Sensitive (Restricted) Information

3rd February 2020 | Cybrary Sensitive (Restricted) Information


Sensitive (or restricted) Information is data from a company or organization that is generally not regulated but that requires very important protections of its confidentiality, integrity and availability. Examples of sensitive or restricted information from a small to medium sized business include: salary information, organizational charts, and acquisition targets. 

Protections: Implement the principle of least privilege whenever possible with sensitive or restricted data on your company, set up discretionary or better yet, mandatory access controls, always shred sensitive and restricted documents and keep them locked up when not in use.  Companies should codify and communicate protection requirements of sensitive/restricted data within their Information Handling Policy and have employees sign off on their requirements to protect this data.  CyberHoot makes an Information Handling Template available for free for paid users of our system.

Related Terms: Critical Information, General Information

For more information on four Levels of information asset classifications, please watch this video…

CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like: 

Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Top 10 Emerging AI-Based Threats Every Business Must Prepare For

Top 10 Emerging AI-Based Threats Every Business Must Prepare For

Artificial Intelligence (AI) is transforming productivity and efficiency, but it’s also arming cybercriminals...

Read more
Microsoft Rolling Out Token Protection: Practical Guidance for MSPs

Microsoft Rolling Out Token Protection: Practical Guidance for MSPs

Part 2 of Our Microsoft Entra Security Series In Part 1, we explored how Microsoft’s Token Protection...

Read more
Why Traditional Phishing Tests Fail — And How the Latest Research Proves It’s Time for a Change

Why Traditional Phishing Tests Fail — And How the Latest Research Proves It’s Time for a Change

For years, organizations have relied on fake email phishing simulations to measure employee resilience to...

Read more