Interdependency indicator -
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
All users are informed and trained
Function:
PRProtect
Category:
PR.ATAwareness and Training
Subcategory:
PR.AT-1All users are informed and trained
Informative references
 CIS CSC 17, 18
COBIT 5 APO07.03, BAI05.07
ISA 62443-2-1:2009 4.3.2.4.2
ISO/IEC 27001:2013 A.7.2.2, A.12.2.1
NIST SP 800-53 Rev. 4 AT-2, PM-13

The organisation’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements

The number of users informed and trained reduce drastically the number of users likely to be affected by an incident
Privileged users understand roles & responsibilities
Function:
PRProtect
Category:
PR.ATAwareness and Training
Subcategory:
PR.AT-2Privileged users understand roles & responsibilities
Informative references
 CIS CSC 5, 17, 18
COBIT 5 APO07.02, DSS05.04, DSS06.03
ISA 62443-2-1:2009 4.3.2.4.2, 4.3.2.4.3
ISO/IEC 27001:2013 A.6.1.1, A.7.2.2
NIST SP 800-53 Rev. 4 AT-3, PM-13

The organisation’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements

The number of users that understand roles and responsabilities is key in defining a solid cyber security strategy
Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)
Function:
PRProtect
Category:
PR.IPInformation Protection Processes and Procedures
Subcategory:
PR.IP-11Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)
Informative references
 CIS CSC 5, 16
COBIT 5 APO07.01, APO07.02, APO07.03, APO07.04, APO07.05
ISA 62443-2-1:2009 4.3.3.2.1, 4.3.3.2.2, 4.3.3.2.3
ISO/IEC 27001:2013 A.7.1.1, A.7.1.2, A.7.2.1, A.7.2.2, A.7.2.3, A.7.3.1, A.8.1.4
NIST SP 800-53 Rev. 4 PS-1, PS-2, PS-3, PS-4, PS-5, PS-6, PS-7, PS-8, SA-21

Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organisational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

The larger the number of users affected by an incident, more important it is to integrate cybersecurity in human ressources practices of a company

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information