Information Sharing

From CIPedia
Revision as of 00:40, 3 June 2018 by Eluiijf (talk | contribs) (Japan)
Jump to navigation Jump to search

Information sharing in the context of Critical Infrastructure is about sharing security related information. Most often it concerns Cyber Security but physical security related information may be shared as well between private, public-private and public partnerships.

Definitions



National Definitions

Japan

Information sharing: The mutual provision and sharing among relevant entities of information on system failures (information including that on CISs outages and any signs of possible system failures and Hiyari-Hatto events) and information that will contribute to ensuring cybersecurity. [1]

This includes both information sharing to NISC and information sharing from NISC.

The mutual sharing of information such as experience, knowledge and know-how by transferring to associates and communicating among organizations and members. [2]

It includes both information sharing to NISC and information sharing from NISC.

United States

NIST
Information Sharing: The requirements for information sharing by an IT system with one or more other IT systems or applications, for information sharing to support multiple internal or external organizations, missions, or public programs. (from: NIST SP 800-16) [3]



International Standards

ISO/IEC 27010 (2012), “ISO/IEC 27010:2012: Information technology — Security techniques — Information security management for inter-sector and inter-organisational communications”, ISO, Geneva, Switzerland.

Good Practice on Information Sharing

European Union

  • Actionable Information for Security Incident Response (ENISA). [4]
  • Standards and tools for exchange and processing of actionable Information (ENISA). [5]
  • Good Practice Guide Network Security Information Exchanges (ENISA). [6]

Global Conference on CyberSpace 2015 (GCCS2015)

  • Sharing Cyber Security Information [7]
    As the threat landscape is continuously changing, the sharing of cyber security related information between organisations – in a critical sector, cross-sector, nationally and internationally – is widely perceived as an effective measure in support of managing the security challenges. Information sharing, however, is not an easy topic as it comes with many facets. The booklet aims to support the cyber security and resilience governance. Its aim is to assist public and private policy-makers, middle management, researchers, and cyber security practitioners, and to steer you away from pitfalls.

Global Conference on CyberSpace 2017 (GCCS2017)

  • Global Good Practice on Coordinated Vulnerability Disclosure. [8]


See also


References