Data Classification Quick Reference

Overview 

The University of Oregon classifies its data based on risk to the institution. The levels of data classification are Low Risk data or Green Data, Moderate Risk Data or Amber Data, and High Risk Data or Red Data. The table below gives examples of each of the data types. Each element in the table is linked back to the Data Security Classification Table where examples, data stewards, and other information may be found.

Information

Low Risk (Green)

Data is classified as Low Risk ("green") if the loss of confidentiality, integrity, or availability of the data would have minimal strategic, compliance, operational, financial, or reputational risk to the university.

Data Types:

Moderate Risk (Amber)

Data is classified as Moderate Risk ("amber") if the loss of confidentiality, integrity, or availability of the data would have moderate strategic, compliance, operational, financial, or reputational risk to the university.

Data Types:

High Risk (Red)

Data is classified as High Risk ("red" - the most sensitive/critical classification) if the loss of confidentiality, integrity, or availability of the data would have high strategic, compliance, operational, financial, or reputational risk to the university.  

Data Types:

A downloadable PDF copy of this table can be found on the Information Security Office's website.

Additional Resources

Create a Ticket Print Article

Related Articles (2)

Data Handling Quick Reference
This article is a quick reference for how to handle, transmit and dispose of sensitive data.
OneDrive: Securing Your Data
This article aims to give users some basic understanding of the security features of OneDrive and how to implement them. Individuals who handle externally regulated data (Data subject to HIPAA, FERPA, GLBA, or GDPR) and use OneDrive to store files should read this article.

Related Services / Offerings (1)

Information Security Consulting Request
Contact the Information Security Office to report data exposure, compromised investigation, along with requesting DNS Blocking, and other information security consulting services.