Interdependencies between essential and important entities

  1. Home
  2. Topics
  3. Cybersecurity Policy
  4. NIS Directive
  5. Interdependencies between essential and important entities

ENISA Interdependencies Indicators Tool

Interdependency indicator -
Category
IMPACT
Description
Environmental impact
Number of Controls
1 Cooperation Group
2 ISO IEC 27002
1 NIST Cybersecurity Framework
4 Cobit5
Mappings to: Cooperation Group (1) ISO IEC 27002 (2) NIST Cybersecurity Framework (1) Cobit5 (4)
Cobit5 Process Description EXAMPLE OF IMPLEMENTATION
Manage Operations
Cobit5 Goal ID:
IT-04
Cobit5 Process ID:
DSS01
Domain:
IT Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Percent of critical business processes, IT services and IT-enabled business programmes covered by
risk assessment
• Number of significant IT-related incidents that were not identified in risk assessment
• Percent of enterprise risk assessments including IT-related risk
• Frequency of update of risk profile
 Measure the number of measures maintained for the protection against environmental factors. Assess the impact to the environment from a possible incident to these controls.
Monitor, Evaluate and Assess Compliance with External Requirement
Cobit5 Goal ID:
E-04
Cobit5 Process ID:
MEA03
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Cost of regulatory non-compliance, including settlements and fines
• Number of regulatory non-compliance issues causing public comment or negative publicity
• Number of regulatory non-compliance issues relating to contractual agreements with
business partners
 Review incident and other reports relating to the near failure or the failure to fulfil and external law or regulation regarding the protection of the environment. Calculate the percentage of these cases to the total number of documented cases.
Manage Programmes and Projects
Cobit5 Goal ID:
IT-06
Cobit5 Process ID:
BAI01
Domain:
IT Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Percent of investment business cases with clearly defined and approved expected IT-related costs
and benefits
• Percent of IT services with clearly defined and approved operational costs and expected benefits
• Satisfaction survey of key stakeholders regarding the level of transparency, understanding and
accuracy of IT financial information
 Review the business cases and count the programmes that have identified an environmental benefit from the implementation.
Manage Risk
Cobit5 Goal ID:
E-03
Cobit5 Process ID:
APO12
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Percent of critical business objectives and services covered by risk assessment
• Ratio of significant incidents that were not identified in risk assessments vs. total incidents
• Frequency of update of risk profile
 Review the risk profile containing an inventory of known risks and risk attributes and other information regarding risk. Identify those risks that may have an impact on the environment. Count the percentage of these risks to the total risks.

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies