Interdependencies between essential and important entities

  1. Home
  2. Topics
  3. Cybersecurity Policy
  4. NIS Directive
  5. Interdependencies between essential and important entities

ENISA Interdependencies Indicators Tool

Interdependency indicator -
Category
RELIABILITY, DEPENDABILITY, RESILIENCE
Description
Mean Downtime (MDT) after an incident in the offered service
Number of Controls
4 Cooperation Group
11 ISO IEC 27002
5 NIST Cybersecurity Framework
3 Cobit5
Mappings to: Cooperation Group (4) ISO IEC 27002 (11) NIST Cybersecurity Framework (5) Cobit5 (3)
Cobit5 Process Description EXAMPLE OF IMPLEMENTATION
Manage Continuity
Cobit5 Goal ID:
E-07
Cobit5 Process ID:
DSS04
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Customer
Sample Metrics:
• Number of customer service interruptions causing significant incidents
• Business cost of incidents
• Number of business processing hours lost due to unplanned service interruptions
• Percent of complaints as a function of committed service availability targets
 Review existing information security incident reports and calculate the mean amount of downtime per incident category per service.
Monitor, Evaluate and Assess Compliance with External Requirement
Cobit5 Goal ID:
E-04
Cobit5 Process ID:
MEA03
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Cost of regulatory non-compliance, including settlements and fines
• Number of regulatory non-compliance issues causing public comment or negative publicity
• Number of regulatory non-compliance issues relating to contractual agreements with
business partners
 Review legal, regulatory and contractual requirements. Estimate the allowed downtime per service.
Manage Operations
Cobit5 Goal ID:
E-03
Cobit5 Process ID:
DSS01
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Percent of critical business objectives and services covered by risk assessment
• Ratio of significant incidents that were not identified in risk assessments vs. total incidents
• Frequency of update of risk profile
 Review existing incident reports and relevant documentation. Calculate the mean amount of down time being caused by identified risks in comparison to those being caused by not identified ones.

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies