The Traffic Light Protocol (TLP)
BtCIRT uses Traffic Light Protocol (TLP) for information classification.
What is TLP?
The Traffic Light Protocol (TLP) was created to encourage greater sharing of sensitive information. It is designed to improve the flow of information between individuals, organizations or communities in a controlled and trusted way.
Information classification according TLP in BtCIRT
| TLP: | Distribution principle | Mapping with the business category | Description | Examples |
|---|---|---|---|---|
| RED | (1-to-1, strictly limited) | Confidential information | Sensitive information disclosure of which can harm BtCIRT or its external parties’ reputation, operations, or includes personal BtCIRT team members or external parties’ data and information which is treated as confidential information in BtCIRT agreements | Passwords, personal data as a personal identification number |
| AMBER | (1-to-group, limited) | Internal information | Incidents information and all other information which is not treated as a public or confidential | Software security vulnerability, security incident information, system logs, DDOS and other kind of attacks associated to cybersecurity area, information about identified (acting) botnet networks, press releases before announcement |
| GREEN | (1-to-many, limited)(information security community or special interest groups) | Public information | Information which was disclosed publicly in accordance with internal BtCIRT procedures or related agreements with external parties | Information widely available in the public domain, including publicly available BtCIRT web site areas, general information about incidents (statistic), list of malicious URLs that are serving malware, BtCIRT contact information, press releases after announcement |
| WHITE | (1-to-many, unlimited)(no restrictions, public) |