The organisation shall conduct risk assessments in which risk is determined by threats, vulnerabilities and the impact on business processes and assets.
The organisation shall conduct risk assessments in which risk is determined by threats, vulnerabilities and the impact on business processes and assets.
The organisation shall incorporate lessons learned from incident handling activities into updated or new incident handling processes and/or procedures that are framed by appropriate training after review, approval and testing.
The organisation shall incorporate lessons learned from incident handling activities into updated or new incident handling processes and/or procedures that are framed by appropriate training after review, approval and testing.
The organisation shall identify improvements derived from the monitoring, measurements, assessments, and lessons learned and consequently translate this into improved processes / procedures / technologies to enhance its cyber resilience (continuous improvement).
The organisation shall identify improvements derived from the monitoring, measurements, assessments, and lessons learned and consequently translate this into improved processes / procedures / technologies to enhance its cyber resilience (continuous improvement).
The organisation shall collaborate and share information about its critical system's related security incidents and mitigation measures with designated partners.
The organisation shall collaborate and share information about its critical system's related security incidents and mitigation measures with designated partners.
Communication of effectiveness of protection technologies shall be shared with relevant stakeholders.
Communication of effectiveness of protection technologies shall be shared with relevant stakeholders.
The organisation shall implement, where feasible, automated mechanisms to facilitate the process of information sharing and collaboration.
The organisation shall implement, where feasible, automated mechanisms to facilitate the process of information sharing and collaboration.
The organisation shall implement independent teams to assess its processes, best practices, and technology solutions to safeguard critical systems and assets.
The organisation shall implement independent teams to assess its processes, best practices, and technology solutions to safeguard critical systems and assets.
The organisation shall ensure that the security plan for its critical systems facilitates the review, testing, and continual improvement of the security protection processes.
The organisation shall ensure that the security plan for its critical systems facilitates the review, testing, and continual improvement of the security protection processes.
The organisation shall conduct specialised assessments including in-depth monitoring, vulnerability scanning, malicious user testing, insider threat assessment, performance/load testing, and verification and validation testing on the organisation's critical systems.
The organisation shall conduct specialised assessments including in-depth monitoring, vulnerability scanning, malicious user testing, insider threat assessment, performance/load testing, and verification and validation testing on the organisation's critical systems.