If you’re doing things in a group, instead of alone, useful subsets of this framework could be the standard OPSEC process and controls for classified information. There’s some pretty big Chesterton’s Fences around them.
The OPSEC process is meant specifically for when you’re planning a specific activity, the value to the adversary of information about your plans will diminish rapidly as you conclude that specific activity, but any hint as to your plans might be detrimental. So, it’s more of a set of guidelines than a specific policy or procedure, and encourages thinking about how many decibels of probability you’re allowing access to.
Controls for classified is meant for information that will be harmful even after the conclusion of a specific activity. It’s the converse of the OPSEC process: A large collection of highly detailed policies and procedures for marking and protecting information. It’s certainly a bit heavyweight for independent research groups smaller than the Manhattan Project, but some principles could apply; like a central classification authority to reduce the cognitive load of marking your products, and uniform procedures for handling products with each level of marking.
If you’re doing things in a group, instead of alone, useful subsets of this framework could be the standard OPSEC process and controls for classified information. There’s some pretty big Chesterton’s Fences around them.
The OPSEC process is meant specifically for when you’re planning a specific activity, the value to the adversary of information about your plans will diminish rapidly as you conclude that specific activity, but any hint as to your plans might be detrimental. So, it’s more of a set of guidelines than a specific policy or procedure, and encourages thinking about how many decibels of probability you’re allowing access to.
Controls for classified is meant for information that will be harmful even after the conclusion of a specific activity. It’s the converse of the OPSEC process: A large collection of highly detailed policies and procedures for marking and protecting information. It’s certainly a bit heavyweight for independent research groups smaller than the Manhattan Project, but some principles could apply; like a central classification authority to reduce the cognitive load of marking your products, and uniform procedures for handling products with each level of marking.