Interdependencies between essential and important entities
ENISA Interdependencies Indicators Tool
| ISO IEC 27002 control name | EXAMPLE OF IMPLEMENTATION |
|---|---|
Information backup
Backup copies of information, software and system images should be taken and tested regularly in accordance with an agreed backup policy. |
Measure the amount of time needed for the restoration of the backup sets per service. |
Controls against malware
Detection, prevention and recovery controls to protect against malware should be implemented, combined with appropriate user awareness. |
Measure the mean recovery time of a service after a malware incident, by reviewing relevant past incidents. |
Event logging
Event logs recording user activities, exceptions, faults and information security events should be produced, kept and regularly reviewed. |
Review the logs of relevant systems and measure the mean downlime (time period between system down to system up). |
Learning from information security incidents
Knowledge gained from analysing and resolving information security incidents should be used to reduce the likelihood or impact of future incidents. |
Review the changes that resulted from information security incidents and the impact of those changes on the recovery time objective. |
Collection of evidence
The organisation should define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence. |
Review existing legislation regarding collection of evidence and measure the amount of time that will be needed for the relevant processes. |
Assessment of and decision on information secuirty events
Information security events should be assessed and it should be decided if they are to be classified as information security incidents. |
Review past information security incident reports and measure time spent in reaching a decision regarding the classification of the event to incident. |
Response to information security incidents
Information security incidents should be responded to in accordance with the documented procedures. |
Review past information security incident reports and measure time spent for the response actions (collection of evidence, conducting forensics, logging, communicating etc). |
Reporting information security events
Information security events should be reported through appropriate management channels as quickly as possible. |
Review past information security incident reports and measure the impact in terms of time of different types of incidents. |
Reporting information security weaknesses
Employees and contractors using the organisation’s information systems and services should be required to note and report any observed or suspected information security weaknesses in systems or services. |
Review reported information security weaknesses that are still unresolved. Determine the impact of these weaknesses in the achievement of Recovery time objective per service. |
Responsibilites and procedures
Management responsibilities and procedures should be established to ensure a quick, effective and orderly response to information security incidents. |
Measure the amount of time needed in the various incident response procedures before reaching the point of resolution of the incident. |
Availability of information processing facilities
Information processing facilities should be implemented with redundancy sufficient to meet availability requirements. |
Measure the degree of implementation of the redundancies planned for by the organisation. |
Verify, review and evaluate information security continuity
The organisation should verify the established and implemented information security continuity controls at regular intervals in order to ensure that they are valid and effective during adverse situations. |
Review the tests reports of the information continuity plans and measure the achieved RTO per service. |
Implementing information security continuity
The organisation should establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation. |
Review the plans for information security continuity and measure the RTO. |
Planning information security continuity
The organisation should determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster. |
Review the plans for information security continuity and measure the RTO. |