BSi opens consultation on government-style information classification standard

BS 10010 will provide an information classification standard to sit alongside IT security policies

The British Standards Institution (BSI) has opened consultations into a proposed new British standard, BS 10010, which would help organisations to apply government-style classifications to information.

The consultation is set to run until 27 December 2016.

The standard will cover "requirements for the creation, implementation, evaluation and improvement of Information Classification, Marking and Handling (ICMH) systems. It specifies requirements for classifying information, including defining how it may be accessed by users, both inside and outside the organization that owns the information", according to the BSI.

The proposal was initiated two years ago by Dr Andrew Rogoyski, vice president of cyber security services at computer services company CGI UK.

The standard would feed into organisations' overall IT security postures.

"It's important to understand cyber security is not like 'normal' security. There is no single gatekeeper whose role is to keep our cyber systems safe. The responsibility belongs to everyone in an organisation - but it is down to those in leadership positions to stress the importance of cyber security to other employees and develop a strategy that is tailored to the risks of each organisation," claimed Rogoyski in a presentation to the civil service last year.

He continued: "A large part of avoiding cyber attacks comes down to awareness. Are you aware of how much information you're already sharing publicly and how this information can make you vulnerable? Are you aware of how your behaviour can impact the larger organisation?"

A standard such as BS 10010 would take security down to the lowliest member of staff, pitching it in terms of information, rather than IT.

The ultimate aim, though, is that software vendors will adapt their products to take information classification into account - not just in specialist software, but everyday software packages, such as word processors, collaboration tools and email.