Interdependencies between essential and important entities
ENISA Interdependencies Indicators Tool
ISO IEC 27002 control name | EXAMPLE OF IMPLEMENTATION |
---|---|
Event logging
Event logs recording user activities, exceptions, faults and information security events should be produced, kept and regularly reviewed. |
Review the logs of relevant systems and measure the mean downlime (time period between system down to system up). |
Monitoring and review of supplier services
Organisations should regularly monitor, review and audit supplier service delivery. |
Review information on incidents received from the suppliers. Measure the downtime imposed on the organzations services from the supplier's incident per type of incident and service. |
Learning from information security incidents
Knowledge gained from analysing and resolving information security incidents should be used to reduce the likelihood or impact of future incidents. |
Measure the types, volumes and costs in terms of down time of information security incidents. |
Collection of evidence
The organisation should define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence. |
Review existing legislation regarding collection of evidence and measure the amount of time that the system needs to be availabel for the collection of evidence by the relevant authorities. |
Assessment of and decision on information secuirty events
Information security events should be assessed and it should be decided if they are to be classified as information security incidents. |
Review the documented information security incidents and measure the amount of time needed before reaching a decision per incident type and service. |
Response to information security incidents
Information security incidents should be responded to in accordance with the documented procedures. |
Review the documented information security incidents and measure the amount of time the service was dirupted per type of incident and service. |
Reporting information security events
Information security events should be reported through appropriate management channels as quickly as possible. |
Review documented information security incident reports and measure the mean downtime per service per type of incident. |
Reporting information security weaknesses
Employees and contractors using the organisation’s information systems and services should be required to note and report any observed or suspected information security weaknesses in systems or services. |
Review the documented information security weaknesses that are still unresolved and estimate the impact to the downtime per system from them. |
Responsibilites and procedures
Management responsibilities and procedures should be established to ensure a quick, effective and orderly response to information security incidents. |
Measure the estimated time for the implementation of the incident response procedures. |
Verify, review and evaluate information security continuity
The organisation should verify the established and implemented information security continuity controls at regular intervals in order to ensure that they are valid and effective during adverse situations. |
Review the information continuity test reports and extract the mean downtime achieved for scenario implemented per service. |
Planning information security continuity
The organisation should determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster. |
Review the information continuity plans and count the percentage of systems that have identified alternative paths of implementation. |