BS ISO IEC 27010-2015 pdf Information technology一Security techniques一Information security management for inter-sector and inter-organizational communications
8.1.3 Acceptable use of assets ISO/IEC 27002:2013, control 8.1.3 is augmented as follows: Implementation guidance Information provided by other members of an information sharing community is an asset and should be protected, used and disseminated in accordance with any rules set by the information sharing community or by the originator. 8.1.4 Return of assets No additional information specific to inter-sector or inter-organizational communications. 8.2 Information classification 8.2.1 Classification of information ISO/IEC 27002:2013, control 8.2.1 is modifed as follows: Control Information should be classified in terms of legal requirements, value, credibility, priority, criticality and sensitivity to unauthorized disclosure or modification. Implementation guidance As well as the criteria given in ISO/IEC 27002:2013, information should be classified in terms of its credibility and priority. Credibility should be assessed in terms of the reputation of its source, technical content, and quality of description. Priority should indicate the need for urgent or immediate action, such as further distribution. Likewise, sensitivity can depend on many aspects of information beyond a need for maintaining its confidentiality, such as the impact of disclosure or potential to compromise the anonymity of its source. Care should be taken in interpreting classification markings assigned by other members of an information sharing community. EXAMPLE One well-known email client displays the message“Please treat this as Confidential” when displaying emails where the sensitivity header field has been set to “company confidential” (RFC 4021[1]). It is not clear in this case if the originator intended “company confidential” (and the message has been sent in error) or intended “confidential to you, the recipient”.
8.4.1 Information dissemination Control Information dissemination within the receiving member should be limited, based on pre-defined dissemination markings defined by the community. Implementation guidance Information which has no assigned dissemination marking should be given a default dissemination defined by the information sharing community. If in doubt, or where there is no generally accepted agreement on default dissemination, information should be treated conservatively. If possible, the recipient should request the originator to re-transmit with an explicit dissemination marking. Dissemination restrictions may include limitations on use such as controlling electronic copy and paste, preventing screen shots being taken, or preventing printing and export.
- Previous:DD IEC PAS 62588-2008 pdf Marking and labeling of components, PCBs and PCBAs to identify lead(Pb), Pb-free and other attributes
- Next:BS ISO IEC 19762.5-2008 pdf Information technology一 Automatic identification and data capture (AIDC) techniques - Harmonized vocabulary Part 5: Locating systems
- ISO IEC 27050-4-2021 pdf Information technology — Electronic discovery — Part 4: Technical readiness
- ISO IEC 27036-1-2021 pdf Cybersecurity — Supplier relationships — Part 1: Overview and concepts
- ISO IEC 27013-2021 pdf Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
- ISO IEC 26580-2021 pdf Software and systems engineering — Methods and tools for the feature- based approach to software and systems product line engineering
- ISO IEC 24735-2021 pdf Information technology — Office equipment — Method for measuring digital copying productivity
- ISO IEC 24711-2021 pdf Information technology — Office equipment — Method for the determination of ink cartridge yield for colour inkjet printers and multi- function devices that contain printer components
- ISO IEC 23544-2021 pdf Information Technology — Data centres — Application Platform Energy Effectiveness (APEE)
- ISO IEC 23510-2021 pdf Information technology — 3D printing and scanning — Framework for an Additive Manufacturing Service Platform (AMSP)
- ISO IEC 23127-1-2021 pdf Information technology — Learning, education, and training — Metadata for facilitators of online learning — Part 1: Framework
- ISO IEC 23126-2021 pdf Information technology for learning, education and training — Ubiquitous learning resource organization and description framework
- IEC TR 62658-2013 pdf Roadmap of optical circuit boards and their related packaging technologies
- IEC 60433-2021 pdf Insulators for overhead lines with a nominal voltage above 1 000 V – Ceramic insulators for AC systems – Characteristics of insulator units of the long rod type
- ISO IEC 23126-2021 pdf Information technology for learning, education and training — Ubiquitous learning resource organization and description framework
- DD IEC PAS 62588-2008 pdf Marking and labeling of components, PCBs and PCBAs to identify lead(Pb), Pb-free and other attributes
- ISO IEC 27041-2013 pdf Information technology – Security Guidance on assuring suitability and adequacy of incident investigative methods
- BS ISO IEC 15420-2009 pdf Information technology一 Automatic identification and data capture techniques EAN/UPC bar code symbology specification
- BS IEC 60860-2014 pdf Radiation protection instrumentation一 Warning equipment for criticality accidents
- BS ISO IEC 19762.5-2008 pdf Information technology一 Automatic identification and data capture (AIDC) techniques – Harmonized vocabulary Part 5: Locating systems
- ISO IEC 24735-2021 pdf Information technology — Office equipment — Method for measuring digital copying productivity
- ISO IEC 24711-2021 pdf Information technology — Office equipment — Method for the determination of ink cartridge yield for colour inkjet printers and multi- function devices that contain printer components