Subtitles of the Movie

Two more important concepts that we need to talk about are security clearance and need to know. Now, sometimes just being authenticated or even being authorized by management isn't enough. Some data may be protected to the level that you need a little bit more than that, such as a security clearance, for example. Now, security or sensitivity levels are established to tell how much protection a piece of data or system requires and often you need a security clearance commensurate with that level of protection in order to access that data. When we talk about security clearances, we're talking about the fact that users have to have a valid, current security clearance and it has to be at the same level at least with the level of sensitivity of the data they're trying to access. So if you're trying to access data at the top-secret level for example, then it goes to follow that you must have a top-secret security clearance or higher. But a security clearance is not the only thing you need. You also have to have a valid need to know and a need to know is basically a requirement to access that information as dictated by your job or position. Frequently, managers and supervisors determine if you have the need to know. You may have the clearance, but you may not necessarily have the need to know that information. So those are two requirements you've going to have to fulfill before you get access to protected data. Now, security clearance is usually the result of any number of multiple levels of background investigation and it really depends upon what kind of clearance you're trying to get and it also depends on who's issuing the clearance. I can speak to you from a perspective of a Department of Defense security clearance and that's the context we'll talk about, but other countries, other organizations may have different requirements. In general, a security clearance usually is a result of a background investigation check and this check may include anything from just a simple credit check or a simple criminal records check to see if you've committed a felony, but it also could include a full-scope background investigation and what that may entail is an extensive history of where you lived, who your associates have been, things you've done or organizations you've been involved with, your financial situation and so forth. So it depends upon the level of clearance you're trying to get as to what will be done, how in depth your background investigation will be. Now, some levels of security clearance that you will see if you work in the US Government and these sometimes correspond with the levels in other governments, those are top-secret, secret, confidential and for official use only. And they vary in the degree that if information were disclosed to an unauthorized person as to how much damage it would to the national security posture. For example, top-secret information, if disclosed to an unauthorized person could result in exceptionally grave damage to the national security posture, whereas disclosure of information that's deemed as for official use only probably wouldn't be that serious. Still needs to be protected, but it wouldn't have the same consequences as disclosure of a higher level of classification. Now, a lot of companies and commercial entities that do business with the government usually keep those same security clearance levels. But companies can have their own security levels as well. For example, you might have company sensitive; that might be data that's like the executive payroll structure for example. You also might have proprietary data. This is data that a company needs to maintain its competitive edge, that if this data were released, then it might lose its competition or competitive place in the market and there might be public data, such as you might find on a company's public website. These are just examples of security levels. These aren't necessarily all inclusive. Your organization may be different. Your government may be different. ur organization may be different. Your government may be different.