BS ISO/IEC 27010:2015 pdf download-Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications.
8.4.4 Information sensitivity reduction Control The originator of an information exchange should indicate if the sensitivity of the information supplied will reduce after some external event, or the passage of time. Implementation guidance Even if the sensitivity of supplied information reduces with time, it may still need protection. Classification guidelines (see 8.2.1) may need to include defaults for sensitivity reduction. 8.4.5 Anonymous source protection Control A community member should remove any source identification information in any communication it originates or receives where anonymity is requested. Implementation guidance The originator of information is responsible for obtaining approval from the source (if different) before communicating the information to other members of the information sharing community. The originator should also ask the source if it can be identified as the original provider of the information. It is important that the source protection process looks at message content as well as message origin, because analysis of the content may reveal the identity of the source. Where possible, the originator of the message should ask the source to review the anonymized information and the list of intended recipients before it is distributed. EXAMPLE A message such as “our ATMs were disabled today by a new virus that was not detected by our firewall but was detected by our policy server” could reveal the source if only one bank suffered public service disruption on the day in question. There are technical mechanisms that can be used to provide authenticity without compromising anonymity. For example, shared cryptographic secrets could be used to confirm that a communication originated from a member of the community without revealing the actual identity of the originator.
8.4.6 Anonymous recipient protection Control With the approval of the originator, members of a community should be able to receive communications without revealing their own identities. Implementation guidance Anonymous receipt can be implemented by both technical means (e.g. cryptography) and procedural means (e.g. routing through a supporting entity). Care must be taken to ensure anonymity does not breach legal constraints or reduce the overall level of trust within the community.