Difference between revisions of "Information Sharing"
Jump to navigation
Jump to search
(→References) |
|||
(24 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
==Definitions== | ==Definitions== | ||
− | + | ||
=== European Definitions === | === European Definitions === | ||
− | ==== | + | ==== [[ENISA]] ==== |
− | {{definition| | + | {{definition|'Information sharing‘ is the exchange of a variety of network and information security related information such as [[risk|risks]], [[vulnerability|vulnerabilities]], [[threat|threats]] and internal security issues as well as good practice. <ref>[https://www.enisa.europa.eu/publications/incentives-and-barriers-to-information-sharing/at_download/fullReport ENISA Incentives and Barriers to Information Sharing (2010)]</ref>}} |
− | --> | + | <br/> |
− | <br /> | + | <br/> |
− | <br /> | + | === National Definitions === |
+ | ==== [[Japan]] ==== | ||
+ | {{definition|情報共有 - システムの不具合等に関する情報(重要インフラサービス障害を含むシステムの不具合や予 兆・ヒヤリハットに関する情報)や情報セキュリティの確保に資する情報について、関係主体 間で相互に提供し、共有すること。情報連絡及び情報提供の双方を含む。<ref>[https://www.nisc.go.jp/active/infra/pdf/infra_rt4.pdf 重要インフラの情報セキュリティ対策に係る 第4次行動計画]</ref><br/><br/>Information sharing: The mutual provision and sharing among relevant entities of information on system failures (information including that on [[Critical Infrastructure|CISs]] outages and any signs of possible system failures and Hiyari-Hatto events) and information that will contribute to ensuring cybersecurity. <ref>[https://www.nisc.go.jp/eng/pdf/cs_policy_cip_eng_v4.pdf The Cybersecurity Policy for Critical Infrastructure Protection (4th Edition) (Tentative Translation)]</ref>}}This includes both information sharing to NISC and information sharing from NISC. <br /><br/> | ||
+ | |||
+ | {{definition|The mutual sharing of information such as experience, knowledge and know-how by transferring to associates and communicating among organizations and members. <ref>[http://www.nisc.go.jp/eng/pdf/actionplan_ci_eng_v3.pdf The Basic Policy of Critical Information Infrastructure Protection (3rd Edition) – tentative translation, Japan, 2014.]</ref>}}It includes both information sharing to NISC and information sharing from NISC. <br/><br/> | ||
+ | |||
+ | ====[[United States]]==== | ||
+ | =====[[NIST]]===== | ||
+ | ===== [[White House]] ===== | ||
+ | {{definition|The term “information sharing” refers to the bi-directional sharing of timely and relevant information concerning risks to United States [[Critical Infrastructure]]. <ref>[https://www.whitehouse.gov/briefing-room/presidential-actions/2024/04/30/national-security-memorandum-on-critical-infrastructure-security-and-resilience/ National Security Memorandum on Critical Infrastructure Security and Resilience, White House April 30, 2024]</ref>}}In the context of this memorandum only, intelligence sharing is an element of information sharing.</br></br> | ||
+ | {{definition|Information Sharing: The requirements for information sharing by an IT system with one or more other IT systems or applications, for information sharing to support multiple internal or external organizations, missions, or public programs. (from: NIST SP 800-16) <ref name=NIST>[https://csrc.nist.gov/Glossary NIST Glossary]</ref>}}<br/> | ||
+ | |||
+ | =====[[Financial Stability Board]]===== | ||
+ | {{definition|Information Sharing: an exchange of data, information and/or knowledge that can be used to manage [[Risk|risks]] or respond to [[event]]s. <ref>[https://www.fsb.org/wp-content/uploads/P121118-1.pdf Financial Stability Board, Cyber Lexicon (Nov. 12, 2018)]</ref>}}<br/><br/> | ||
==International Standards== | ==International Standards== | ||
− | + | ISO/IEC 27010 (2012), “ISO/IEC 27010:2012: Information technology — Security techniques — Information security management for inter-sector and inter-organisational communications”, ISO, Geneva, Switzerland. | |
<br /> | <br /> | ||
− | |||
==Good Practice on Information Sharing== | ==Good Practice on Information Sharing== | ||
==== European Union ==== | ==== European Union ==== | ||
− | + | * Actionable Information for Security Incident Response (ENISA). <ref>[http://www.enisa.europa.eu/activities/cert/support/actionable-information/actionable-information-for-security/at_download/fullReport “Actionable Information for Security Incident Response”, ENISA, Heraklion, Greece (2014).]</ref> | |
− | + | * Standards and tools for exchange and processing of actionable Information (ENISA). <ref>[http://www.enisa.europa.eu/activities/cert/support/actionable-information/standards-and-tools-for-exchange-and-processing-of-actionable-information/at_download/fullReport “Standards and tools for exchange and processing of actionable Information”, ENISA, Heraklion, Greece (2014).]</ref> | |
− | + | * Good Practice Guide Network Security Information Exchanges (ENISA). <ref>[http://www.enisa.europa.eu/media/press-releases/guide-to-mitigate-vulnerabilities-threats-cyber-attacks “Good Practice Guide Network Security Information Exchanges”, ENISA, Heraklion, Greece (2009).]</ref> | |
− | |||
− | |||
==== Global Conference on CyberSpace 2015 (GCCS2015) ==== | ==== Global Conference on CyberSpace 2015 (GCCS2015) ==== | ||
− | Sharing Cyber Security Information <ref>[ | + | * Sharing Cyber Security Information <ref>[http://www.tno.nl/infosharing Luiijf and Kernkamp (2015), Sharing Cyber Security Information.]</ref><br/>As the threat landscape is continuously changing, the sharing of cyber security related information between organisations – in a critical sector, cross-sector, nationally and internationally – is widely perceived as an effective measure in support of managing the security challenges. Information sharing, however, is not an easy topic as it comes with many facets. The booklet aims to support the cyber security and resilience governance. Its aim is to assist public and private policy-makers, middle management, researchers, and cyber security practitioners, and to steer you away from pitfalls. |
+ | ==== Global Conference on CyberSpace 2017 (GCCS2017) ==== | ||
+ | * Global Good Practice on Coordinated Vulnerability Disclosure. <ref>[http://publications.tno.nl/publication/34625843/rSbN2h/gfce-2017-coordinated.pdf Global Good Practice on Coordinated Vulnerability Disclosure (CVD).]</ref> | ||
<br /> | <br /> | ||
− | |||
− | |||
==See also== | ==See also== | ||
Line 41: | Line 51: | ||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:Resilience]] | [[Category:Resilience]] | ||
+ | |||
+ | {{#set:defined by=Japan|defined by=NIST|defined by=United States|defined by=ENISA|defined by=EU|defined by=Financial Stability Board|defined by=White House}} | ||
+ | {{#set: Showmainpage=Yes}} |
Latest revision as of 21:39, 4 May 2024
Information sharing in the context of Critical Infrastructure is about sharing security related information. Most often it concerns Cyber Security but physical security related information may be shared as well between private, public-private and public partnerships.
Contents
Definitions
European Definitions
ENISA
'Information sharing‘ is the exchange of a variety of network and information security related information such as risks, vulnerabilities, threats and internal security issues as well as good practice. [1]
National Definitions
Japan
情報共有 - システムの不具合等に関する情報(重要インフラサービス障害を含むシステムの不具合や予 兆・ヒヤリハットに関する情報)や情報セキュリティの確保に資する情報について、関係主体 間で相互に提供し、共有すること。情報連絡及び情報提供の双方を含む。[2]
Information sharing: The mutual provision and sharing among relevant entities of information on system failures (information including that on CISs outages and any signs of possible system failures and Hiyari-Hatto events) and information that will contribute to ensuring cybersecurity. [3]
Information sharing: The mutual provision and sharing among relevant entities of information on system failures (information including that on CISs outages and any signs of possible system failures and Hiyari-Hatto events) and information that will contribute to ensuring cybersecurity. [3]
This includes both information sharing to NISC and information sharing from NISC.
The mutual sharing of information such as experience, knowledge and know-how by transferring to associates and communicating among organizations and members. [4]
It includes both information sharing to NISC and information sharing from NISC.
United States
NIST
White House
The term “information sharing” refers to the bi-directional sharing of timely and relevant information concerning risks to United States Critical Infrastructure. [5]
In the context of this memorandum only, intelligence sharing is an element of information sharing.
Information Sharing: The requirements for information sharing by an IT system with one or more other IT systems or applications, for information sharing to support multiple internal or external organizations, missions, or public programs. (from: NIST SP 800-16) [6]
Financial Stability Board
Information Sharing: an exchange of data, information and/or knowledge that can be used to manage risks or respond to events. [7]
International Standards
ISO/IEC 27010 (2012), “ISO/IEC 27010:2012: Information technology — Security techniques — Information security management for inter-sector and inter-organisational communications”, ISO, Geneva, Switzerland.
Good Practice on Information Sharing
European Union
- Actionable Information for Security Incident Response (ENISA). [8]
- Standards and tools for exchange and processing of actionable Information (ENISA). [9]
- Good Practice Guide Network Security Information Exchanges (ENISA). [10]
Global Conference on CyberSpace 2015 (GCCS2015)
- Sharing Cyber Security Information [11]
As the threat landscape is continuously changing, the sharing of cyber security related information between organisations – in a critical sector, cross-sector, nationally and internationally – is widely perceived as an effective measure in support of managing the security challenges. Information sharing, however, is not an easy topic as it comes with many facets. The booklet aims to support the cyber security and resilience governance. Its aim is to assist public and private policy-makers, middle management, researchers, and cyber security practitioners, and to steer you away from pitfalls.
Global Conference on CyberSpace 2017 (GCCS2017)
- Global Good Practice on Coordinated Vulnerability Disclosure. [12]
See also
References
- ↑ ENISA Incentives and Barriers to Information Sharing (2010)
- ↑ 重要インフラの情報セキュリティ対策に係る 第4次行動計画
- ↑ The Cybersecurity Policy for Critical Infrastructure Protection (4th Edition) (Tentative Translation)
- ↑ The Basic Policy of Critical Information Infrastructure Protection (3rd Edition) – tentative translation, Japan, 2014.
- ↑ National Security Memorandum on Critical Infrastructure Security and Resilience, White House April 30, 2024
- ↑ NIST Glossary
- ↑ Financial Stability Board, Cyber Lexicon (Nov. 12, 2018)
- ↑ “Actionable Information for Security Incident Response”, ENISA, Heraklion, Greece (2014).
- ↑ “Standards and tools for exchange and processing of actionable Information”, ENISA, Heraklion, Greece (2014).
- ↑ “Good Practice Guide Network Security Information Exchanges”, ENISA, Heraklion, Greece (2009).
- ↑ Luiijf and Kernkamp (2015), Sharing Cyber Security Information.
- ↑ Global Good Practice on Coordinated Vulnerability Disclosure (CVD).