Using the Data Classification Taxonomies in MISP

Using the Data Classification Taxonomies in MISP

  1. Using the Course of Action Taxonomies in MISP
  2. Using the Data Classification Taxonomies in MISP
  3. Using the Estimative Language Taxonomy in MISP

Data classification is broadly defined as the process of organising data by relevant categories so that it may be used and protected more efficiently. On a basic level, the classification process makes data easier to locate and retrieve.

In this article, I will be discussing the usage of the data-classification taxonomy for MISP events and attributes within those events. The intent of this taxonomy being categorising the value of data to provide some additional context to the information or asset being affected.

What is Data Classification?

Within the schema of MISP, this taxonomy is used to classify information so elements may be handled in an appropriate manner. Ideally, individual pieces of information would be classified using this schema which will allow the receiver to apply appropriate techniques to the information to suit their requirements.

An example how this taxonomy may be applied includes the handling of Personally Identifiable Information (PII). Should a MISP event include an email which contains personal information, that object may not be appropriate for an external entity to hold. When the attribute is tagged with data-classification:sensitive-information, a receiving MISP instance may choose to reject / remove that attribute to reduce the legislative and handling requirements for that information.


Financially sensitive information within this taxonomy attribute represents a financial value to an organisation or a person. This information may include payroll, investment of banking information (including bank account numbers and SWIFT codes).


Valuation Sensitive Information would be defined as information which may contain inside information which if disclosed or inappropriately handled could be used to commit an offence under the ‘insider trading’ category of crime.

Information defined under such schemes as Financial Services Authority, would be categorised as valuation sensitive information.


This taxonomy attribute would be used to categories attributes which would represent an email or a communication which could be considered to contain personal or private information.


This taxonomy attribute is intended to be used for data which is required to be handled under a regulation or law such as Personally Identifiable Information (PII), Payment Card Industry (PCI), or Private Health Information (PHI).


This taxonomy is intended to be used for data which would be described as commercial in confidence to an organisation, and may contain company secrets, or information would be otherwise be considered sensitive to business options (including customer accounts).

Leave a Reply

2 × 3 =