Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
ID.IM-03.9: The organisation shall conduct specialised assessments including in-depth monitoring, vulnerability scanning, malicious user testing, insider threat assessment, performance/ load testing, and verification and validation testing on the organisation's critical systems. |
|
ID.IM-03.9 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p79 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to strengthen the security posture of critical systems by conducting specialised assessments that uncover vulnerabilities, evaluate performance, and test defences against insider and external threats. In Operational Technology (OT) environments, these assessments help validate protections and support continuous improvement. To achieve this goal, the organisation should: - Conduct Specialised Assessments Assessments should include in-depth monitoring,vulnerabilityscanning, malicious usertesting, insiderthreat assessments, performance/load testing, and verification and validation testing. - Outsource to Accredited Providers Specialised assessments may be outsourced, preferably to accredited organisations. Accreditation should follow recognised standards such as: - CREST for penetration testing and vulnerability assessments - ISO/IEC 17025 for testing laboratories Accreditation should be granted by recognised bodies such as CREST, national accreditation authorities (e.g. BELAC), or industry-specific bodies (e.g. PCI Security Standards Council). This ensures assessments are conducted with technical competence, impartiality, and in line with best practices. - Integrate Findings into Remediation Vulnerabilities identified during assessments should be addressed through established remediation processes, as outlined in control ID.IM-03.3. - Support Readiness and Maturity Evaluation Assessment results should inform organisational readiness and performance levels (e.g. CyFun® maturity), guiding targeted improvements. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to strengthen the security posture of critical systems by conducting specialised assessments that uncover vulnerabilities, evaluate performance, and test defences against insider and external threats. In Operational Technology (OT) environments, these assessments help validate protections and support continuous improvement. To achieve this goal, the organisation should:</p><ul><li>Conduct Specialised Assessments Assessments should include in-depth monitoring,vulnerabilityscanning, malicious usertesting, insiderthreat assessments, performance/load testing, and verification and validation testing.</li><li>Outsource to Accredited Providers Specialised assessments may be outsourced, preferably to accredited organisations. Accreditation should follow recognised standards such as:<ul><li>CREST for penetration testing and vulnerability assessments</li><li>ISO/IEC 17025 for testing laboratories Accreditation should be granted by recognised bodies such as CREST, national accreditation authorities (e.g. BELAC), or industry-specific bodies (e.g. PCI Security Standards Council). This ensures assessments are conducted with technical competence, impartiality, and in line with best practices.</li></ul></li><li>Integrate Findings into Remediation Vulnerabilities identified during assessments should be addressed through established remediation processes, as outlined in control ID.IM-03.3.</li><li>Support Readiness and Maturity Evaluation Assessment results should inform organisational readiness and performance levels (e.g. CyFun® maturity), guiding targeted improvements.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to strengthen the security posture of critical systems by conducting specialised assessments that uncover vulnerabilities, evaluate performance, and test defences against insider and external threats. In Operational Technology (OT) environments, these assessments help validate protections and support continuous improvement. To achieve this goal, the organisation should: • Conduct Specialised Assessments Assessments should include in-depth monitoring,vulnerabilityscanning, malicious usertesting, insiderthreat assessments, performance/load testing, and verification and validation testing. • Outsource to Accredited Providers Specialised assessments may be outsourced, preferably to accredited organisations. Accreditation should follow recognised standards such as: o CREST for penetration testing and vulnerability assessments o ISO/IEC 17025 for testing laboratories Accreditation should be granted by recognised bodies such as CREST, national accreditation authorities (e.g. BELAC), or industry-specific bodies (e.g. PCI Security Standards Council). This ensures assessments are conducted with technical competence, impartiality, and in line with best practices. • Integrate Findings into Remediation Vulnerabilities identified during assessments should be addressed through established remediation processes, as outlined in control ID.IM-03.3. • Support Readiness and Maturity Evaluation Assessment results should inform organisational readiness and performance levels (e.g. CyFun® maturity), guiding targeted improvements. |
|
A general note, for any purpose. |
The goal of this control is to strengthen the security posture of critical systems by conducting specialised assessments that uncover vulnerabilities, evaluate performance, and test defences against insider and external threats. In Operational Technology (OT) environments, these assessments help validate protections and support continuous improvement. To achieve this goal, the organisation should: - Conduct Specialised Assessments Assessments should include in-depth monitoring,vulnerabilityscanning, malicious usertesting, insiderthreat assessments, performance/load testing, and verification and validation testing. - Outsource to Accredited Providers Specialised assessments may be outsourced, preferably to accredited organisations. Accreditation should follow recognised standards such as: - CREST for penetration testing and vulnerability assessments - ISO/IEC 17025 for testing laboratories Accreditation should be granted by recognised bodies such as CREST, national accreditation authorities (e.g. BELAC), or industry-specific bodies (e.g. PCI Security Standards Council). This ensures assessments are conducted with technical competence, impartiality, and in line with best practices. - Integrate Findings into Remediation Vulnerabilities identified during assessments should be addressed through established remediation processes, as outlined in control ID.IM-03.3. - Support Readiness and Maturity Evaluation Assessment results should inform organisational readiness and performance levels (e.g. CyFun® maturity), guiding targeted improvements. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
ID.IM-03.9 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Specialised security assessments |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall conduct specialised assessments including in-depth monitoring, vulnerability scanning, malicious user testing, insider threat assessment, performance/ load testing, and verification and validation testing on the organisation's critical systems. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
18 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 20 of 20
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1