Interdependencies between essential and important entities

  1. Home
  2. Topics
  3. Cybersecurity Policy
  4. NIS Directive
  5. Interdependencies between essential and important entities

ENISA Interdependencies Indicators Tool

Interdependency indicator -
Category
RELIABILITY, DEPENDABILITY, RESILIENCE
Description
Recovery Time Objective (RTO) after an incident in the offered service
Number of Controls
2 Cooperation Group
14 ISO IEC 27002
5 NIST Cybersecurity Framework
3 Cobit5
Mappings to: Cooperation Group (2) ISO IEC 27002 (14) NIST Cybersecurity Framework (5) Cobit5 (3)
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
Governance and risk management processes address cybersecurity risks
Function:
IDIdentify
Category:
ID.GVGovernance
Subcategory:
ID.GV-4Governance and risk management processes address cybersecurity risks
Informative references
 COBIT 5 EDM03.02, APO12.02, APO12.05, DSS04.02
ISA 62443-2-1:2009 4.2.3.1, 4.2.3.3, 4.2.3.8, 4.2.3.9, 4.2.3.11, 4.3.2.4.3, 4.3.2.6.3
ISO/IEC 27001:2013 Clause 6
NIST SP 800-53 Rev. 4 SA-2, PM-3, PM-7, PM-9, PM-10, PM-11

The policies, procedures, and processes to manage and monitor the organisation’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.

 An efficient governance and risk management will increase decision making and enhance RTO
Recovery strategies are updated
Function:
RCRecover
Category:
RC.IMImprovements
Subcategory:
RC.IM-2Recovery strategies are updated
Informative references
 COBIT 5 APO12.06, BAI07.08
ISO/IEC 27001:2013 A.16.1.6, Clause 10
NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8

Recovery planning and processes are improved by incorporating lessons learned into future activities.

 Documentation allow to improve the recovery time for similiar incident in the future
Recovery plan is executed during or after an event
Function:
RCRecover
Category:
RC.RPRecovery Planning
Subcategory:
RC.RP-1Recovery plan is executed during or after an event
Informative references
 CIS CSC 10
COBIT 5 APO12.06, DSS02.05, DSS03.04
ISO/IEC 27001:2013 A.16.1.5
NIST SP 800-53 Rev. 4 CP-10, IR-4, IR-8

Recovery processes and procedures are executed and maintained to ensure restoration of systems or assets affected by cybersecurity incidents.

 According to the impact of the incident , a recovery plan is launched during or after containment
Recovery activities are communicated to internal stakeholders and executive and management teams
Function:
RCRecover
Category:
RC.COCommunications
Subcategory:
RC.CO-3Recovery activities are communicated to internal stakeholders and executive and management teams
Informative references
 COBIT 5 APO12.06
ISO/IEC 27001:2013 Clause 7.4
NIST SP 800-53 Rev. 4 CP-2, IR-4

Restoration activities are coordinated with internal and external parties (e.g. coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors).

 Communication is key in the recovery process
Recovery plans incorporate lessons learned
Function:
RCRecover
Category:
RC.COCommunications
Subcategory:
RC.CO-1Recovery plans incorporate lessons learned
Informative references
 COBIT 5 EDM03.02
ISO/IEC 27001:2013 A.6.1.4, Clause 7.4

Restoration activities are coordinated with internal and external parties (e.g. coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors).

 Lessons learned aim at improving response time for such resilience in the future

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies