27. “ Others inspire us, information feeds us, practice improves our performance, but we need quiet time to figure things out, to emerge with new discoveries, to unearth original answers.” - Esther Buchholz (C) Cardiff University
36. Traffic Light Protocol Philosophy mapped to the Business Impact and Control Categories RED SENSITIVITY = HIGHLY SENSITIVE Personal for named recipients only WHITE SENSITIVITY = PUBLIC Unlimited Control (Apart from legal recourse) Uncontrolled AMBER SENSITIVITY = SENSITIVE Limited distribution GREEN SENSITIVITY = NORMAL BUSINESS Business Community wide CATASTROPHIC Secured Segregated MATERIAL Secured MAJOR Restricted MINOR Controlled INSIGNIFICANT Controlled Developed to control information sharing between G8 countries, Business Impact levels added.
37. Generic “Org X” Architecture Trust Model External Secured This zone is similar to the secured zone but is owned and operated by a business partner. The trust relationship between the Org X and the business partner is stronger than in the restricted zones. Information Assets: Distributed to named individuals only. Secured This zone is the most secured area within the architecture. Access should be limited to highly trusted principals. Information Access limited to named principals only. External Restricted Similar to Restricted Zone but owned /operated by a business partner. The trust relationship is stronger that that in the External Controlled Zone. Information Access limited to Groups of authenticated principals Restricted The restricted Zone is the next higher level of security above Controlled. Access is Restricted to authenticated users or processes. Most data processing and storage occurs here. Information Access limited to pre-defined groups made up of authenticated principals. External Controlled Similar to Controlled Zone but owned /operated by an external organisation. Controlled This is where the lowest levels of control are applied to manage Information Assets with the prime goals of managing Availability and Compliance Uncontrolled (Public) The uncontrolled environment outside the control of Org X. Managed Belongs to IT and is used to administer servers, network devices and other managed devices. May be implemented with secure sessions (SSH) separate out of band networks or greater controls on Admin devices.