Interdependencies between essential and important entities
ENISA Interdependencies Indicators Tool
NIST Cybersecurity Framework Description | EXAMPLE OF IMPLEMENTATION |
---|---|
Governance and risk management processes address cybersecurity risks
The policies, procedures, and processes to manage and monitor the organisation’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk. |
An efficient governance and risk management will increase decision making and enhance RTO |
Recovery strategies are updated
Recovery planning and processes are improved by incorporating lessons learned into future activities. |
Documentation allow to improve the recovery time for similiar incident in the future |
Recovery plan is executed during or after an event
Recovery processes and procedures are executed and maintained to ensure restoration of systems or assets affected by cybersecurity incidents. |
According to the impact of the incident , a recovery plan is launched during or after containment |
Recovery activities are communicated to internal stakeholders and executive and management teams
Restoration activities are coordinated with internal and external parties (e.g. coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors). |
Communication is key in the recovery process |
Recovery plans incorporate lessons learned
Restoration activities are coordinated with internal and external parties (e.g. coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors). |
Lessons learned aim at improving response time for such resilience in the future |