Interdependencies between essential and important entities
ENISA Interdependencies Indicators Tool
NIST Cybersecurity Framework Description | EXAMPLE OF IMPLEMENTATION |
---|---|
A System Development Life Cycle to manage systems is implemented
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organisational entities), processes, and procedures are maintained and used to manage protection of information systems and assets. |
An SDLC implementation may lead to the identification and localisation of redundancy of services |
Organisational communication and data flows are mapped
The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy. |
Mapping data flow may lead to the identification and localisation of redundancy of services |
Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy. |
Classify resources according to their criticality and value will enable to localise redundancy of services |
A baseline configuration of information technology/industrial control systems is created and maintained
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organisational entities), processes, and procedures are maintained and used to manage protection of information systems and assets. |
A baseline configuration of IT may lead to the identification and localisation of redundancy of services |