Description: The article provides the detailed analysis for Information Security Poicies elaboration, considering categorization of restricted access information for corporate clients, which starts to implement automated DLP and DAG systems. However, the local legislation has no clear definition of “commercial secrecy”, and each owner to the company may independently categorize the information which, in general, might be defined as confidential; as well define the procedure for operation with such type of information. Thus, the article covers: 1. Basic requirements for the structure and scope of model policy for restricted access information categories related to any type of legal entity. 2. Introduce the new definitions which ensure to avoid any conflicts in DLP and DAG systems implementation, considering its initial definition in legislation. In result, it will promote the essential decrease in risks related to illegal access to confidential information, damage of informational sources, and discredit of informational sources of the company. At that, the article provides the example of categorization in restricted access information; enlist the requirements for composition of information assets register and collects the practical recommendations for categorization of information considering the experience in implementation of access management systems to unstructured data and data security systems.
Keywords: categorization, classification, access, politics, cyber security