User Tools

Site Tools

Sidebar

NAVIGATION


WANT TO GET INVOLVED? Let us know on the mailing list SIRA MAILING LIST (open to all)


HOW TO USE THIS WORK


THE SIRA NIST CSF METRICS


Identify

Identify Home

Protect

Protect Home

Detect

Detect Home

Respond

Respond Home

Recover

Recover Home


PROJECT ROADMAP

Roadmap Home


SIRA LINKS


BECOME A MEMBER

SIRA MAILING LIST (open to all)

CONTACT SIRA MANAGEMENT


metrics:protect:protect_home

PROTECT

Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.

NOTES ON THE PROTECT FUNCTION: One of the key challenges in this section would be the sheer volume of sensible metrics. It is relatively straight-forward to identify useful KRI/KPI metrics for this section, but they can take significant resources to collect, maintain, and present.


Access Control (PR.AC): Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.


Awareness and Training (PR.AT): The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.


Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.


Information Protection Processes and Procedures (PR.IP): Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.


Maintenance (PR.MA): Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.


Protective Technology (PR.PT): Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.


Permalink metrics/protect/protect_home.txt · Last modified: 2015/04/18 18:44 by administrator

oeffentlich