1

I'm studying for the CISSP exam and trying to wrap my mind around the term "declassification". Can someone provide a practical example?

I get that declassification is necessary once "an asset no longer warrants or needs the protection of its currently assigned classification or sensitivity level" but I'm still struggling to think of an example here.

If I "downgrade" or "upgrade" an asset to a different classification level, would that be considered "declassification"? The "de" part of it makes me think that we're completely removing the classification label all together instead of changing it.

Mike B
  • 3,336
  • 4
  • 29
  • 39
  • Declassification is removing the classification, not downgrading it to a lower one. E.g. Restricted documents becoming unclassified. Though, this definition can probably vary by country, CISSP will be the US definition. Reclassification is "upgrading" or "downgrading" the classification. – Arlix Apr 18 '17 at 16:23
  • I'm not sure how this specifically relates to *Information Security*, but to me *declassification* is simply removing the classification from something. An example might be a message sent back by your embassy in another country 30 years ago. Back then it was sensitive, now it's a historic document, which may be of interest to researchers. – Simon B Apr 18 '17 at 16:25
  • "declassification" is a down-level "reclassification" imho. – dandavis Apr 18 '17 at 22:46

0 Answers0