Interdependency indicator -
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
Physical and information security personnel understand roles & responsibilities
Function:
PRProtect
Category:
PR.ATAwareness and Training
Subcategory:
PR.AT-5Physical and information security personnel understand roles & responsibilities
Informative references
 CIS CSC 17
COBIT 5 APO07.03
ISA 62443-2-1:2009 4.3.2.4.2
ISO/IEC 27001:2013 A.6.1.1, A.7.2.2
NIST SP 800-53 Rev. 4 AT-3, IR-2, PM-13

The organisation’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements

Physical and information security personnel not being able to understand roles and responsabilities may result in major incident leading to a severe economic impact
Impact of events is determined
Function:
DEDetect
Category:
DE.AEAnomalies and Events
Subcategory:
DE.AE-4Impact of events is determined
Informative references
 CIS CSC 4, 6
COBIT 5 APO12.06, DSS03.01
ISO/IEC 27001:2013 A.16.1.4
NIST SP 800-53 Rev. 4 CP-2, IR-4, RA-3, SI-4

Anomalous activity is detected and the potential impact of events is understood.

The exercise of determining the impact of events is relevant in the sense that one of large effect may be economic
Protections against data leaks are implemented
Function:
PRProtect
Category:
PR.DSData Security
Subcategory:
PR.DS-5Protections against data leaks are implemented
Informative references
 CIS CSC 13
COBIT 5 APO01.06, DSS05.04, DSS05.07, DSS06.02
ISA 62443-3-3:2013 SR 5.2
ISO/IEC 27001:2013 A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.9.2.3, A.9.4.1, A.9.4.4, A.9.4.5, A.10.1.1, A.11.1.4,A.11.1.5, A.11.2.1, A.13.1.1, A.13.1.3, A.13.2.1, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3
NIST SP 800-53 Rev. 4 AC-4, AC-5, AC-6, PE-19, PS-3, PS-6, SC-7, SC-8, SC-13, SC-31, SI-4

Information and records (data) are managed consistent with the organisation’s risk strategy to protect the confidentiality, integrity, and availability of information

No serious protection implementation against data leaks will more likely result in major incidents leading to an economic impact
Reputation after an event is repaired
Function:
RCRecover
Category:
RC.COCommunications
Subcategory:
RC.CO-2Reputation after an event is repaired
Informative references
 COBIT 5 MEA03.02
ISO/IEC 27001:2013 Clause 7.4

Restoration activities are coordinated with internal and external parties (e.g. coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors).

Reputation damage is more likely to be translated in economic impact

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information