Difference between revisions of "Need-To-Know"
Jump to navigation
Jump to search
| Line 12: | Line 12: | ||
==== [[Italy]] ==== | ==== [[Italy]] ==== | ||
{{definition|Necessità di conoscere: Principio che subordina l’accesso a determinate informazioni all’effettiva indispensabilità ai fini dello svolgimento di specifici compiti istituzionali. <ref>[https://www.sicurezzanazionale.gov.it/sisr.nsf/wp-content/uploads/2013/12/Glossario-intelligence-2013.pdf IL LINGUAGGIO DEGLI ORGANISMI INFORMATIVI Glossario (2013)]</ref>}}In materia di tutela della sicurezza delle informazioni, è una condizione aggiuntiva rispetto al possesso del Nulla Osta di Sicurezza per accedere ad informazioni con classifica superiore a riservato. <br/><br/> | {{definition|Necessità di conoscere: Principio che subordina l’accesso a determinate informazioni all’effettiva indispensabilità ai fini dello svolgimento di specifici compiti istituzionali. <ref>[https://www.sicurezzanazionale.gov.it/sisr.nsf/wp-content/uploads/2013/12/Glossario-intelligence-2013.pdf IL LINGUAGGIO DEGLI ORGANISMI INFORMATIVI Glossario (2013)]</ref>}}In materia di tutela della sicurezza delle informazioni, è una condizione aggiuntiva rispetto al possesso del Nulla Osta di Sicurezza per accedere ad informazioni con classifica superiore a riservato. <br/><br/> | ||
| − | + | ==== [[Netherlands]] ==== | |
| + | {{definition|Need-to-know: een ''Vertrouwensfunctionaris'' mag slechts van ''Bijzondere Informatie'' kennisnemen als dat nodig is om zijn werk te kunnen doen. Bovendien mag hij deze kennis niet met collega’s delen voor wie deze kennis niet noodzakelijk is en/of geen vertrouwensfunctionaris zijn. <ref>[https://www.defensie.nl/binaries/defensie/documenten/beleidsnota-s/2017/06/13/abdo-2017/ABDO+2017.pdf ABDO 2017]</ref>}}<br/><br/> | ||
====[[United States]]==== | ====[[United States]]==== | ||
===== [[NIST]]===== | ===== [[NIST]]===== | ||
| Line 37: | Line 38: | ||
[[Category:Information]][[Category:Security]] | [[Category:Information]][[Category:Security]] | ||
| − | {{#set:defined by=IAEA|defined by=Australia|defined by=Hong Kong|defined by=Italy|defined by=United States|defined by=NIST|defined by=DoD}} | + | {{#set:defined by=IAEA|defined by=Australia|defined by=Hong Kong|defined by=Italy|defined by=Netherlands|defined by=United States|defined by=NIST|defined by=DoD}} |
Revision as of 00:02, 19 July 2018
Contents
International Definitions
IAEA
Need to know is
(1) A rule by which individuals, processes, and systems are granted access to only the information, capabilities and assets which are necessary for execution of their authorized functions.
(2) A principle under which users, processes and systems are granted access to only the information, capabilities and assets which are necessary for execution of their authorized functions. [1]
(1) A rule by which individuals, processes, and systems are granted access to only the information, capabilities and assets which are necessary for execution of their authorized functions.
(2) A principle under which users, processes and systems are granted access to only the information, capabilities and assets which are necessary for execution of their authorized functions. [1]
National Definitions
Australia
Need-to-know: Refers to a need to access information based on an operational requirement. [2]
Hong Kong
需要知道原則 : 需要知道原則是接達、知識或擁有執行公務所需的特定信息的 需要性。保安程序的需要知道原則,在於要求敏感訊息託管人 將透露訊息給別人之前,確保有適當的授權才能讓訊息接收者 接達訊息 。
Need-To-Know Principle: The necessity for access to, knowledge of, or possession of specific information required to carry out official duties. [3]
Need-To-Know Principle: The necessity for access to, knowledge of, or possession of specific information required to carry out official duties. [3]
The need-to-know criterion is used in security procedures that require a custodian of sensitive information, prior to disclosing the information to someone else, to establish that the intended recipient has proper authorisation to access the information.
Italy
Necessità di conoscere: Principio che subordina l’accesso a determinate informazioni all’effettiva indispensabilità ai fini dello svolgimento di specifici compiti istituzionali. [4]
In materia di tutela della sicurezza delle informazioni, è una condizione aggiuntiva rispetto al possesso del Nulla Osta di Sicurezza per accedere ad informazioni con classifica superiore a riservato.
Netherlands
Need-to-know: een Vertrouwensfunctionaris mag slechts van Bijzondere Informatie kennisnemen als dat nodig is om zijn werk te kunnen doen. Bovendien mag hij deze kennis niet met collega’s delen voor wie deze kennis niet noodzakelijk is en/of geen vertrouwensfunctionaris zijn. [5]
United States
NIST
Need-to-know (NTK) is a method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. [6]
The terms ‘need-to know” and “least privilege” express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.
DoD
Need to know is a criterion used in security procedures that requires the custodians of classified information to establish, prior to disclosure, that the intended recipient must have access to the information to perform his or her official duties (source: JP 2-01.2) [7]
See also
Notes
- ↑ IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
- ↑ Protective Security Policy Framework - Glossary Oct 2017
- ↑ Glossary for Information Security Terms/資訊保安詞彙表
- ↑ IL LINGUAGGIO DEGLI ORGANISMI INFORMATIVI Glossario (2013)
- ↑ ABDO 2017
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
- ↑ Joint Publication 1-02: Department of Defense Dictionary of Military and Associated Terms (2016)
