BS ISO 22396:2020 pdf free
BS ISO 22396:2020 pdf free.Security and resilience一Community resilience一Guidelines for information exchange between organizations
An information security management system should be an integrated part of the information exchange structure. Security aspects should be taken into account in the structuring of processes,systerms and controls. An information security management system should include several controls on in formation assets.
As a first step in the process of establishing the information exchange, the participating organizations should create and agree upon a classification scheme for the information, taking into consideration how the information exchange arrangement will relate to already established protocols and concepts.The classification of infor mation should be made in accordance with value, criticality and sensitivity to unaut horized disclosure or modification. Legal requirements can apply. The classification should indicate the value of the asset in terms of confidentiality, integrity and availability, and should be continuously updated throughout the whole life cycle.
The classification of information is an exclusive decision of the organization (private or public) owning the information and is decided based on operational concerns and/or the sensitivity of information.
Examples of information classification systems include the following.
一Information security management systems (see the ISO/IEC 27000 family of standards): such a framework protects the confidentiality of the information, as well as its correctness and availability by managing risks and bringing trust to the involved parties.
一The traffic light protocol (TLP): the information classification system TLP is meant to encourage greater sharing of sensitive infor mation between organizations. It allows the source of information to tag it with a colour, specifying to the recipient the terms of further distribution or disclosure.If a wider distribution than what the coding permits is required, the recipient must first consult the source who has the last word. The TLP requires a certain trust amongst the participators. The sharer must trust the receivers enough to not over-tag the information, and the receivers must trust the sharer’s reasons for tagging it with a certain colour and respect those limitations. (See Annex A.)BS ISO 22396 pdf free download.