Interdependencies between essential and important entities

  1. Home
  2. Topics
  3. Cybersecurity Policy
  4. NIS Directive
  5. Interdependencies between essential and important entities

ENISA Interdependencies Indicators Tool

Interdependency indicator -
Category
IMPACT
Description
Economic Impact
Number of Controls
2 Cooperation Group
5 ISO IEC 27002
4 NIST Cybersecurity Framework
7 Cobit5
Mappings to: Cooperation Group (2) ISO IEC 27002 (5) NIST Cybersecurity Framework (4) Cobit5 (7)
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
Physical and information security personnel understand roles & responsibilities
Function:
PRProtect
Category:
PR.ATAwareness and Training
Subcategory:
PR.AT-5Physical and information security personnel understand roles & responsibilities
Informative references
 CIS CSC 17
COBIT 5 APO07.03
ISA 62443-2-1:2009 4.3.2.4.2
ISO/IEC 27001:2013 A.6.1.1, A.7.2.2
NIST SP 800-53 Rev. 4 AT-3, IR-2, PM-13

The organisation’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements

 Physical and information security personnel not being able to understand roles and responsabilities may result in major incident leading to a severe economic impact
Impact of events is determined
Function:
DEDetect
Category:
DE.AEAnomalies and Events
Subcategory:
DE.AE-4Impact of events is determined
Informative references
 CIS CSC 4, 6
COBIT 5 APO12.06, DSS03.01
ISO/IEC 27001:2013 A.16.1.4
NIST SP 800-53 Rev. 4 CP-2, IR-4, RA-3, SI-4

Anomalous activity is detected and the potential impact of events is understood.

 The exercise of determining the impact of events is relevant in the sense that one of large effect may be economic
Protections against data leaks are implemented
Function:
PRProtect
Category:
PR.DSData Security
Subcategory:
PR.DS-5Protections against data leaks are implemented
Informative references
 CIS CSC 13
COBIT 5 APO01.06, DSS05.04, DSS05.07, DSS06.02
ISA 62443-3-3:2013 SR 5.2
ISO/IEC 27001:2013 A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.9.2.3, A.9.4.1, A.9.4.4, A.9.4.5, A.10.1.1, A.11.1.4,A.11.1.5, A.11.2.1, A.13.1.1, A.13.1.3, A.13.2.1, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3
NIST SP 800-53 Rev. 4 AC-4, AC-5, AC-6, PE-19, PS-3, PS-6, SC-7, SC-8, SC-13, SC-31, SI-4

Information and records (data) are managed consistent with the organisation’s risk strategy to protect the confidentiality, integrity, and availability of information

 No serious protection implementation against data leaks will more likely result in major incidents leading to an economic impact
Reputation after an event is repaired
Function:
RCRecover
Category:
RC.COCommunications
Subcategory:
RC.CO-2Reputation after an event is repaired
Informative references
 COBIT 5 MEA03.02
ISO/IEC 27001:2013 Clause 7.4

Restoration activities are coordinated with internal and external parties (e.g. coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors).

 Reputation damage is more likely to be translated in economic impact

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies