Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
GV.SC-01.1: A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes shall be documented, reviewed, updated when changes occur, and approved by organisational stakeholders. |
|
GV.SC-01.1 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p32 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure supply chain cybersecurity risks are proactively managed through a docu- mented, stakeholder-approved, and regularly updated risk management program. The steps below should be considered for organisations to establish a cybersecurity supply chain risk man- agement (C-SCRM) program that is aligned with their strategic objectives and supported by all relevant stakeholders: **Define the Program and Strategy** - IdentifyObjectives:ClearlydefinewhattheorganisationaimstoachievewithitsC-SCRMprogram.Objectives might include protecting against supply chain attacks, ensuring compliance with regulations, and maintaining business continuity. - Develop a Strategy: Outline a high-level strategythat alignswith the organisation's overall cybersecurityand business strategies. This should include risk assessment, risk mitigation, and continuous monitoring plans. **Engage Stakeholders** - IdentifyStakeholders: Determine who the key stakeholders are, including executives, IT, procurement, legal, and compliance teams. - StakeholderInvolvement: Engage stakeholders earlyin the process to ensure theirinput and buy-in.This can be done through workshops, meetings, and regular updates. **Establish Policies and Processes** - Develop Policies: Create comprehensive documented policies that cover all aspects of C-SCRM, including vendor risk management, incident response, and compliance requirements. - Implement Processes: Define and document processes for risk assessment, vendor evaluation, contract management, and incident response. Ensure these processes are integrated into existing business workflows. **Risk Assessment and Management** - Conduct RiskAssessments: Regularly assess risks associated with the supply chain, including potential vul- nerabilities and threats. - MitigateRisks: Develop and implement risk mitigation strategies based on the assessment results.This might include diversifying suppliers, enhancing security controls, and establishing contingency plans. **Continuous Monitoring and Improvement** - Monitor Continuously: Implement continuous monitoring of the supply chain to detect and respond to new risks promptly. This includes monitoring supplier performance and compliance. - Review and Improve: Regularly review the effectiveness of the C-SCRM program and make improvements as needed. This should include feedback from stakeholders and lessons learned from incidents. **Training and Awareness** Educate Employees: Provide training and awareness programs for employees to understand their roles in C-SCRM. This includes recognising supply chain risks and following established policies and procedures. **Documentation and Communication** - Document Everything: Ensure all policies, processes, risk assessments, and mitigation plans are well-docu- mented, kept up to date, approved by relevant management and accessible to relevant stakeholders. - Communicate Effectively: Maintain open lines of communication with stakeholders to keep them informed about the program’s progress, changes, and any incidents that occur. |
|
A general note, for any purpose. |
The goal of this control is to ensure supply chain cybersecurity risks are proactively managed through a docu- mented, stakeholder-approved, and regularly updated risk management program. The steps below should be considered for organisations to establish a cybersecurity supply chain risk man- agement (C-SCRM) program that is aligned with their strategic objectives and supported by all relevant stakeholders: Define the Program and Strategy • IdentifyObjectives:ClearlydefinewhattheorganisationaimstoachievewithitsC-SCRMprogram.Objectives might include protecting against supply chain attacks, ensuring compliance with regulations, and maintaining business continuity. • Develop a Strategy: Outline a high-level strategythat alignswith the organisation's overall cybersecurityand business strategies. This should include risk assessment, risk mitigation, and continuous monitoring plans. Engage Stakeholders • IdentifyStakeholders: Determine who the key stakeholders are, including executives, IT, procurement, legal, and compliance teams. • StakeholderInvolvement: Engage stakeholders earlyin the process to ensure theirinput and buy-in.This can be done through workshops, meetings, and regular updates. Establish Policies and Processes • Develop Policies: Create comprehensive documented policies that cover all aspects of C-SCRM, including vendor risk management, incident response, and compliance requirements. • Implement Processes: Define and document processes for risk assessment, vendor evaluation, contract management, and incident response. Ensure these processes are integrated into existing business workflows. Risk Assessment and Management • Conduct RiskAssessments: Regularly assess risks associated with the supply chain, including potential vul- nerabilities and threats. • MitigateRisks: Develop and implement risk mitigation strategies based on the assessment results.This might include diversifying suppliers, enhancing security controls, and establishing contingency plans. Continuous Monitoring and Improvement • Monitor Continuously: Implement continuous monitoring of the supply chain to detect and respond to new risks promptly. This includes monitoring supplier performance and compliance. • Review and Improve: Regularly review the effectiveness of the C-SCRM program and make improvements as needed. This should include feedback from stakeholders and lessons learned from incidents. Training and Awareness Educate Employees: Provide training and awareness programs for employees to understand their roles in C-SCRM. This includes recognising supply chain risks and following established policies and procedures. Documentation and Communication • Document Everything: Ensure all policies, processes, risk assessments, and mitigation plans are well-docu- mented, kept up to date, approved by relevant management and accessible to relevant stakeholders. • Communicate Effectively: Maintain open lines of communication with stakeholders to keep them informed about the program’s progress, changes, and any incidents that occur. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure supply chain cybersecurity risks are proactively managed through a docu- mented, stakeholder-approved, and regularly updated risk management program. The steps below should be considered for organisations to establish a cybersecurity supply chain risk man- agement (C-SCRM) program that is aligned with their strategic objectives and supported by all relevant stakeholders:</p><p><strong>Define the Program and Strategy</strong></p><ul><li>IdentifyObjectives:ClearlydefinewhattheorganisationaimstoachievewithitsC-SCRMprogram.Objectives might include protecting against supply chain attacks, ensuring compliance with regulations, and maintaining business continuity.</li><li>Develop a Strategy: Outline a high-level strategythat alignswith the organisation's overall cybersecurityand business strategies. This should include risk assessment, risk mitigation, and continuous monitoring plans.</li></ul><p><strong>Engage Stakeholders</strong></p><ul><li>IdentifyStakeholders: Determine who the key stakeholders are, including executives, IT, procurement, legal, and compliance teams.</li><li>StakeholderInvolvement: Engage stakeholders earlyin the process to ensure theirinput and buy-in.This can be done through workshops, meetings, and regular updates.</li></ul><p><strong>Establish Policies and Processes</strong></p><ul><li>Develop Policies: Create comprehensive documented policies that cover all aspects of C-SCRM, including vendor risk management, incident response, and compliance requirements.</li><li>Implement Processes: Define and document processes for risk assessment, vendor evaluation, contract management, and incident response. Ensure these processes are integrated into existing business workflows.</li></ul><p><strong>Risk Assessment and Management</strong></p><ul><li>Conduct RiskAssessments: Regularly assess risks associated with the supply chain, including potential vul- nerabilities and threats.</li><li>MitigateRisks: Develop and implement risk mitigation strategies based on the assessment results.This might include diversifying suppliers, enhancing security controls, and establishing contingency plans.</li></ul><p><strong>Continuous Monitoring and Improvement</strong></p><ul><li>Monitor Continuously: Implement continuous monitoring of the supply chain to detect and respond to new risks promptly. This includes monitoring supplier performance and compliance.</li><li>Review and Improve: Regularly review the effectiveness of the C-SCRM program and make improvements as needed. This should include feedback from stakeholders and lessons learned from incidents.</li></ul><p><strong>Training and Awareness</strong></p><p>Educate Employees: Provide training and awareness programs for employees to understand their roles in C-SCRM. This includes recognising supply chain risks and following established policies and procedures.</p><p><strong>Documentation and Communication</strong></p><ul><li>Document Everything: Ensure all policies, processes, risk assessments, and mitigation plans are well-docu- mented, kept up to date, approved by relevant management and accessible to relevant stakeholders.</li><li>Communicate Effectively: Maintain open lines of communication with stakeholders to keep them informed about the program’s progress, changes, and any incidents that occur.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure supply chain cybersecurity risks are proactively managed through a docu- mented, stakeholder-approved, and regularly updated risk management program. The steps below should be considered for organisations to establish a cybersecurity supply chain risk man- agement (C-SCRM) program that is aligned with their strategic objectives and supported by all relevant stakeholders: *Define the Program and Strategy* - IdentifyObjectives:ClearlydefinewhattheorganisationaimstoachievewithitsC-SCRMprogram.Objectives might include protecting against supply chain attacks, ensuring compliance with regulations, and maintaining business continuity. - Develop a Strategy: Outline a high-level strategythat alignswith the organisation's overall cybersecurityand business strategies. This should include risk assessment, risk mitigation, and continuous monitoring plans. *Engage Stakeholders* - IdentifyStakeholders: Determine who the key stakeholders are, including executives, IT, procurement, legal, and compliance teams. - StakeholderInvolvement: Engage stakeholders earlyin the process to ensure theirinput and buy-in.This can be done through workshops, meetings, and regular updates. *Establish Policies and Processes* - Develop Policies: Create comprehensive documented policies that cover all aspects of C-SCRM, including vendor risk management, incident response, and compliance requirements. - Implement Processes: Define and document processes for risk assessment, vendor evaluation, contract management, and incident response. Ensure these processes are integrated into existing business workflows. *Risk Assessment and Management* - Conduct RiskAssessments: Regularly assess risks associated with the supply chain, including potential vul- nerabilities and threats. - MitigateRisks: Develop and implement risk mitigation strategies based on the assessment results.This might include diversifying suppliers, enhancing security controls, and establishing contingency plans. *Continuous Monitoring and Improvement* - Monitor Continuously: Implement continuous monitoring of the supply chain to detect and respond to new risks promptly. This includes monitoring supplier performance and compliance. - Review and Improve: Regularly review the effectiveness of the C-SCRM program and make improvements as needed. This should include feedback from stakeholders and lessons learned from incidents. *Training and Awareness* Educate Employees: Provide training and awareness programs for employees to understand their roles in C-SCRM. This includes recognising supply chain risks and following established policies and procedures. *Documentation and Communication* - Document Everything: Ensure all policies, processes, risk assessments, and mitigation plans are well-docu- mented, kept up to date, approved by relevant management and accessible to relevant stakeholders. - Communicate Effectively: Maintain open lines of communication with stakeholders to keep them informed about the program’s progress, changes, and any incidents that occur. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
GV.SC-01.1 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Supply chain risk management programme |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes shall be documented, reviewed, updated when changes occur, and approved by organisational stakeholders. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
18 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 20 of 20
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1