I just saw this post on Slashdot about 0bama saying that classified means whatever it needs to mean. It reminds me of how data classification is treated as an information risk management function in the enterprise: mostly non-existent:
Data classification programs that do exist are typically a joke whereby IT and security handles everything with no involvement from the business or legal or legal handles everything with IT and security being out off the loop altogether. I wrote an article related to this for Ziff Davis a couple of years ago:
The funny thing about “confidential” information
…I’m not even sure why we bother going through the motions...it’s like security policies that are not enforced – who are we kidding!?
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”