Thursday, October 1, 2015 -
10:00am to 11:30am

Location Details: 

Information Technology Dept.

Room 208V

4201 Normandy Street North

Bismarck, ND 58503

Meeting Agenda:

  • Data Architecture Standards final review
  • Data Classification Examples
  • Open Discussion

Meeting Recap:

  • The team briefly discussed the need to return to the recently reviewed standards and ensure they are ready for a survey. The Security Best Practices document is in draft on the EA SharePoint site and can be edited.
  • Data Classification was once again the main topic of the meeting, and much progress was made in clarifying the scope of the effort and what the end result will be.
  • There are concerns about how to apply data classification in some cases, especially with things like multiple datasets that might be low sensitivity in aggregate form, but as smaller record sets could result in the data being more sensitive. Also with Business Intelligence tools, aggregate data that is generated dynamically could be highly sensitive, but is not stored as a dataset and classifying that data may not be possible.
  • New datasets can be difficult to classify because it’s not always clear how the data will be used in the future.
  • The Attorney General’s Office defines open records requests so there is no need to address that in EA standards or guidelines.
  • The group felt that Data Sensitivity would be a more accurate title for what we are trying to do, which is to classify the datasets from a security perspective only, so that the proper controls can be applied to the dataset. True Data Classification includes things like how important availability of the data is to business continuity, among others, and falls beyond the scope of this effort.