Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.AA-01.5: The organisation’s critical systems shall be monitored for atypical use of system credentials. Credentials associated with significant risk shall be disabled. |
|
PR.AA-01.5 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p86 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
<div><p>The goal of this control is to detect and respond to abnormal or high-risk use of system credentials in critical systems, helping to prevent unauthorised access, insider threats, and credential-based attacks. To achieve this goal, the organisation should:</p><ul><li>Detect Atypical Credential Use Systems should be monitored for deviations from normal credential usage patterns, such as unusual login times, access from unfamiliarlocations, use of unfamiliarsystems, simultaneous logins from distant locations, or sudden access to sensitive data.</li><li>Limit and Respond to Failed Login Attempts A threshold for failed login attempts should be enforced. Accounts should be locked automatically after repeated failures and remain inaccessible until a defined lockout period expires or an authorised adminis- trator resets them.</li><li>Manage Credential Lifecycles Credential issuance, usage, and revocation should be automated where possible. An up-to-date inventory of active credentials should be maintained, and unused or orphaned accounts should be regularly reviewed and disabled.</li><li>Monitor and Correlate Events Security Information and Event Management (SIEM) tools or equivalent solutions should be considered to detect anomalies and correlate events across systems. Behavioural baselining should be implemented to identify deviations from typical usage.</li><li>Disable High-Risk Credentials Automatically Credentials associated with confirmed or high-risk anomalous activity should be disabled immediately. Security teams should be notified for investigation and response. All actions should be logged for audit and forensic purposes.</li><li>Raise UserAwareness Users should be trained on secure credential practices and encouraged to report suspicious activity or anomalies in access behaviour.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to detect and respond to abnormal or high-risk use of system credentials in critical systems, helping to prevent unauthorised access, insider threats, and credential-based attacks. To achieve this goal, the organisation should: - Detect Atypical Credential Use Systems should be monitored for deviations from normal credential usage patterns, such as unusual login times, access from unfamiliarlocations, use of unfamiliarsystems, simultaneous logins from distant locations, or sudden access to sensitive data. - Limit and Respond to Failed Login Attempts A threshold for failed login attempts should be enforced. Accounts should be locked automatically after repeated failures and remain inaccessible until a defined lockout period expires or an authorised adminis- trator resets them. - Manage Credential Lifecycles Credential issuance, usage, and revocation should be automated where possible. An up-to-date inventory of active credentials should be maintained, and unused or orphaned accounts should be regularly reviewed and disabled. - Monitor and Correlate Events Security Information and Event Management (SIEM) tools or equivalent solutions should be considered to detect anomalies and correlate events across systems. Behavioural baselining should be implemented to identify deviations from typical usage. - Disable High-Risk Credentials Automatically Credentials associated with confirmed or high-risk anomalous activity should be disabled immediately. Security teams should be notified for investigation and response. All actions should be logged for audit and forensic purposes. - Raise UserAwareness Users should be trained on secure credential practices and encouraged to report suspicious activity or anomalies in access behaviour. |
|
A general note, for any purpose. |
The goal of this control is to detect and respond to abnormal or high-risk use of system credentials in critical systems, helping to prevent unauthorised access, insider threats, and credential-based attacks. To achieve this goal, the organisation should: - Detect Atypical Credential Use Systems should be monitored for deviations from normal credential usage patterns, such as unusual login times, access from unfamiliarlocations, use of unfamiliarsystems, simultaneous logins from distant locations, or sudden access to sensitive data. - Limit and Respond to Failed Login Attempts A threshold for failed login attempts should be enforced. Accounts should be locked automatically after repeated failures and remain inaccessible until a defined lockout period expires or an authorised adminis- trator resets them. - Manage Credential Lifecycles Credential issuance, usage, and revocation should be automated where possible. An up-to-date inventory of active credentials should be maintained, and unused or orphaned accounts should be regularly reviewed and disabled. - Monitor and Correlate Events Security Information and Event Management (SIEM) tools or equivalent solutions should be considered to detect anomalies and correlate events across systems. Behavioural baselining should be implemented to identify deviations from typical usage. - Disable High-Risk Credentials Automatically Credentials associated with confirmed or high-risk anomalous activity should be disabled immediately. Security teams should be notified for investigation and response. All actions should be logged for audit and forensic purposes. - Raise UserAwareness Users should be trained on secure credential practices and encouraged to report suspicious activity or anomalies in access behaviour. |
|
A general note, for any purpose. |
The goal of this control is to detect and respond to abnormal or high-risk use of system credentials in critical systems, helping to prevent unauthorised access, insider threats, and credential-based attacks. To achieve this goal, the organisation should: • Detect Atypical Credential Use Systems should be monitored for deviations from normal credential usage patterns, such as unusual login times, access from unfamiliarlocations, use of unfamiliarsystems, simultaneous logins from distant locations, or sudden access to sensitive data. • Limit and Respond to Failed Login Attempts A threshold for failed login attempts should be enforced. Accounts should be locked automatically after repeated failures and remain inaccessible until a defined lockout period expires or an authorised adminis- trator resets them. • Manage Credential Lifecycles Credential issuance, usage, and revocation should be automated where possible. An up-to-date inventory of active credentials should be maintained, and unused or orphaned accounts should be regularly reviewed and disabled. • Monitor and Correlate Events Security Information and Event Management (SIEM) tools or equivalent solutions should be considered to detect anomalies and correlate events across systems. Behavioural baselining should be implemented to identify deviations from typical usage. • Disable High-Risk Credentials Automatically Credentials associated with confirmed or high-risk anomalous activity should be disabled immediately. Security teams should be notified for investigation and response. All actions should be logged for audit and forensic purposes. • Raise UserAwareness Users should be trained on secure credential practices and encouraged to report suspicious activity or anomalies in access behaviour. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.AA-01.5 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Atypical credential usage monitoring |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation’s critical systems shall be monitored for atypical use of system credentials. Credentials associated with significant risk shall be disabled. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1