add: [data-classification] Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book.

2018-12-22 20:07:35 +01:00 · 2018-12-22 20:07:35 +01:00 · 480a382fc3
parent 1718838f11
commit 480a382fc3
2 changed files with 43 additions and 2 deletions
--- a/MANIFEST.json
+++ b/MANIFEST.json
@ -408,12 +408,17 @@
    {
      "version": 2,
      "name": "exercise",
-      "description": "Exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise"
+      "description": "Exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise."
+    },
+    {
+      "version": 1,
+      "name": "data-classification",
+      "description": "Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book."
    }
  ],
  "path": "machinetag.json",
  "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
  "description": "Manifest file of MISP taxonomies available.",
  "license": "CC-0",
-  "version": "20181127"
+  "version": "20181222"
 }
--- a/data-classification/machinetag.json
+++ b/data-classification/machinetag.json
@ -0,0 +1,36 @@
+{
+  "predicates": [
+    {
+      "description": "Data which is regulated under a specific regulation or law such as PII, SPD, PCI or PHI.",
+      "expanded": "Regulated data",
+      "value": "regulated-data"
+    },
+    {
+      "description": "Data which represents a specific commercial value and is confidential to an organisation such as trade secrets, customer accounts.",
+      "expanded": "Commercially confidential information (CCI)",
+      "value": "commercially-confidential-information"
+    },
+    {
+      "description": "Data which represents a specific financial value to an organisation such as payroll, investment information.",
+      "expanded": "Financially sensitive information (FSI)",
+      "value": "financially-sensitive-information"
+    },
+    {
+      "description": "Data which is sensitive to the valuation of an organisation such as inside information (as defined by a Financial Services Authority).",
+      "expanded": "Valuation sensitive information (VSI)",
+      "value": "valuation-sensitive-information"
+    },
+    {
+      "description": "Data which is sensitive such as email or letters.",
+      "expanded": "Sensitive information",
+      "value": "sensitive-information"
+    }
+  ],
+  "refs": [
+    "https://www.wiley.com/en-be/Solving+Cyber+Risk:+Protecting+Your+Company+and+Society-p-9781119490920"
+  ],
+  "version": 1,
+  "description": "Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book.",
+  "expanded": "Data Classification",
+  "namespace": "data-classification"
+}