Interdependencies between essential and important entities
ENISA Interdependencies Indicators Tool
| ISO IEC 27002 control name | EXAMPLE OF IMPLEMENTATION |
|---|---|
Controls against malware
Detection, prevention and recovery controls to protect against malware should be implemented, combined with appropriate user awareness. |
Measure the mean recovery time of a service after a malware incident, by reviewing relevant past incidents. |
Learning from information security incidents
Knowledge gained from analysing and resolving information security incidents should be used to reduce the likelihood or impact of future incidents. |
Measure the types, volumes and costs of information security incidents. |
Collection of evidence
The organisation should define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence. |
Calculate the amount of internal procedures dealing with evidence for the purposes of disciplinary and legal action. |
Assessment of and decision on information secuirty events
Information security events should be assessed and it should be decided if they are to be classified as information security incidents. |
Measure the number of recorded information security incidents against the recorded information security events. |
Response to information security incidents
Information security incidents should be responded to in accordance with the documented procedures. |
Measure the number of recorded information security events. |
Reporting information security events
Information security events should be reported through appropriate management channels as quickly as possible. |
Measure the percentage of people (employees and contractors) that are fully aware of their responsibility to report information security events as quickly as possible and of the relevant point of contact. |
Reporting information security weaknesses
Employees and contractors using the organisation’s information systems and services should be required to note and report any observed or suspected information security weaknesses in systems or services. |
Measure the amount of reported information security weaknesses. |
Responsibilites and procedures
Management responsibilities and procedures should be established to ensure a quick, effective and orderly response to information security incidents. |
Compare the number of staff roles identified within the procedures regarding incident management against international standards (e.g. Table 2 — Example IRT staff positions of ISO 27035). |
Availability of information processing facilities
Information processing facilities should be implemented with redundancy sufficient to meet availability requirements. |
Measure the degree of implementation of the redundancies planned for by the organisation. |
Verify, review and evaluate information security continuity
The organisation should verify the established and implemented information security continuity controls at regular intervals in order to ensure that they are valid and effective during adverse situations. |
Review the tests of the information security continuity plans and calculate the percentage of plans that had no pending issues or problems during testing. |
Implementing information security continuity
The organisation should establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation. |
Measure the degree of implementation of the information continuity plans of the organisation. |
Planning information security continuity
The organisation should determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster. |
Measure the number of risks covered by the organisation's information security continuity plans. |