeks to answer the following questions;

• Who is behind data breaches?
• How do breaches occur?
• What commonalities exist?
• Where should mitigation efforts be focused?

Ohio State University's policy includes institutional data procedures and resources. It also defines the scope and applicability of the policy, as well as enforcement.

Louisiana State University's Best Practices for Sensitive Data covers the following: Electronic Handling, Storage and Disposal; Physical Handling, Storage and Disposal; Security; and Legal Disclosure Requirements.

These are Asset Classification resources from the IT Security Guide wiki created by the EDUCAUSE Security Task Force and Internet2. This wiki includes resources on Accountability of Assets. Inventory of Assets, and Information Classification.

This is George Washington University Data Classification Security Policy.
The purpose of this policy is to educate the University community about the importance of protecting data generated, accessed, transmitted and stored by the University, to identify procedures that should be in place to protect the confidentiality, integrity and availability of University data, and to comply with local and federal regulations regarding privacy and confidentiality of information.

This University of Texas at Austin Data Classification Standard serves as a supplement to the IT Security Operations Manual, which was drafted in response to Texas Administrative Code 202 and UT System UTS-165. Adherence to the standard will facilitate applying the appropriate security controls to university data.

The objective of this standard is to assist data stewards, IT owners and custodians in the assessment of information systems to determine what level of security is required to protect data on the systems for which they are responsible.

The E-Government Act of 2002 (Public Law 107-347), recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, entitled the Federal Information Security Management Act of 2002 (FISMA), tasked NIST with responsibilities for standards and guidelines, including the development of:
- Standards to be used by all federal agencies to categorize all information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to a range of risk levels;
- Guidelines recommending the types of information and information systems to be included in each category; and
- Minimum information security requirements (i.e., management, operational, and technical controls), for information and information systems in each such category.

This state policy is intended to provide a high-level data classification methodology to state agencies for the purpose of understanding and managing data and information assets with regard to their level of confidentiality and criticality. Accurate identification provides a basis to employ an appropriate level of security. This policy applies to Ohio State University.

Review of news sources and databases shows an increase in the number of both security incidents and affected institutions in the last year.