ISO/IEC 27010 provides guidelines in addition to the guidance given in the ISO/IEC 27000 family of standards for implementing information security management within Information-sharing communities. ISO/IEC 27010 provides controls and guidance specifically relating to initiating, implementing, maintaining, and improving information security in inter-organizational and inter-sector communications. It provides guidelines and general principles on how the specified requirements can be met using established messaging and other technical methods.
ISO/IEC 27010 is applicable to all forms of exchange and sharing of sensitive information, both public and private, nationally and internationally, within the same industry or market sector or between sectors. In particular, it may be applicable to information exchanges and sharing relating to the provision, maintenance and protection of an organization’s or nation state’s critical infrastructure.
ISO/IEC 27010 is designed to support the creation of trust when exchanging and sharing sensitive information, thereby encouraging the international growth of information-sharing communities.
ISO/IEC 27010 on information security management for inter-sector and inter-organizational communications is useful for:
ISO/IEC 27010 is a sector-specific supplement to ISO/IEC 27001:2013 and ISO/IEC 27002:2013 for use by information-sharing communities. The guidelines contained within ISO/IEC 27010 are in addition to, and complement, the generic guidance given within other members of the ISO/IEC 27000 family of standards.
When organizations wish to communicate sensitive information to multiple other organizations, the originator must have confidence that its use in those other organizations will be subject to adequate security controls implemented by the receiving organizations. This can be achieved through the establishment of an information-sharing community, where each member trusts the other members to protect the shared information, even though the organizations may otherwise be in competition with each other.
An information-sharing community cannot work without trust. Those providing information must be able to trust the recipients not to disclose or to act upon the data inappropriately. Those receiving the information must be able to trust that information is accurate, subject to any qualifications notified by the originator. Both aspects are important and must be supported by demonstrably effective security policies and the use of good practice using ISO/IEC 27010. This is an information security management system (ISMS) for the information-sharing community. In addition, information sharing can take place between information-sharing communities where not all recipients will be known to the originator. This will only work if there is adequate trust between the communities and their information-sharing agreements. ISO/IEC 27010 is particularly relevant to the sharing of sensitive information between diverse communities, such as different industry or market sectors.
ISO/IEC 27010:2015