Interdependencies between essential and important entities
ENISA Interdependencies Indicators Tool
NIST Cybersecurity Framework Description | EXAMPLE OF IMPLEMENTATION |
---|---|
External service provider activity is monitored to detect potential cybersecurity events
The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures. |
Monitoring and detection tools allow to quickly identify loss of service capabilities |
Response strategies are updated
Organisational response activities are improved by incorporating lessons learned from current and previous detection/response activities. |
Mitigation of incidents will reduce loss of service capabilities |
The impact of the incident is understood
Analysis is conducted to ensure effective response and support recovery activities. |
Understanding the impact of an incident in an holistic view will result in applying the right controls in order to reduce the loss of service capabilities |
Vulnerability scans are performed
The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures. |
Performing vulnerability scans enable to quickly identify loss of service capabilities |
Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy. |
Classify resources according to their criticality and value will enable to localise loss of service capabilities |
Incidents are contained
Activities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident. |
Incidents handling affects directly the loss of service capabilities |