Interdependency indicator -
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
Unauthorized mobile code is detected
Function:
DEDetect
Category:
DE.CMSecurity Continuous Monitoring
Subcategory:
DE.CM-5Unauthorized mobile code is detected
Informative references
 CIS CSC 7, 8
COBIT 5 DSS05.01
ISA 62443-3-3:2013 SR 2.4
ISO/IEC 27001:2013 A.12.5.1, A.12.6.2
NIST SP 800-53 Rev. 4 SC-18, SI-4, SC-44

The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.

Unauthorized mobile code detection may be related to the criticality of services
Impact of events is determined
Function:
DEDetect
Category:
DE.AEAnomalies and Events
Subcategory:
DE.AE-4Impact of events is determined
Informative references
 CIS CSC 4, 6
COBIT 5 APO12.06, DSS03.01
ISO/IEC 27001:2013 A.16.1.4
NIST SP 800-53 Rev. 4 CP-2, IR-4, RA-3, SI-4

Anomalous activity is detected and the potential impact of events is understood.

The exercise of determining the impact of events is relevant in the sense that it gives a genuine idea of the criticality of services
Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
Function:
IDIdentify
Category:
ID.AMAsset Management
Subcategory:
ID.AM-5Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
Informative references
 CIS CSC 13, 14
COBIT 5 APO03.03, APO03.04, APO12.01, BAI04.02, BAI09.02
ISA 62443-2-1:2009 4.2.3.6
ISO/IEC 27001:2013 A.8.2.1
NIST SP 800-53 Rev. 4 CP-2, RA-2, SA-14, SC-6

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy.

Classify resources according to their criticality and value will enable to localise critical services
Vulnerability scans are performed
Function:
DEDetect
Category:
DE.CMSecurity Continuous Monitoring
Subcategory:
DE.CM-8Vulnerability scans are performed
Informative references
 CIS CSC 4, 20
COBIT 5 BAI03.10, DSS05.01
ISA 62443-2-1:2009 4.2.3.1, 4.2.3.7
ISO/IEC 27001:2013 A.12.6.1
NIST SP 800-53 Rev. 4 RA-5

The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.

Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
Function:
IDIdentify
Category:
ID.AMAsset Management
Subcategory:
ID.AM-6Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
Informative references
CIS CSC 17, 19
COBIT 5 APO01.02, APO07.06, APO13.01, DSS06.03
ISA 62443-2-1:2009 4.3.2.3.3
ISO/IEC 27001:2013 A.6.1.1
NIST SP 800-53 Rev. 4 CP-2, PS-7, PM-11

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy.

Identifying the entire workforce as well as third - party stakeholders and ensure that they understand their roles and responsabilities will reduce incidents leading to criticality of services

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information