Traffic Light Protocol

Last updated

The Traffic Light Protocol (TLP) is a system for classifying sensitive information created in the early 2000s by the UK Government's National Infrastructure Security Co-ordination Centre, in order to encourage greater sharing of sensitive information. [1]

Contents

The fundamental concept is for the originator to signal how widely they want their information to be circulated beyond the immediate recipient. It is designed to improve the flow of information between individuals, organizations or communities in a controlled and trusted way. It is important that everyone who handles TLP-labeled communications understands and obeys the rules of the protocol. Only then can trust be established and the benefits of information sharing realized. The TLP is based on the concept of the originator labeling information with one of four colors to indicate what further dissemination, if any, can be undertaken by the recipient. The recipient must consult the originator if wider dissemination is required.

A number of current specifications for TLP exist.

Summary of TLP's four colours and their meanings

There are four colors (or traffic lights): [7]

In the context of a meeting, for example, RED information is limited to those present at the meeting. The distribution of RED information will generally be via a defined list and in extreme circumstances may only be passed verbally or in person.
The recipient may share AMBER information with others within their organization and their clients, but only on a ‘need-to-know’ basis. The originator may be expected to specify the intended limits of that sharing.
 AMBER+STRICT , introduced in TLP version 2.0, restricts sharing to the organisation only. [8]
Information in this category can be circulated widely within a particular community. However, the information may not be published or posted publicly on the Internet, nor released outside of the community. Note: when “community” is not defined, assume the cybersecurity/defense community.
Subject to standard copyright rules, CLEAR/WHITE information may be distributed freely, without restriction.

In practice, one will indicate a document's classification with the acronym "TLP", followed by a colon and classification level, for example: "TLP:RED".

See also

Related Research Articles

ISO/IEC 7816 is an international standard related to electronic identification cards with contacts, especially smart cards, and more recently, contactless mobile devices, managed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

<span class="mw-page-title-main">Business continuity planning</span> Prevention and recovery from threats that might affect a company

Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery. Business continuity is the intended outcome of proper execution of both business continuity planning and disaster recovery.

X.400 is a suite of ITU-T recommendations that define the ITU-T Message Handling System (MHS).

Information technology service management (ITSM) are the activities performed by an organization to design, build, deliver, operate and control information technology (IT) services offered to customers.

<span class="mw-page-title-main">DNP3</span> Computer network protocol

Distributed Network Protocol 3 (DNP3) is a set of communications protocols used between components in process automation systems. Its main use is in utilities such as electric and water companies. Usage in other industries is not common. It was developed for communications between various types of data acquisition and control equipment. It plays a crucial role in SCADA systems, where it is used by SCADA Master Stations, Remote Terminal Units (RTUs), and Intelligent Electronic Devices (IEDs). It is primarily used for communications between a master station and RTUs or IEDs. ICCP, the Inter-Control Center Communications Protocol, is used for inter-master station communications. Competing standards include the older Modbus protocol and the newer IEC 61850 protocol.

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information security, cybersecurity and privacy protection — Information security controls.

The ISO/IEC 27000-series comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

DASH7 Alliance Protocol (D7A) is an open-source wireless sensor and actuator network protocol, which operates in the 433 MHz, 868 MHz and 915 MHz unlicensed ISM band/SRD band. DASH7 provides multi-year battery life, range of up to 2 km, low latency for connecting with moving things, a very small open-source protocol stack, AES 128-bit shared-key encryption support, and data transfer of up to 167 kbit/s. The DASH7 Alliance Protocol is the name of the technology promoted by the non-profit consortium called the DASH7 Alliance.

ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 27 develops International Standards, Technical Reports, and Technical Specifications within the field of information security. Standardization activity by this subcommittee includes general methods, management system requirements, techniques and guidelines to address information security, cybersecurity and privacy. Drafts of International Standards by ISO/IEC JTC 1 or any of its subcommittees are sent out to participating national standardization bodies for ballot, comments and contributions. Publication as an ISO/IEC International Standard requires approval by a minimum of 75% of the national bodies casting a vote. The international secretariat of ISO/IEC JTC 1/SC 27 is the Deutsches Institut für Normung (DIN) located in Germany.

Indicator of compromise (IoC) in computer forensics is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.

ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.

Storage security is a specialty area of security that is concerned with securing data storage systems and ecosystems and the data that resides on these systems.

The Open Trusted Technology Provider Standard (O-TTPS) is a standard of The Open Group that has also been approved for publication as an Information Technology standard by the International Organization of Standardization and the International Electrotechnical Commission through ISO/IEC JTC 1 and is now also known as ISO/IEC 20243:2015. The standard consists of a set of guidelines, requirements, and recommendations that align with best practices for global supply chain security and the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products. It is currently in version 1.1. A Chinese translation has also been published.

ISO 22396:2020Security and resilience - Community resilience - Guidelines for information exchange between organizations, is an international standard developed by ISO/TC 292 Security and resilience and published by the International Organization for Standardization in 2020: ISO 22396 gives various of recommendations on how to exchange information between organizations. It is applicable to all types of organizations, both public and private. The recommendations include various of principles for information exchange as well as a framework and process on how to work.

References

  1. Eric Luiijf; Allard Kernkamp (March 2015). "Sharing Cyber Security Information" (PDF). Global Conference on CyberSpace 2015. Toegepast Natuurwetenschappelijk Onderzoek. Retrieved 2016-10-25.
    Don Stikvoort (11 November 2009). "ISTLP - Information Sharing Traffic Light Protocol" (PDF). Trusted Introducer. National Infrastructure Security Co-ordination Centre . Retrieved 2016-10-25.
    "Development of Policies for Protection of Critical Information Infrastructures" (PDF). Organisation for Economic Co-operation and Development . Retrieved 2015-11-19.
    "'Re: OpenSSH security advisory: cbc.adv' - MARC". Mailing list ARChive . Retrieved 2012-11-25. (alt source SecurityFocus archive entry)
  2. "ISO/IEC 27010:2015 [ISO/IEC 27010:2015] | Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications". International Organization for Standardization/International Electrotechnical Commission. November 2015. Retrieved 2019-12-31.
  3. "Traffic Light Protocol (TLP) Definitions and Usage". United States Department of Homeland Security . Retrieved 2019-12-31.
  4. "FIRST announces Traffic Light Protocol (TLP) version 1.0". Forum of Incident Response and Security Teams. Retrieved 2019-12-31.
  5. "Traffic Light Protocol (TLP)". FIRST — Forum of Incident Response and Security Teams. Retrieved 2022-08-05.
  6. "FIRST announces Traffic Light Protocol (TLP) version 2.0" (PDF).
  7. "Traffic Light Protocol". Centre for Critical Infrastructure Protection. Archived from the original on 2013-02-05. Retrieved 2012-11-25.
  8. "FIRST Traffic Light Protocol version 2.0" (PDF).
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.