What do we learn about the information security classification system? Also, let us learn the three main elements of the system.
The Information Security Classification System
What is the system of an information security classification? Within the system of information security classification, we can discover three main elements:
(1) the basis for the system
(2) the categories
(3) the rules used to assign a particular level of classification to a document.
Let us discuss this in detail to know more about the three main elements.
The basis for the system
The basis for the system is one of the three main elements of information security classification. It is set into section 5 of the Cabinet Directive on the Security of Information.
So the states that classified information must be protected against unauthorized disclosure. Also, the directive further states that can be classified information may be disclosed.
Only if there is a compelling need to do so. Therefore, the directive does not specify what constitutes a compelling need or how it should be determined.
However, it does state that if there is a compelling need. So the head of an institution will have to identify any potential risks.
That involves disclosing the information. Also, ensuring that appropriate safeguards are put in place to control these risks.
That being said, it is important to note that not all government institutions are required to follow this directive. Those that are being referred to as Designated Departments.
The remaining institutions are referred to as Non-Designated Departments. While Non-Designated Departments are not directly affected by this directive.
So they are encouraged to adopt similar policies. This document is also referred to as “the Directive” throughout this text.
One important thing to note about this document. It states that it should be followed by all federal government institutions.
Also, its application does not extend beyond Canada’s borders. However, while this directive sets out some basic principles.
That regarding documents containing classified information. It does not specify what should be considered classified or how it should be done.
The Categories
The categories of information security classification. It is set out in section 5 of the Cabinet Directive on the Security of Information.
It states that information may be classified at one of three levels of the following:
- Restricted,
- Protected
- Confidential
So it is important to note here. That there is no such thing as a system where information is only classified as either confidential or secret.
Each category has its own rules and guidelines for how it should be handled and treated.
The Rules
So the rules are used to assign a particular level of classification to a document. It is set out in section 6 of the Cabinet Directive on the Security of Information.
So this section states that the head of an institution. They must decide how to classify information contained in a document or publication.
Also, they must make sure that the classification level assigned to the document is appropriate. There are two ways it is manual or automatic.
We will discuss both methods below
Manual Classification
Manual classification is the process by which each document. Also, the publication is individually examined and categorized.
It is into one of the three categories using codes or markings. So this method allows for some flexibility.
So when it comes to assigning a particular level of classification to a document.
Automatic Classification
Automatic classification is the process by which a computerized system. Also, it assigns a particular level of classification to a document.
It is based on the content of the document. So this method is considered less flexible than manual classification.
Also, it can provide an institution with more detailed reports. Moreover, statistics regarding the protection of classified information.