Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Classification level IV (RESTRICTED)
1. Classified Information has to be handled in Security Areas and outside of them in a way, which prevents unauthorized access to Classified Information (see F-04 and I-18).
2. Handling of information is possible inside the perimeter of a Security Area approved by a competent authority (see F-04) and outside Security Areas when procedures approved by competent authority are used (see I-18).
3. Storage of information is possible inside the perimeter of a Security Area approved by a competent authority (see F-04) and outside Security Areas when procedures approved by competent authority are used (see I-18).
4. Data pools containing information belonging to classification level IV (RESTRICTED) and information systems used to process this information have to be placed inside the perimeter of a Security Area approved by a competent authority (see F-04).
Classification levels III (CONFIDENTIAL) and II (SECRET): in addition to points 1 and 2 above:
5. Storage of information is possible inside the perimeter of a Secured Area approved by a competent authority (see F-04). Note exceptions valid only for national information in point 6 and for remote use in I-18.
6. Only for national classification level III information, the storage of information in electronic format is possible outside the perimeter of a Secured Area using a terminal device approved for the respective level and taking into account that a) information has been protected using an encryption solution approved for the respective classification level by a competent authority (see I-12), and b) information security of the terminal device has been taken care of, paying
special attention to the sufficient confidentiality and integrity using a method approved by a competent authority (see F-04). Note remote working in I-18.
Classification level IV (RESTRICTED)
1. Classified Information has to be handled in Security Areas and outside of them in a way, which prevents unauthorized access to Classified Information (see F-04 and I-18).
2. Handling of information is possible inside the perimeter of a Security Area approved by a competent authority (see F-04) and outside Security Areas when procedures approved by competent authority are used (see I-18).
3. Storage of information is possible inside the perimeter of a Security Area approved by a competent authority (see F-04) and outside Security Areas when procedures approved by competent authority are used (see I-18).
4. Data pools containing information belonging to classification level IV (RESTRICTED) and information systems used to process this information have to be placed inside the perimeter of a Security Area approved by a competent authority (see F-04).
Classification levels III (CONFIDENTIAL) and II (SECRET): in addition to points 1 and 2 above:
5. Storage of information is possible inside the perimeter of a Secured Area approved by a competent authority (see F-04). Note exceptions valid only for national information in point 6 and for remote use in I-18.
6. Only for national classification level III information, the storage of information in electronic format is possible outside the perimeter of a Secured Area using a terminal device approved for the respective level and taking into account that a) information has been protected using an encryption solution approved for the respective classification level by a competent authority (see I-12), and b) information security of the terminal device has been taken care of, paying
special attention to the sufficient confidentiality and integrity using a method approved by a competent authority (see F-04). Note remote working in I-18.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
