BS ISO-IEC 27010-2015 pdf free download – Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications

02-13-2022 comment

BS ISO-IEC 27010-2015 pdf free download – Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications.
There are four informative annexes.Annex A describes the potential benefits from sharing sensitiveinformation between organizations. Annex B provides guidance on how members of an informationsharing community can assess the degree of trust that can be placed in information provided by othermembers.Annex Cdescribes theTraffic Light Protocol, a mechanism widely used in information sharingcommunities to indicate the permitted distribution of information.Annex D contains some examples ofmodels for organizing an information sharing community.
4.2Information sharing communities
To be effective, information sharing communities must have some common interest or other relationshipto define the scope of the shared sensitive information.For example, communities may be market sectorspecific, and limit membership to organizations within that one sector. Of course, there may be otherbases for common interest, for example, geographical location or common ownership.
There must also be trust between members, in particular that all members will follow the informationsharing agreement.
4.3Community management
Information sharing communities will be created from independent organizations or parts oforganizations.There may, therefore, not be clear or uniform organizational structures and managementfunctions applying to all members. For information security management to be effective, managementcommitment is necessary.Therefore, the organizational structures and management functions applyingto community information security management should be clearly defined.
Differences among member organizations of an information sharing community should also beconsidered.The differences could include:
differing legal or regulatory environments,whether member organizations already operate their own ISMS, andmember rules on protections of assets and information disclosure.
4.4Supporting entities
Many information sharing communities will choose to establish or appoint a centralized supportingentity to organize and support information sharing. Such an entity can provide many supportingcontrols such as anonymization of source and recipients more easily and efficiently than wheremembers communicate directly.
There are a number of different organizational models that can be used to create supporting entities.AnnexDdescribes two common models, the Trusted Information Communication Entity(TICE) and thewWarning,Advice and Reporting Point (WARP).
4.5 Inter-sector communication
Many information sharing communities will be sector based, as this provides a natural scope ofcommon interest. However, there may well be information shared by such communities that would beof interest to other information sharing communities established in other sectors. In such cases it maybe possible to establish information sharing communities of information sharing communities, againbased on some common interest, such as the nature of the shared information.We refer to this as inter-sector communication.
Inter-sector communication is greatly facilitated where supporting entities exist within each information sharing community, as the necessary information exchange agreements and controls can then be established between the supporting entities, rather than between all members of all communities. Some inter-sector communities will require anonymization of the source or recipient organizations; this also can be achieved by use of supporting entities.
4.6 Conformity There are a number of places where ISO/IEC 27001:2013 will need to be interpreted when applied to an information sharing community (or, for inter-sector communication, a community of communities). The first area where interpretation is required is the definition of the organization concerned. ISO/IEC 27001:2013 requires that an ISMS is established, implemented, maintained and continually improved by an organization (ISO/IEC 27001:2013, 4.4). In this context, the relevant organization is the information sharing community. However, the members of the information sharing community will themselves be organizations – see Figure 1.BS ISO-IEC 27010 pdf download.

Download infomation Go to download
Note: If you can share this website on your Facebook,Twitter or others,I will share more.
IEC 61300-2-40-2000 pdf free download – Fibre optic interconnecting devices and passive components – Basic test and measurement procedures – Part 2-40: Tests – Screen testing of attenuation of single- mode tuned angled optical connectors IEC Standards

IEC 61300-2-40-2000 pdf free download – Fibre optic interconnecting devices and passive components – Basic test and measurement procedures – Part 2-40: Tests – Screen testing of attenuation of single- mode tuned angled optical connectors

IEC 61300-2-40-2000 pdf free download - Fibre optic interconnecting devices and passive components – Basic test and measurement procedures – Part 2-40: Tests – Screen testing of attenuation of single- mode tuned angled optical connectors. 1.1Scope and...
Download Now

LEAVE A REPLY

Anonymous netizen Fill in information