Chief information officers need to take a leading role in setting up formal information classification schemes to stop them over-engineering them to comply with security regulations, according to a report from the Information Security Forum (ISF).
The ISFsaid that information classification systems were overly complex. "As a result they rarely deliver business benefits and are often simply ignored," it said.
Now me and all my geeky friends just love us some multi-layered processes and classification schemes that look like flow-charts of Merovingian Dynasties, but you know, most people don't. Stange as it may seem, most folks just want to do their jobs, and if you make it too difficult for them, they will bypass your marvelous system, or in the case of data classification, underclassify it to avoid hassling with additional layers of crap. Make it easier for them to do the right thing, will ya?