Interdependency indicator -
ISO IEC 27002 control name EXAMPLE OF IMPLEMENTATION
Learning from information security incidents
Control ID:
16.1.6
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Knowledge gained from analysing and resolving information security incidents should be used to reduce the likelihood or impact of future incidents.

Review time needed to resume "normal security level" per incident. Calculate the impact based on the time the organisation lost service capabilities. Focus on activities related with the legitimate collection of evidence.
Collection of evidence
Control ID:
16.1.7
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

The organisation should define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence.

Review time needed to resume "normal security level" per incident. Calculate the impact based on the time the organisation lost service capabilities. Focus on activities related with the legitimate collection of evidence.
Assessment of and decision on information secuirty events
Control ID:
16.1.4
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Information security events should be assessed and it should be decided if they are to be classified as information security incidents.

Measure the impact of a NIS incident on availability of service capabilities based on the agreed information security event and incident classification scale.
Response to information security incidents
Control ID:
16.1.5
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Information security incidents should be responded to in accordance with the documented procedures.

Review time needed to resume "normal security level" per incident. Calculate the impact based on the time the organisation lost service capabilities.
Reporting information security events
Control ID:
16.1.2
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Information security events should be reported through appropriate management channels as quickly as possible.

Review past security incident reports, to assess the impact of service capabilities for an interdependent service.
Reporting information security weaknesses
Control ID:
16.1.3
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Employees and contractors using the organisation’s information systems and services should be required to note and report any observed or suspected information security weaknesses in systems or services.

Review reports on information security weaknesses, to assess the impact of service capabilities for an interdependent service.
Responsibilites and procedures
Control ID:
16.1.1
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Management responsibilities and procedures should be established to ensure a quick, effective and orderly response to information security incidents.

Measure the impact of a NIS incident on availability of service capabilities based on the relevant procedure.
Availability of information processing facilities
Control ID:
17.2.1
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.2Redundancies

Information processing facilities should be implemented with redundancy sufficient to meet availability requirements.

Review redundancy architecture, systems and tests. Calculate the loss of Service capabilities in terms of time and performance level while implementing these alternative solutions.
Verify, review and evaluate information security continuity
Control ID:
17.1.3
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.1Information security continuity

The organisation should verify the established and implemented information security continuity controls at regular intervals in order to ensure that they are valid and effective during adverse situations.

Review information continuity tests and measure the amount of time needed for the organisation to restore its service capabilities per scenario tested.
Implementing information security continuity
Control ID:
17.1.2
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.1Information security continuity

The organisation should establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation.

Measure the complete (from beginning to end) period of time, the organisation will require to restore the business operations to an acceptable level, in case of a disruptive NIS incident based on the procedures of the organisation.
Planning information security continuity
Control ID:
17.1.1
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.1Information security continuity

The organisation should determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster.

Review the Recovery Time Objective per service.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information