You are here: Home Contents V11 N2 V11N2_Buszman.html
Personal tools

Sensitive and Classified Data Exchange and Handling in the EU: A Case Study

 

 

Full text
View
Purchase

Source
Journal of Information Systems Security
Volume 11, Number 2 (2015)
Pages 149168
ISSN 1551-0123 (Print)
ISSN 1551-0808 (Online)
Authors
Krystian Buszman — Polish Naval Academy, Gdynia, Poland
Karol Listewnik — Polish Naval Academy, Gdynia, Poland
Tomasz Sobczynski — Polish Naval Academy, Gdynia, Poland
Publisher
Information Institute Publishing, Washington DC, USA

 

 

Abstract

This article presents the subject of European Union Classified Information (EUCI) exchange and handling within the realization of international research and technology projects. The acts and definition covering the legal framework for security information system in the EU are described in the first part.
As a case study, the authors presented the SIRAMIS (Signature Response Analysis on Multi Influences Mines) European Defence Agency project, during which a wide range of the membership countries are required to create one common database for the exchange of information between each other. Post processed data unification should be based not only on common algorithms approved by all participants, but also strict rules for classified and sensitive information must be ensured.
Furthermore, rules for personal security, facility security, risk level valuation and implementation of organizational matters are presented in this article, together with the physical security measures applied. All information was obtained from the data and dissemination process from the SIRAMIS research and the technology project progression.

 

 

Keywords

Classified Information, Sensitive Information, Data Unification, Personal Security, Facility Security, Risk Assessment, Dissemination of EUCI, Physical Form of Classified Information Protection, Risk Assess and Analyse, Risk Level Valuation, Physical Security Measures

 

 

References

Karol Listewnik. 2014. Measurement of merchant ships underwater noise on the Gulf of Gdansk, Forum Acusticum, Kraków, September 7-12, 2014 - ISSN: 2221-3767

Rafal Józwiak, Ignacy Gloza, and Krystian Buszman. 2014. The One–Third–Octave spectrum as a method of vessel identification, Hydroacoustics. - Vol. 17 (2014), s. 63-68 - ISSN: 1642-1817

Andy Taylor, David Alexander, Amanda Finch, and David Sutton. 2008. Information Security Management Principles, the British Computer Society: Information Security Risk Assessment. Practices of Leading Organizations. Accounting and Information Management Division Executive, GAO Guide on Information Security Management, 1999.

The Treaty of Rome. 25 March 1957.

Directive 2009/81/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of procedures for the award of certain works contracts, supply contracts and service contracts by contracting authorities or entities in the fields of defence and security, and amending Directives 2004/17/EC and 2004/18/EC. DECISIONS COUNCIL DECISION of 31 March 2011 on the security rules for protecting EU classified information (2011/292/EU).

ISO/IEC TR 13335-1:1996 Information technology -- Guidelines for the management of IT Security -- Part 1: Concepts and models for IT Security (ISO 13335).

ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- Requirements

ISO/IEC 27002:2013 Information technology -- Security techniques -- Code of practice for information security controls.

ISO/IEC 27003:2010 Information technology -- Security techniques -- Information security management system implementation guidance

ISO/IEC 27004:2009 Information technology -- Security techniques -- Information security management – Measurement

ISO/IEC 27005:2011 Information technology -- Security techniques -- Information security risk management

BS EN 12209:2003 Building hardware. Locks and latches. Mechanically operated locks, latches and locking plates. Requirements and test methods.

BS EN 1627:2011 Pedestrian doorsets, windows, curtain walling, grilles and shutters. Burglar resistance. Requirements and classification.

BS EN 12320:2012 Building hardware. Padlocks and padlock fittings. Requirements and test methods.

BS EN 356:2000 Glass in building. Security glazing. Testing and classification of resistance against manual attack.

BS EN 1300:2013 Secure storage units. Classification for high security locks according to their resistance to unauthorized opening.

Andy Taylor, David Alexander, Amanda Finch, and David Sutton. Information Security. Management Principles, 2008, the British Computer Society:

Information Security Risk Assessment. Practices of Leading Organizations. Accounting and Information Management Division Executive, GAO Guide on Information Security Management, 1999.

http://www.eda.europa.eu/info-hub/data-protection.

https://www.enisa.europa.eu/activities/risk-management.

http://www.rosebt.com/uk-officials-put-classified-information-in-the-cloud.html.

http://www.nextgov.com/emerging-tech/emerging-tech-blog/2015/01/what-do-disas-new-cloud-security-requirements-mean-classified-information/103095/