Interdependencies between essential and important entities

  1. Home
  2. Topics
  3. Cybersecurity Policy
  4. NIS Directive
  5. Interdependencies between essential and important entities

ENISA Interdependencies Indicators Tool

Interdependency indicator -
Category
IMPACT
Description
The number of serviced users (potentially affected by an incident)
Number of Controls
4 Cooperation Group
12 ISO IEC 27002
3 NIST Cybersecurity Framework
2 Cobit5
Mappings to: Cooperation Group (4) ISO IEC 27002 (12) NIST Cybersecurity Framework (3) Cobit5 (2)
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)
Function:
PRProtect
Category:
PR.IPInformation Protection Processes and Procedures
Subcategory:
PR.IP-11Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)
Informative references
 CIS CSC 5, 16
COBIT 5 APO07.01, APO07.02, APO07.03, APO07.04, APO07.05
ISA 62443-2-1:2009 4.3.3.2.1, 4.3.3.2.2, 4.3.3.2.3
ISO/IEC 27001:2013 A.7.1.1, A.7.1.2, A.7.2.1, A.7.2.2, A.7.2.3, A.7.3.1, A.8.1.4
NIST SP 800-53 Rev. 4 PS-1, PS-2, PS-3, PS-4, PS-5, PS-6, PS-7, PS-8, SA-21

Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organisational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

 The larger the number of users affected by an incident, more important it is to integrate cybersecurity in human ressources practices of a company
Privileged users understand roles & responsibilities
Function:
PRProtect
Category:
PR.ATAwareness and Training
Subcategory:
PR.AT-2Privileged users understand roles & responsibilities
Informative references
 CIS CSC 5, 17, 18
COBIT 5 APO07.02, DSS05.04, DSS06.03
ISA 62443-2-1:2009 4.3.2.4.2, 4.3.2.4.3
ISO/IEC 27001:2013 A.6.1.1, A.7.2.2
NIST SP 800-53 Rev. 4 AT-3, PM-13

The organisation’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements

 The number of users that understand roles and responsabilities is key in defining a solid cyber security strategy
All users are informed and trained
Function:
PRProtect
Category:
PR.ATAwareness and Training
Subcategory:
PR.AT-1All users are informed and trained
Informative references
 CIS CSC 17, 18
COBIT 5 APO07.03, BAI05.07
ISA 62443-2-1:2009 4.3.2.4.2
ISO/IEC 27001:2013 A.7.2.2, A.12.2.1
NIST SP 800-53 Rev. 4 AT-2, PM-13

The organisation’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements

 The number of users informed and trained reduce drastically the number of users likely to be affected by an incident

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies