Interdependencies between essential and important entities
ENISA Interdependencies Indicators Tool
NIST Cybersecurity Framework Description | EXAMPLE OF IMPLEMENTATION |
---|---|
Physical and information security personnel understand roles & responsibilities
The organisation’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements |
Physical and information security personnel not being able to understand roles and responsabilities may result in major incident leading to a severe economic impact |
Impact of events is determined
Anomalous activity is detected and the potential impact of events is understood. |
The exercise of determining the impact of events is relevant in the sense that one of large effect may be economic |
Protections against data leaks are implemented
Information and records (data) are managed consistent with the organisation’s risk strategy to protect the confidentiality, integrity, and availability of information |
No serious protection implementation against data leaks will more likely result in major incidents leading to an economic impact |
Reputation after an event is repaired
Restoration activities are coordinated with internal and external parties (e.g. coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors). |
Reputation damage is more likely to be translated in economic impact |