Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.AA-05.7: Privileged users shall be managed and monitored. |
|
PR.AA-05.7 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p97 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p71 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to reduce the risk of unauthorised access, data breaches, and operational disruption byensuring that privileged users,who have elevated access to critical systems, are subject to strict management and continuous oversight. To achieve this goal, the organisation should: - Monitor Privileged Activities Activities of privileged users should be logged and reviewed routinely or continuously, even if performed by individuals not independent of the process. - Protect Sensitive Data Monitoring should help prevent privileged users from exposing or misusing sensitive information and system configurations. - Prevent Abuse of Privileges Privileged accounts should be managed to avoid unauthorised changes, privilege escalation, or bypassing of security controls. - Detect Suspicious Behaviour Behavioural anomalies and unauthorised actions should be identified through automated logging and alerting mechanisms. - Support Incident Response Monitoringdatashouldbeusedtoinvestigateandrespondtosecurityincidentsinvolvingprivilegedaccounts. - Manage Access Rights Proactively Access rights should be clearlydefined, regularlyreviewed, and adjusted based on role changes, operational needs, or risk assessments. - Ensure OT-Specific Feasibility In OTenvironments, privileged access should be managedwith consideration forsystem stabilityand safety. Where full monitoring is not feasible, compensating controls such as interface-level logging1 or external review should be implemented. - Align with ENISA Guidance These practices align with ENISA’s NIS2 Technical Implementation Guidance, which emphasises the impor- tance of privileged access control and monitoring in securing essential services and critical infrastructure. 1 Interface-level logging means recordingwhat users do at the pointwhere theyconnect to a system, such as through a remote access tool, jump server, orsecure gateway,without needing to log directlyinside the system itself(e.g. using Splunk®).This helps monitorprivileged activityin environmentswhere direct system logging is not possible, such as in OTsystems. |
|
A general note, for any purpose. |
The goal of this control is to reduce the risk of unauthorised access, data breaches, and operational disruption byensuring that privileged users,who have elevated access to critical systems, are subject to strict management and continuous oversight. To achieve this goal, the organisation should: - Monitor Privileged Activities Activities of privileged users should be logged and reviewed routinely or continuously, even if performed by individuals not independent of the process. - Protect Sensitive Data Monitoring should help prevent privileged users from exposing or misusing sensitive information and system configurations. - Prevent Abuse of Privileges Privileged accounts should be managed to avoid unauthorised changes, privilege escalation, or bypassing of security controls. - Detect Suspicious Behaviour Behavioural anomalies and unauthorised actions should be identified through automated logging and alerting mechanisms. - Support Incident Response Monitoringdatashouldbeusedtoinvestigateandrespondtosecurityincidentsinvolvingprivilegedaccounts. - Manage Access Rights Proactively Access rights should be clearlydefined, regularlyreviewed, and adjusted based on role changes, operational needs, or risk assessments. - Ensure OT-Specific Feasibility In OTenvironments, privileged access should be managedwith consideration forsystem stabilityand safety. Where full monitoring is not feasible, compensating controls such as interface-level logging1 or external review should be implemented. - Align with ENISA Guidance These practices align with ENISA’s NIS2 Technical Implementation Guidance, which emphasises the impor- tance of privileged access control and monitoring in securing essential services and critical infrastructure. 1 Interface-level logging means recordingwhat users do at the pointwhere theyconnect to a system, such as through a remote access tool, jump server, orsecure gateway,without needing to log directlyinside the system itself(e.g. using Splunk®).This helps monitorprivileged activityin environmentswhere direct system logging is not possible, such as in OTsystems. |
|
A general note, for any purpose. |
The goal of this control is to reduce the risk of unauthorised access, data breaches, and operational disruption byensuring that privileged users,who have elevated access to critical systems, are subject to strict management and continuous oversight. To achieve this goal, the organisation should: • Monitor Privileged Activities Activities of privileged users should be logged and reviewed routinely or continuously, even if performed by individuals not independent of the process. • Protect Sensitive Data Monitoring should help prevent privileged users from exposing or misusing sensitive information and system configurations. • Prevent Abuse of Privileges Privileged accounts should be managed to avoid unauthorised changes, privilege escalation, or bypassing of security controls. • Detect Suspicious Behaviour Behavioural anomalies and unauthorised actions should be identified through automated logging and alerting mechanisms. • Support Incident Response Monitoringdatashouldbeusedtoinvestigateandrespondtosecurityincidentsinvolvingprivilegedaccounts. • Manage Access Rights Proactively Access rights should be clearlydefined, regularlyreviewed, and adjusted based on role changes, operational needs, or risk assessments. • Ensure OT-Specific Feasibility In OTenvironments, privileged access should be managedwith consideration forsystem stabilityand safety. Where full monitoring is not feasible, compensating controls such as interface-level logging1 or external review should be implemented. • Align with ENISA Guidance These practices align with ENISA’s NIS2 Technical Implementation Guidance, which emphasises the impor- tance of privileged access control and monitoring in securing essential services and critical infrastructure. 1 Interface-level logging means recordingwhat users do at the pointwhere theyconnect to a system, such as through a remote access tool, jump server, orsecure gateway,without needing to log directlyinside the system itself(e.g. using Splunk®).This helps monitorprivileged activityin environmentswhere direct system logging is not possible, such as in OTsystems. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to reduce the risk of unauthorised access, data breaches, and operational disruption byensuring that privileged users,who have elevated access to critical systems, are subject to strict management and continuous oversight. To achieve this goal, the organisation should:</p><ul><li>Monitor Privileged Activities Activities of privileged users should be logged and reviewed routinely or continuously, even if performed by individuals not independent of the process.</li><li>Protect Sensitive Data Monitoring should help prevent privileged users from exposing or misusing sensitive information and system configurations.</li><li>Prevent Abuse of Privileges Privileged accounts should be managed to avoid unauthorised changes, privilege escalation, or bypassing of security controls.</li><li>Detect Suspicious Behaviour Behavioural anomalies and unauthorised actions should be identified through automated logging and alerting mechanisms.</li><li>Support Incident Response Monitoringdatashouldbeusedtoinvestigateandrespondtosecurityincidentsinvolvingprivilegedaccounts.</li><li>Manage Access Rights Proactively Access rights should be clearlydefined, regularlyreviewed, and adjusted based on role changes, operational needs, or risk assessments.</li><li>Ensure OT-Specific Feasibility In OTenvironments, privileged access should be managedwith consideration forsystem stabilityand safety. Where full monitoring is not feasible, compensating controls such as interface-level logging1 or external review should be implemented.</li><li>Align with ENISA Guidance These practices align with ENISA’s NIS2 Technical Implementation Guidance, which emphasises the impor- tance of privileged access control and monitoring in securing essential services and critical infrastructure. 1 Interface-level logging means recordingwhat users do at the pointwhere theyconnect to a system, such as through a remote access tool, jump server, orsecure gateway,without needing to log directlyinside the system itself(e.g. using Splunk®).This helps monitorprivileged activityin environmentswhere direct system logging is not possible, such as in OTsystems.</li></ul></div> |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.AA-05.7 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Privileged user management and monitoring |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Privileged users shall be managed and monitored. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1