Interdependencies between essential and important entities
ENISA Interdependencies Indicators Tool
NIST Cybersecurity Framework Description | EXAMPLE OF IMPLEMENTATION |
---|---|
Unauthorized mobile code is detected
The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures. |
Unauthorized mobile code detection may be related to the criticality of services |
Impact of events is determined
Anomalous activity is detected and the potential impact of events is understood. |
The exercise of determining the impact of events is relevant in the sense that it gives a genuine idea of the criticality of services |
Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy. |
Classify resources according to their criticality and value will enable to localise critical services |
Vulnerability scans are performed
The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures. |
|
Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy. |
Identifying the entire workforce as well as third - party stakeholders and ensure that they understand their roles and responsabilities will reduce incidents leading to criticality of services |