Cleaned up Literature folder

Corpus/ISMS/Data classification/Data Classification.md

@@ -0,0 +1,64 @@
+# Data Classification
+
+**Definition:**
+"A *data classification* identifies the value of the data to the organization. Classification labels, the method by which they are assigned, and the required protection associated with the different labels, are identified in a policy." 
+Source: [CISSP_OSG_Chapter_5](../../Standards/CISSP/CISSP_OSG_Chapter_5.md#Defining%20data%20Classifications)
+
+Classification criteria should be risk based, for instance on potential damage to the organization, the privacy of individuals, national security, economic interests, or other critical concerns.
+
+## Examples from SANS forum
+
+Source: https://sth-community.sans.org/t/y4yt81n
+Retrieved:  2 september 2024
+
+Public
+Internal
+Confidential
+
+1. No risk - Open
+2. Some risk - Internal
+3. Significant risk - Confidential
+
+4. Unrestricted
+5. Restricted-External
+6. Restricted-Internal
+7. Confidential
+
+- Public
+- Internal
+- Confidential
+- Restricted
+
+Restricted, Confidential, Internal Use, and Public
+
+We have Confidential Information (CI) and Personal Information (PI). Both CI and PI are categorized as Red, Orange and Yellow for sensitivity (from most to least sensitive). Then there's Green Information, which is public.
+
+|   |   |
+|---|---|
+|General Use|Emails and documents with this label are not sensitive and can be shared both internally and externally with no risk of harm and without restriction.|
+|Confidential – Internal Use Only|This label applies to sensitive information that should not leave the organization but is not as critical as those under the "Highly Confidential" classification. Use this for information that if disclosed outside, could still cause harm but is primarily intended for internal stakeholders.|
+|Confidential – Third Party Authorized|This label applies to sensitive information that can be shared with third parties who have been vetted and authorized under specific conditions. This might include business partners or vendors who need access to certain information to provide services or support.|
+|Highly Confidential – Internal Use Only|This label applies to the most sensitive information that if disclosed, could result in severe damage to the organization. Access should be limited to a very select group of internal stakeholders, and it should not be shared outside the organization.|
+|Highly Confidential - Third Party Authorized|This label applies to extremely sensitive information that must sometimes be shared with third parties, under very strict controls and only when absolutely necessary. This could include sharing with legal counsel, auditors, or regulatory bodies who require access to fulfill their obligations to the organization.|
+
+Just before I left the Bank of England, we rebuilt our classification scheme - [https://www.bankofengland.co.uk/-/media/boe/files/about/human-resources/iscs-external-guidance.pdf](https://www.bankofengland.co.uk/-/media/boe/files/about/human-resources/iscs-external-guidance.pdf) is the reference. We had used UNCLASSIFIED, BANK CONFIDENTIAL, SECRET and TOP SECRET previously, but moved to OFFICIAL-BLUE, OFFICIAL-GREEN, OFFICIAL-AMBER and OFFICIAL-RED for the non SECRET levels - we wanted labels that were not using simple language as we found that using words like confidential were difficult to track in DLP systems, causing far too many false positives.  
+One of the reasons for the move was that the UK government was looking to change their scheme to a traffic light system also, so we moved to where they were heading.
+
+
+From a user perspective it is complex to figure out a classification. That's why some of our institutions reverse the process and start with the person and what they want to do.
+Leiden University has a tool picker that is publicly available, to help employees and students pick the correct tool (and indirectly the level of security and privacy that that tool offers).
+It does not solve the classification labeling problem if you have a single mandatory system in mind, but I can imagine that asking them about what goal they want to achieve makes it easier for employees to see classification as helpful and useful.
+[https://web.universiteitleiden.nl/assets/toolpicker/?lang=en](https://web.universiteitleiden.nl/assets/toolpicker/?lang=en)
+
+![](../Informatie_classificatie_matrix.xlsx)
+
+
+See also:
+[Datatags privacy oriented data classification system](Datatags%20privacy%20oriented%20data%20classification%20system.md)
+[Def_Sec_Handbook_Chapter_2](../../Literature/Defensive%20Security%20Handbook/Def_Sec_Handbook_Chapter_2.md#Information%20classification)
+[ISO 27002:2022 NL A5.12](../../Standards/ISO27x/OST/27002/NL/a-5.12-Classificeren-van-informatie.md)
+[Designing an information management scheme](../Designing%20an%20information%20management%20scheme.md)
+[Key Topics for a policy on handling classified information](../Policy%20examples/Key%20Topics%20for%20a%20policy%20on%20handling%20classified%20information.md)
+[Traffic Light Protocol (TLP)](Traffic%20Light%20Protocol%20TLP.md)
+
+

Corpus/ISMS/Data classification/Datatags privacy oriented data classification system.md

@@ -0,0 +1,37 @@
+ Sweeney L, Crosas M, Bar-Sinai M. Sharing Sensitive Data with Confidence: The DataTags System. Technology
+
+Science. 2015101601. October 16, 2015. http://techscience.org/a/2015101601; PDF version attached: [](techsci-datatags-sweeneycrosasbarsinai.pdf).
+
+Related:
+- [ISO 27001 A 8.2 Information classification](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2%20Information%20classification.md)
+- [Privacy in ISO 27001](../../Standards/ISO27x/Privacy%20in%20ISO%2027001.md)
+
+Sweeney et all have developed a privacy oriented data classification system with six levels:
+
+![](Datatags%20classification%20table.jpg)
+*"Definitions for each of six datatags are introduced for demonstration purposes".*
+
+The classification is based on a five level scheme designed and adopted by Harvard University for storing and transmitting research data.
+
+The notion of datatags is introduced as a means of identifying handling and access requirements for a file.
+
+Privacy risks associated with each level:
+- Blue: zero risk for harm to individuals. This level is meant for non-confidential and non-personal information that can be stored and shared freely. 
+- Green: meant for unidentifiable personal data. No risk currently, but in the future a re-identification vulnerability may develop.
+- Orange: risk of material harm to individuals if disclosed.
+- Red: serious harm to individuals if disclosed, including the risk of serious social, psychological, reputational, financial, legal or other harm to an individual or group.
+- Crimson: non-authorized disclosure would cause severe harm to individuals
+
+
+The proposed application is "a repository capable of handling sensitive and non-sensitive files in accordance with different security requirements".
+
+A datatags-compliant repository satisfies the following conditions:
+
+> 1.  A datatag is a set of security features and access requirements for file handling. A datatags repository has a finite, partially ordered set of datatags, where the strictness and strength of datatags’ security features and access requirements dictate the ordering. A repository must have more than one datatag.
+>     
+> 2.  All files in the repository must have a datatag, and each file in the repository has one and only one datatag. A file may optionally have additional handling requirements, such as an audit trail log or an expiration date. A file may optionally require additional terms for a data use agreement or additional terms of access by a recipient of the file from the repository. A file may have attributes that further describe it for reporting purposes. None of the optional requirements may weaken or replace the security requirements for the file’s assigned datatag, and none may adjust a datatag’s security requirements to be the same as another datatag or stronger than a more restrictive datatag.
+>     
+> 3.  A recipient who receives a file from the repository must satisfy the file’s associated access requirements, produce sufficient credentials as requested, and agree to any terms of use required to acquire a copy of the file.
+>     
+> 4.  Technological guarantees exist that the requirements in 1 and 2 are satisfied for all files in the repository and for all accesses to those files from the repository. This imposes auditing obligations on transactions in the repository.
+

Corpus/ISMS/Data classification/Examples of TLP document classification for different industries.md

@@ -0,0 +1,12 @@
+# Examples of TLP document classification for different industries
+
+- [for information security](FIRST%20TLP%20labeled%20document%20examples%20for%20information%20security.md)
+- [for a commercial services organization](FIRST%20TLP%20labeled%20document%20examples%20commercial.md)
+- [for a childcare organization](FIRST%20TLP%20labeled%20document%20examples%20childcare.md)
+- [for a hospital](FIRST%20TLP%20labeled%20document%20examples%20hospital.md)
+- [for a national government organization](FIRST%20TLP%20labeled%20document%20examples%20national%20government.md)
+
+
+![](../../Information%20Security/Risks/TLP_Impact_matrix_NL.xlsx)
+
+

Corpus/ISMS/Data classification/Examples of measures for different TLP classifications.md

@@ -0,0 +1,72 @@
+# Examples of measures for different TLP classifications
+
+*Voor Nederlands, zie [hier](Voorbeelden%20van%20maatregelen%20bij%20verschillende%20TLP%20classificaties.md).*
+
+**TLP: CLEAR**
+- No measures
+- No restriction on the use of AI tools
+- Documents are labeled with TLP:CLEAR
+
+**TLP: GREEN**
+- Access limited to[^1] :
+	- the organization itself
+    - authorized external parties
+    - using MFA (Multi-Factor Authentication)
+- SharePoint/Teams/OneDrive:
+    - placement in folders that are broadly accessible internally is allowed
+    - sharing only with authorized external parties
+    - placement on your personal OneDrive is allowed
+- Cloud services and collaboration tools:
+    - only use solutions approved/managed by the organization
+- Emailing and sending:
+    - additional measures are not necessary (such as encrypted email or secure connections)
+- Use of Co-pilot is allowed
+    - Devices and locations:
+        - storage and access only via managed devices
+        - do not leave devices unattended
+        - printing only on approved/secure printers
+        - physical documents should only be kept in approved locations
+    - Documents are labeled with TLP:GREEN
+ 
+**TLP: AMBER (+STRICT)**
+*All measures/restrictions of TLP:GREEN apply, plus:*
+
+- Access limited to:
+    - specific teams and departments within the organization
+    - specific authorized persons from external parties, under a signed NDA (Non-Disclosure Agreement)
+- SharePoint/Teams/OneDrive:
+    - only place in folders that have limited internal access
+    - only specific external persons may be granted access
+    - placement on your personal OneDrive is _not_ allowed
+- Cloud services and collaboration tools:
+    - only use solutions managed by the organization (specify)
+    - only use services with strict security (such as DigiD or Bank-tokens)
+- Emailing and sending:
+    - only via secure connections, in encrypted form, or via a 'secure mailing' solution (such as Zivver)
+    - data transfer is monitored for abnormal patterns
+- Use of Co-pilot is _not_ allowed
+- Documents are labeled with TLP:AMBER
+
+
+**TLP: RED**
+*All measures/restrictions of TLP:AMBER apply, plus:*
+
+- Access limited to:
+    - specific persons within the organization
+- SharePoint/Teams/OneDrive:
+    - only place in folders accessible to specific employees
+    - external persons may _not_ be granted access
+    - placement on your personal OneDrive is _not_ allowed
+- Full monitoring of data transfer: control and logging of all data traffic
+- Cloud services and collaboration tools:
+    - usage is limited to ...
+- Emailing and sending:
+    - Not allowed
+    - Full and detailed logging of all activities
+- Devices and locations:
+    - no access with mobile phones
+    - printing not allowed
+    - physical documents are kept in locked locations with restricted access (specify)
+- Documents are labeled with TLP:RED
+
+[^1]: Controls [[ISO_27002_2022_NL_BT_5.19 Information security in supplier relationships|5.19]], [[ISO_27002_2022_NL_BT 6.6 Confidentiality or non-disclosure agreements|6.6]], [[ISO_27002_2022_NL_BT 7.2 Physical access security |7.2]]

Corpus/ISMS/Data classification/FIRST TLP labeled document examples childcare.md

@@ -0,0 +1,34 @@
+ChatGPT prompt, requested 6 januari 2025:
+`The FIRST TLP standard recognizes 4 labels, RED, AMBER, GREEN and CLEAR. For each label, give typical examples of the kinds of documents in a childcare organization
+
+In a childcare organization, the Traffic Light Protocol (TLP) can be used to manage and classify information based on its sensitivity and the appropriate sharing audience. Here's how the different TLP labels might be applied:
+
+1. **TLP:RED**
+   - **Examples of Documents:**
+     - Child protection reports or sensitive incident reports involving specific children or staff that are under investigation.
+     - Confidential parental complaints or legal documents involving the welfare of specific children.
+     - Emergency response plans detailing actions for critical incidents affecting child safety.
+     - Personal records of children and staff, such as health information or background checks, requiring high confidentiality.
+
+2. **TLP:AMBER**
+   - **Examples of Documents:**
+     - Internal assessments or evaluations regarding program effectiveness or staff performance that require restricted sharing.
+     - Reports on non-critical incidents involving children that need to be shared only with relevant staff and authorities.
+     - Draft policies or procedures under consideration that have not been finalized or publicly announced.
+     - Strategy documents for program development or expansions that are not for public release but may be shared with select partners or stakeholders.
+
+3. **TLP:GREEN**
+   - **Examples of Documents:**
+     - Staff training manuals and educational resources intended for internal use but could be shared with partners for collaborative learning.
+     - Updates on non-sensitive program changes or organizational developments shared internally among staff.
+     - General guidance or informational documents that support day-to-day operations and could be made available to partnership organizations.
+     - Documents outlining health and safety protocols that are not proprietary and can facilitate broader industry best practices.
+
+4. **TLP:CLEAR**
+   - **Examples of Documents:**
+     - Public newsletters and announcements about upcoming events or programs open to the community.
+     - Marketing materials, brochures, and digital content intended for parents and the general public.
+     - General policy documents and guidelines on topics such as enrolment, non-sensitive health practices, or general childcare tips.
+     - Information about community involvement activities or open days intended to engage and inform the public about the organization's work.
+
+These examples illustrate how the TLP can be an effective tool in a childcare organization to manage information sharing, protecting sensitive data and ensuring that information is shared with the appropriate audience.

Corpus/ISMS/Data classification/FIRST TLP labeled document examples commercial.md

@@ -0,0 +1,34 @@
+ChatGPT prompt, requested 6 januari 2025:
+`The FIRST TLP standard recognizes 4 labels, RED, AMBER, GREEN and CLEAR. For each label, give typical examples of the kinds of documents in a commercial services organization` 
+
+The Traffic Light Protocol (TLP) is a system for classifying sensitive information to facilitate information sharing. It consists of different color-coded labels, each indicating the level of sensitivity and the degree of sharing permitted. Here's how these might apply in a commercial services organization:
+
+1. **TLP:RED**
+   - **Examples of Documents:** 
+     - Internal reports on a severe data breach or security incident that is currently under investigation.
+     - Legal documents related to ongoing litigation or disputes.
+     - Executive communications containing strategic decisions that could significantly impact the company's operations or reputation if disclosed.
+     - Crisis management plans and tactics being deployed in real-time.
+
+2. **TLP:AMBER**
+   - **Examples of Documents:**
+     - Internal audit findings and potential vulnerabilities that need to be addressed.
+     - Draft versions of sensitive projects or product developments not yet publicly announced.
+     - Employee performance reviews and confidential HR investigations.
+     - Negotiation strategies or contract terms involving significant vendors or partners.
+
+3. **TLP:GREEN**
+   - **Examples of Documents:**
+     - Internal newsletters and policy updates meant for all employees but not for public or competitor knowledge.
+     - Market analysis reports or industry research intended to guide internal strategy but not yet published externally.
+     - Training materials and resources meant for internal skill-building and organizational development.
+     - Summary reports on non-critical projects or initiatives that may be shared with specific partners under NDA.
+
+4. **TLP:CLEAR**
+   - **Examples of Documents:**
+     - Press releases and publicly available company announcements.
+     - Marketing materials and brochures intended for public distribution.
+     - White papers and research reports approved for public or client distribution.
+     - General information about company policies and procedures that are not sensitive or proprietary.
+
+These examples serve to illustrate how TLP labeling can be employed within a commercial services organization to manage the dissemination of information effectively, depending on its sensitivity and intended audience.

Corpus/ISMS/Data classification/FIRST TLP labeled document examples for information security.md

@@ -0,0 +1,46 @@
+ChatGPT prompt, requested 6 januari 2025:
+`The FIRST TLP standard recognizes 4 labels, RED, AMBER, GREEN and CLEAR. For each label, give typical examples of the kinds of information found in the information security function of the organization and its systems` 
+
+### The FIRST TLP standard recognizes 4 labels, RED, AMBER, GREEN and CLEAR. For each label, give typical examples of the kinds of information found in the information security function of the organization and its systems
+
+The Traffic Light Protocol (TLP) is a system designed to facilitate sharing sensitive information by specifying what can be shared and with whom. Here are typical examples of information under each TLP label within an organization's information security function:
+
+1. **TLP:RED**
+   - **Example Information:** Detailed specifics on a newly discovered zero-day vulnerability affecting critical systems, incident investigation reports with sensitive details, personal data of incident responders or affected parties, or intelligence on imminent threats that could lead to significant harm.
+   - **Sharing Guidelines:** Intended for the named recipients only. Extreme caution is required due to the sensitive nature of the information. It should not be shared beyond the intended recipients without explicit permission.
+
+2. **TLP:AMBER**
+   - **Example Information:** Incident detection techniques, indicators of compromise (IOCs) that might be used by threat actors, internal security processes or system configurations, and vulnerabilities that are being actively exploited but are not publicly known.
+   - **Sharing Guidelines:** Restricted to individuals or groups within the recipient’s organization who need to know in order to prevent or mitigate the impact of incidents.
+
+3. **TLP:GREEN**
+   - **Example Information:** General threat intelligence reports, summaries of common attack vectors, security awareness materials, lessons learned from incidents (with sensitive details redacted), and industry best practices for various security processes.
+   - **Sharing Guidelines:** Information can be shared within the community or group but not publicly. It can be shared with peers and partner organizations within the same sector or community.
+
+4. **TLP:CLEAR**
+   - **Example Information:** Publicly available security advisories, general security policies, declassified information about previous incidents, and announcements that have already been made public.
+   - **Sharing Guidelines:** Information can be freely shared with anyone, including the general public. Offers the least restriction and encourages wide dissemination.
+
+Using TLP labels allows organizations to better control the dissemination of sensitive information, ensuring it reaches those who need it while preventing leakage to unintended parties.
+
+### Answer the same question, but now focus on information that would facilitate gaining access to systems and information of the organization
+
+When considering the potential for facilitating unauthorized access to an organization's systems and information, here’s how different types of sensitive information might be categorized under each TLP label:
+
+1. **TLP:RED**
+   - **Example Information:** Administrative credentials, passwords, or encryption keys for critical systems; architectural diagrams of the network including security solutions and defenses in place; detailed security vulnerability assessments and penetration testing results exposing critical vulnerabilities; and detailed incident reports that expose system weaknesses.
+   - **Sharing Guidelines:** This information is highly sensitive and should only be shared with specific, authorized individuals who require it for critical tasks. It must not be shared beyond these individuals without explicit permission due to the risk of compromise.
+
+2. **TLP:AMBER**
+   - **Example Information:** Configuration details of critical security systems (e.g., firewalls, intrusion detection/prevention systems), lists of known vulnerabilities within less critical systems, scripts or tools used for internal security checks, and access controls or user privilege levels of staff within the organization.
+   - **Sharing Guidelines:** Information should only be shared with personnel or departments directly involved in securing or maintaining systems. It should not be distributed beyond these necessary recipients within the organization.
+
+3. **TLP:GREEN**
+   - **Example Information:** General guidelines on password policies, which IT systems are in place along with their general functions but without exposing critical configurations, high-level security framework overviews, and anonymized metrics on system access attempts (e.g., frequency of login attempts).
+   - **Sharing Guidelines:** This information can be shared within the community or with partner organizations, enabling sharing of best practices or awareness of common challenges without exposing sensitive details that might facilitate system access.
+
+4. **TLP:CLEAR**
+   - **Example Information:** Public security policies, non-sensitive security training materials aimed at general staff awareness, historical data on resolved security incidents without sensitive details, and general announcements regarding security posture improvements.
+   - **Sharing Guidelines:** Such information can be freely shared with the public, including stakeholders outside the organization, since it does not directly compromise the security of systems or facilitate unauthorized access.
+
+By appropriately classifying information related to access facilitation, organizations can better protect their systems from unauthorized access while still disseminating necessary security information effectively.

Corpus/ISMS/Data classification/FIRST TLP labeled document examples hospital.md

@@ -0,0 +1,34 @@
+ChatGPT prompt, requested 6 januari 2025:
+`The FIRST TLP standard recognizes 4 labels, RED, AMBER, GREEN and CLEAR. For each label, give typical examples of the kinds of documents in a hospital 
+
+In a hospital setting, managing information sensitivity is crucial for maintaining patient confidentiality and operational integrity. Here's how the Traffic Light Protocol (TLP) might be applied:
+
+1. **TLP:RED**
+   - **Examples of Documents:**
+     - Detailed patient medical records containing sensitive personal health information.
+     - Incident reports related to severe patient safety issues or medical errors under investigation.
+     - Legal documents concerning ongoing malpractice litigation or sensitive negotiations.
+     - Emergency response plans or security protocols related to current high-risk situations.
+
+2. **TLP:AMBER**
+   - **Examples of Documents:**
+     - Internal audit reports assessing compliance with healthcare regulations like HIPAA.
+     - Strategic planning documents for upcoming service expansions or new medical programs.
+     - Internal memos detailing sensitive operational changes or staffing adjustments.
+     - Clinical trial results or research findings not yet published or publicly disclosed.
+
+3. **TLP:GREEN**
+   - **Examples of Documents:**
+     - Internal newsletters updating staff on non-sensitive policy changes or hospital initiatives.
+     - Training manuals for medical and administrative staff intended for internal distribution.
+     - Non-confidential aggregate data reports used for internal performance tracking or quality improvement.
+     - Educational materials for staff that might also be available for partner healthcare organizations under certain conditions.
+
+4. **TLP:CLEAR**
+   - **Examples of Documents:**
+     - Public health announcements or educational brochures available to patients and the public.
+     - Press releases about hospital achievements, new programs, or community events.
+     - General policy documents that are applicable and accessible to patients, such as visiting hours or parking information.
+     - Community engagement materials promoting health and wellness initiatives.
+
+These examples illustrate how a hospital can employ the TLP labeling system to appropriately safeguard sensitive information while facilitating necessary information sharing within and outside the organization.

Corpus/ISMS/Data classification/FIRST TLP labeled document examples national government.md

@@ -0,0 +1,32 @@
+ChatGPT prompt, requested 8 januari 2025:
+`The FIRST TLP standard recognizes 4 labels, RED, AMBER, GREEN and CLEAR. For each label, give typical examples of the kinds of documents in a national government organization
+
+### The FIRST TLP standard recognizes 4 labels, RED, AMBER, GREEN and CLEAR. For each label, give typical examples of the kinds of documents in a national government organization
+
+The FIRST Traffic Light Protocol (TLP) is used to facilitate greater sharing of information by indicating how sensitive information can be shared with others. Here are examples of documents for each label within a national government organization:
+
+1. **TLP:RED**
+   - Internal security breach reports that contain details of vulnerabilities in critical infrastructure.
+   - Discussions about ongoing covert operations or intelligence-gathering activities.
+   - Sensitive personnel files or internal investigations involving high-level officials.
+   - Drafts of international negotiation strategies or policies not yet finalized.
+
+2. **TLP:AMBER**
+   - Reports on potential threats or vulnerabilities identified in public systems or services.
+   - Situational updates on significant national security events that require coordination among specific agencies.
+   - Internal guidelines or procedures that affect multiple departments, but which are not publicly known.
+   - Inter-agency memos outlining preliminary assessments of security risks.
+
+3. **TLP:GREEN**
+   - General security awareness materials intended for public sector employees.
+   - Summaries of non-sensitive elements of public policy that require feedback from stakeholders.
+   - Internal training documents on best practices for cybersecurity.
+   - Notices on changes in protocol that affect government contractors.
+
+4. **TLP:CLEAR**
+   - Public press releases about government initiatives or newly passed legislation.
+   - Official statistical reports or economic forecasts available to the public.
+   - Public safety announcements or general tips for community readiness.
+   - Educational materials designed for broad public distribution on topics such as cyber hygiene.
+
+Each of these labels helps ensure that sensitive information is appropriately protected while allowing for necessary dissemination and collaboration within and across government entities and the broader public.

Corpus/ISMS/Data classification/Traffic Light Protocol TLP.md

@@ -0,0 +1,36 @@
+# About the Traffic Lights Protocol for labeling information 
+or: the FIRST TLP protocol
+
+[FIRST website](https://www.first.org/tlp/)
+
+TLP provides a simple and intuitive schema for indicating when and how sensitive information can be shared, facilitating more frequent and effective collaboration. It employs four colors to indicate expected sharing boundaries to be applied by the recipient(s). ([source](https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage))
+
+![](../../Information%20Security/Risks/TLP_Impact_matrix_NL.xlsx)
+
+
+[Examples of TLP document classification for different industries](Examples%20of%20TLP%20document%20classification%20for%20different%20industries.md)
+[Examples of measures for different TLP classifications](Examples%20of%20measures%20for%20different%20TLP%20classifications.md)
+[Voorbeelden van maatregelen bij verschillende TLP classificaties](Voorbeelden%20van%20maatregelen%20bij%20verschillende%20TLP%20classificaties.md)
+
+[Dataclassificatie volgens TLP](../../Standards/ISO27x/Implementation%20Products/Dataclassificatie%20volgens%20TLP.md)
+
+
+
+
+## Access Levels
+
+*ChatGPT, 14 februari 2025* 
+*Prompt: The FIRST.ORG TLP defines 4 levels of access to information. Describe each level in terms of individuals or groups to which access should be limited*
+
+**Answer**
+The Forum of Incident Response and Security Teams (FIRST) Traffic Light Protocol (TLP) defines four levels of access to information, each designed to facilitate secure and responsible sharing of sensitive information. Here's a description of each level:
+
+1. **TLP:RED** - This level indicates that the information is highly sensitive and should be shared only with specific individuals who are directly involved in making decisions or taking actions in an incident response. The access is strictly limited to the people present at the meeting or explicitly named recipients. This level ensures that the information is not shared beyond this restricted group.
+
+2. **TLP:AMBER** - Information classified under TLP:AMBER can be shared with individuals within a particular organization or group who need to know in order to mitigate risks. This level of access is typically restricted to a limited number of stakeholders within the organization and may include external parties if they are directly involved in the response or resolution.
+
+3. **TLP:GREEN** - This level allows the information to be shared with peers and partner organizations within the broader community but not publicly. It is intended to encourage collaboration and information exchange while maintaining a level of confidentiality that prevents public distribution.
+
+4. **TLP:CLEAR** (or formerly TLP:WHITE) - Information categorized under this level can be shared freely with the public. There are no restrictions on distribution, and the information can be shared with anyone, including the general public. This level is used for information that poses no direct security threat if widely disseminated.
+
+These levels facilitate appropriate information sharing while protecting sensitive data and ensuring that it is accessed only by those who need it to effectively respond to security incidents.

Corpus/ISMS/Data classification/Voorbeelden van maatregelen bij verschillende TLP classificaties.md

@@ -0,0 +1,70 @@
+# Voorbeelden van maatregelen bij verschillende TLP classificaties
+
+**TLP: CLEAR**
+* Geen maatregelen
+* Geen beperking op het gebruik van Al tools
+* Documenten worden gelabeld met TLP:CLEAR
+
+**TLP: GREEN**
+* Toegang beperkt tot[^1] :
+	* de eigen organisatie
+	* geautoriseerde externe partijen
+	* met gebruik van MFA
+* SharePoint/Teams/OneDrive:
+	* plaatsing in mappen die intern breed toegankelijk zijn is toegestaan
+	* delen alleen met geautoriseerde externe partijen
+	* plaatsing op je persoonlijke OneDrive is toegestaan
+* Cloud services en samenwerkingstools:
+	* Gebruik alleen door de organisatie goedgekeurde / beheerde oplossingen
+* Mailen en verzenden:
+	* aanvullende maatregelen niet nodig (zoals versleutelde mail of beveiligde verbindingen)
+* Gebruik van Co-pilot is toegestaan
+* Devices en locaties: 
+	* opslag en toegang alleen via managed devices
+	* devices niet onbeheerd achterlaten
+	* afdrukken alleen op goedgekeurde/beveiligde printers
+	* fysieke documenten alleen bewaren op goedgekeurde locaties
+* Documenten worden gelabeld met TLP:GREEN
+
+**TLP: AMBER (+STRICT)**
+*Alle maatregelen/beperkingen van TLP:GREEN, plus:*
+
+* Toegang beperkt tot:
+	* specifieke teams en afdelingen binnen de eigen organisatie
+	* specifieke geautoriseerde personen van externe partijen, onder een getekende NDA
+* SharePoint/Teams/OneDrive:
+	* alleen plaatsen in mappen die intern beperkt toegankelijk zijn
+	* alleen specifieke externe personen mogen toegang krijgen
+	* plaatsing op je persoonlijke OneDrive is *niet* toegestaan
+* Cloud services en samenwerkingstools:
+	* Gebruik alleen door de organisatie beheerde oplossingen (benoemen)
+	* Gebruik alleen services met strenge beveiliging (zoals DigiD of Bank-tokens)
+* Mailen en verzenden:
+	* alleen via beveiligde verbindingen, in versleutelde vorm of via een 'veilig mailen' oplossing (zoals Zivver)
+	* gegevensoverdracht wordt gemonitord op afwijkende patronen
+* Gebruik van Co-pilot is *niet* toegestaan
+* Documenten worden gelabeld met TLP:AMBER
+
+**TLP: RED**
+*Alle maatregelen/beperkingen van TLP:AMBER, plus:*
+
+* Toegang beperkt tot:
+	* specifieke personen binnen de eigen organisatie
+* SharePoint/Teams/OneDrive:
+	* alleen plaatsen in mappen die toegankelijk zijn voor specifieke medewerkers 
+	* externe personen mogen *geen* toegang krijgen
+	* plaatsing op je persoonlijke OneDrive is *niet* toegestaan
+* Volledige monitoring van gegevensoverdracht: controle en logging van al het dataverkeer.
+* Cloud services en samenwerkingstools:
+	* gebruik is beperkt tot ... 
+* Mailen en verzenden:
+	* Niet toegestaan
+	* Volledige en gedetailleerde logging van alle activiteiten
+- Devices en locaties: 
+	* geen toegang met mobiele telefoons
+	* afdrukken niet toegestaan
+	* fysieke documenten worden bewaard op afgesloten locaties met beperkte toegang (benoemen)
+* Documenten worden gelabeld met TLP:RED
+
+
+[^1]: Controls [5.19](../../Standards/ISO27x/OST/27002/NL/a-5.19-Informatiebeveiliging-in-leveranciersrelaties.md), [[ISO_27002_2022_NL_BT 6.6 Vertrouwelijkheids- of geheimhoudingsovereenkomsten|6.6]], [[ISO_27002_2022_NL_BT 7.2 Fysieke toegangsbeveiliging                                                     |7.2]]