Interdependencies between essential and important entities

  1. Home
  2. Topics
  3. Cybersecurity Policy
  4. NIS Directive
  5. Interdependencies between essential and important entities

ENISA Interdependencies Indicators Tool

Interdependency indicator -
Category
RELIABILITY, DEPENDABILITY, RESILIENCE
Description
Criticality of services in terms of security (i.e. availability, integrity and confidentiality)
Number of Controls
2 Cooperation Group
18 ISO IEC 27002
5 NIST Cybersecurity Framework
6 Cobit5
Mappings to: Cooperation Group (2) ISO IEC 27002 (18) NIST Cybersecurity Framework (5) Cobit5 (6)
NIST Cybersecurity Framework Description EXAMPLE OF IMPLEMENTATION
Unauthorized mobile code is detected
Function:
DEDetect
Category:
DE.CMSecurity Continuous Monitoring
Subcategory:
DE.CM-5Unauthorized mobile code is detected
Informative references
 CIS CSC 7, 8
COBIT 5 DSS05.01
ISA 62443-3-3:2013 SR 2.4
ISO/IEC 27001:2013 A.12.5.1, A.12.6.2
NIST SP 800-53 Rev. 4 SC-18, SI-4, SC-44

The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.

 Unauthorized mobile code detection may be related to the criticality of services
Impact of events is determined
Function:
DEDetect
Category:
DE.AEAnomalies and Events
Subcategory:
DE.AE-4Impact of events is determined
Informative references
 CIS CSC 4, 6
COBIT 5 APO12.06, DSS03.01
ISO/IEC 27001:2013 A.16.1.4
NIST SP 800-53 Rev. 4 CP-2, IR-4, RA-3, SI-4

Anomalous activity is detected and the potential impact of events is understood.

 The exercise of determining the impact of events is relevant in the sense that it gives a genuine idea of the criticality of services
Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
Function:
IDIdentify
Category:
ID.AMAsset Management
Subcategory:
ID.AM-5Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
Informative references
 CIS CSC 13, 14
COBIT 5 APO03.03, APO03.04, APO12.01, BAI04.02, BAI09.02
ISA 62443-2-1:2009 4.2.3.6
ISO/IEC 27001:2013 A.8.2.1
NIST SP 800-53 Rev. 4 CP-2, RA-2, SA-14, SC-6

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy.

 Classify resources according to their criticality and value will enable to localise critical services
Vulnerability scans are performed
Function:
DEDetect
Category:
DE.CMSecurity Continuous Monitoring
Subcategory:
DE.CM-8Vulnerability scans are performed
Informative references
 CIS CSC 4, 20
COBIT 5 BAI03.10, DSS05.01
ISA 62443-2-1:2009 4.2.3.1, 4.2.3.7
ISO/IEC 27001:2013 A.12.6.1
NIST SP 800-53 Rev. 4 RA-5

The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.
Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
Function:
IDIdentify
Category:
ID.AMAsset Management
Subcategory:
ID.AM-6Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
Informative references
CIS CSC 17, 19
COBIT 5 APO01.02, APO07.06, APO13.01, DSS06.03
ISA 62443-2-1:2009 4.3.2.3.3
ISO/IEC 27001:2013 A.6.1.1
NIST SP 800-53 Rev. 4 CP-2, PS-7, PM-11

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistent with their relative importance to organisational objectives and the organisation’s risk strategy.

 Identifying the entire workforce as well as third - party stakeholders and ensure that they understand their roles and responsabilities will reduce incidents leading to criticality of services

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies