Sensitive (or restricted) Information is data from a company or organization that is generally not regulated but that requires very important protections of its confidentiality, integrity and availability. Examples of sensitive or restricted information from a small to medium sized business include: salary information, organizational charts, and acquisition targets.
Protections: Implement the principle of least privilege whenever possible with sensitive or restricted data on your company, set up discretionary or better yet, mandatory access controls, always shred sensitive and restricted documents and keep them locked up when not in use. Companies should codify and communicate protection requirements of sensitive/restricted data within their Information Handling Policy and have employees sign off on their requirements to protect this data. CyberHoot makes an Information Handling Template available for free for paid users of our system.