MIL1 requirements
a. Cyber risks are identified, at least in an ad hoc manner
MIL2 requirements
b. A defined method is used to identify cyber risks c. Stakeholders from appropriate operations and business areas participate in the identification of cyber risks
d. Identified cyber risks are consolidated into categories (for example, data breaches, insider mistakes, ransomware, OT control takeover) to facilitate management at the category level
e. Cyber risk categories and cyber risks are documented in a risk register or other artifact
f. Cyber risk categories and cyber risks are assigned to risk owners
g. Cyber risk identification activities are performed periodically and according to defined triggers, such as system changes and external events
MIL3 requirements
h. Cyber risk identification activities leverage asset inventory and prioritization information from the ASSET domain, such as IT and OT asset end of support, single points of failure, information asset risk of disclosure, tampering, or destruction
i. Vulnerability management information from THREAT domain activities is used to update cyber risks and identify new risks (such as risks arising from vulnerabilities that pose an ongoing risk to the organization or newly identified vulnerabilities)
j. Threat management information from THREAT domain activities is used to update cyber risks and identify new risks
k. Information from THIRD-PARTIES domain activities is used to update cyber risks and identify new risks
l. Information from ARCHITECTURE domain activities (such as unmitigated architectural conformance gaps) is used to update cyber risks and identify new risks m. Cyber risk identification considers risks that may arise from or impact critical infrastructure or other interdependent organizations
Organisaatio pyrkii ennakoivasti listaamaan ja arvioimaan erilaisten tietoturvariskien todennäköisyyttä ja vakavuutta. Dokumentaatio sisältää seuraavat asiat:
Digiturvamallissa kaikki vaatimuskehikkojen vaatimukset kohdistetaan universaaleihin tietoturvatehtäviin, jotta voitte muodostaa yksittäisen suunnitelman, joka täyttää ison kasan vaatimuksia.
.png)
Paranna osaamistasi viikoittaisten webinaarien, videokurssien, artikkeleiden ja blogien avulla.
