Interdependencies between essential and important entities

  1. Home
  2. Topics
  3. Cybersecurity Policy
  4. NIS Directive
  5. Interdependencies between essential and important entities

ENISA Interdependencies Indicators Tool

Interdependency indicator -
Category
RELIABILITY, DEPENDABILITY, RESILIENCE
Description
Loss of service capabilities (e.g. reduced services, fail-safe services, etc.)
Number of Controls
1 Cooperation Group
11 ISO IEC 27002
6 NIST Cybersecurity Framework
4 Cobit5
Mappings to: Cooperation Group (1) ISO IEC 27002 (11) NIST Cybersecurity Framework (6) Cobit5 (4)
Cobit5 Process Description EXAMPLE OF IMPLEMENTATION
Manage Availability and Capacity
Cobit5 Goal ID:
E-07
Cobit5 Process ID:
BAI04
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Customer
Sample Metrics:
• Number of customer service interruptions causing significant incidents
• Business cost of incidents
• Number of business processing hours lost due to unplanned service interruptions
• Percent of complaints as a function of committed service availability targets
 Count the number business processing hours lost due to unplanned interruptions.
Manage Risk
Cobit5 Goal ID:
IT-04
Cobit5 Process ID:
APO12
Domain:
IT Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Percent of critical business processes, IT services and IT-enabled business programmes covered by
risk assessment
• Number of significant IT-related incidents that were not identified in risk assessment
• Percent of enterprise risk assessments including IT-related risk
• Frequency of update of risk profile
 Count the number of incidents that led to a loss of service capabilities and were not identified in the risk assessment report.
Manage Risk
Cobit5 Goal ID:
E-03
Cobit5 Process ID:
APO12
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Percent of critical business objectives and services covered by risk assessment
• Ratio of significant incidents that were not identified in risk assessments vs. total incidents
• Frequency of update of risk profile
 Review the risk assessment report and count the number of risks that may have an impact on the availability of service capabilities.
Ensure Resource Optimisation
Cobit5 Goal ID:
E-10
Cobit5 Process ID:
EDM04
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Customer
Sample Metrics:
• Frequency of service delivery cost optimisation assessments
• Trend of cost assessment vs. service level results
• Satisfaction levels of board and executive management with service delivery costs
 Review the assessment reports for the performance in terms of service capabilities. Count the cases where the performance has deviated from the acceptable related baseline. Cross reference this number to the number of information security incidents.

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies