SECURITY CLASSIFICATION FOR DOCUMENTS

Profitability of organizations is ultimately dependent on the effectiv eness with which they exchange, gather, process, retrieve, link, contr ol, share, manage and, above all, protect their data and information. All these processes, however, require that the right information be ma de available to the right person or persons at the right place and at the right time. Costly lessons learnt with regard to information secur ity controls introduced over the past number of years made it abundant ly clear that it was vital, especially in a commercial environment, ci rcumspectly and discreetly to apply counter-measures for the protectio n of information. A widely used mechanism with which to determine appr opriate and effective countermeasures for the protection of informatio n is to classify the said information. Most modern organizations class ify their transaction-based data, for example(3), that information gen erated by orders and invoices, for the purposes of access control. The question that arises, however, is this: How many organizations classi fy their written communication, i.e. that contained in documents? All the information contained in documents represents the transaction-base d data of an organization, and has a far more critical impact on its p rofitability than any other security factor. This paper has as its obj ect the laying down of guidelines for the security classification of s uch documents. Documents are, by definition, mostly used as vehicles f or the exchange of information not only within, but also between and a mong organizations. Important fundamentals on which this paper is base d are as follows: the security requirements of specific categories of documents, the various processing stages of documents, such as draft a nd final, and the contents and structure of documents. In addition, th e concept of information capability will be introduced. (The term ''in formation capability'' imports the ''amount'' of information added to the data already contained in a document by means of the structural pr operties of that document.) The model that will be devised on the stre ngth of this paper will promote the consistent classification of docum ents and is intended for integration with commercial software products that command document processing capabilities, for example, document management systems and groupware.