Interdependencies between essential and important entities

  1. Home
  2. Topics
  3. Cybersecurity Policy
  4. NIS Directive
  5. Interdependencies between essential and important entities

ENISA Interdependencies Indicators Tool

Interdependency indicator -
Category
RELIABILITY, DEPENDABILITY, RESILIENCE
Description
Resilience (e.g. failure recovery processes, crisis management processes, etc.)
Number of Controls
1 Cooperation Group
12 ISO IEC 27002
4 NIST Cybersecurity Framework
2 Cobit5
Mappings to: Cooperation Group (1) ISO IEC 27002 (12) NIST Cybersecurity Framework (4) Cobit5 (2)
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
Newly identified vulnerabilities are mitigated or documented as accepted risks
Function:
RSRespond
Category:
RS.MIMitigation
Subcategory:
RS.MI-3Newly identified vulnerabilities are mitigated or documented as accepted risks
Informative references
CIS CSC 4
COBIT 5 APO12.06
ISO/IEC 27001:2013 A.12.6.1
NIST SP 800-53 Rev. 4 CA-7, RA-3, RA-5

Activities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident.

 Identified vulnerabilities are documented in order to improve response time for such resilience in the future
Recovery plans incorporate lessons learned
Function:
RCRecover
Category:
RC.IMImprovements
Subcategory:
RC.IM-1Recovery plans incorporate lessons learned
Informative references
 COBIT 5 APO12.06, BAI05.07, DSS04.08
ISA 62443-2-1:2009 4.4.3.4
ISO/IEC 27001:2013 A.16.1.6, Clause 10
NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8

Recovery planning and processes are improved by incorporating lessons learned into future activities.

 Lessons learned aim at improving response time for such resilience in the future
Software platforms and applications within the organisation are inventoried
Function:
IDIdentify
Category:
ID.AMAsset Management
Subcategory:
ID.AM-2Software platforms and applications within the organisation are inventoried
Informative references
CIS CSC 2 
COBIT 5 BAI09.01, BAI09.02, BAI09.05 
ISA 62443-2-1:2009 4.2.3.4 
ISA 62443-3-3:2013 SR 7.8 
ISO/IEC 27001:2013 A.8.1.1, A.8.1.2, A.12.5.1 
NIST SP 800-53 Rev. 4 CM-8, PM-5

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy.

 Inventory of systems and application provides with an enterprise architecture that helps to localize resilience areas
Vulnerability scans are performed
Function:
DEDetect
Category:
DE.CMSecurity Continuous Monitoring
Subcategory:
DE.CM-8Vulnerability scans are performed
Informative references
 CIS CSC 4, 20
COBIT 5 BAI03.10, DSS05.01
ISA 62443-2-1:2009 4.2.3.1, 4.2.3.7
ISO/IEC 27001:2013 A.12.6.1
NIST SP 800-53 Rev. 4 RA-5

The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.

 Identified vulnerabilities are documented in order to improve response time for such resilience in the future

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies