Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.AT-02.3: Privileged users shall be qualified before privileges are granted, and these users shall be able to demonstrate the understanding of their roles, responsibilities, and authorities. |
|
PR.AT-02.3 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p108 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p77 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure that individuals granted privileged access,whetherin ITorOTenvironments, are demonstrably competent and fully aware of the cybersecurity responsibilities, risks, and authority bound- aries tied to their role. This reduces the likelihood of accidental misuse or exploitation of elevated privileges, especially in critical systems where operational continuity and safety are at stake. To ensure this goal is met, the organisation should consider the following: - Privileged users should be trained in various aspects to ensure that they use their elevated access rights in a safe and responsible manner. The following training topics could be considered: - Security awareness: It is crucial that privileged users are aware of the security risks associated with their elevated access rights. This includes knowledge about phishing, malware, and other cyber threats. - Access management: Users should understand how to properly manage their access rights, including using strong passwords, multi-factor authentication, and restricting access only to what is necessary for their role. - Compliance and regulation: It is important that privileged users are aware of relevant laws and regulations, such as GDPR, NIS2, DORA…, and how they affect their work. - Incident response: Training on how to respond to security incidents is essential. This includes recognising suspicious activity and knowing how and to whom to report it. - Data management best practices: Users should be trained on how to store, process and transfer sensitive data securely. - Ethics and responsibility: It is important that privileged users are aware of theirethical responsibilities and the possible consequences of misusing their access rights. - Privileged users should be periodicallyassessed and tested on theirunderstanding of cybersecuritypractices for their specialised roles. - Consider annual refreshers to reinforce existing practices and introduce new practices. |
|
A general note, for any purpose. |
The goal of this control is to ensure that individuals granted privileged access,whetherin ITorOTenvironments, are demonstrably competent and fully aware of the cybersecurity responsibilities, risks, and authority bound- aries tied to their role. This reduces the likelihood of accidental misuse or exploitation of elevated privileges, especially in critical systems where operational continuity and safety are at stake. To ensure this goal is met, the organisation should consider the following: • Privileged users should be trained in various aspects to ensure that they use their elevated access rights in a safe and responsible manner. The following training topics could be considered: o Security awareness: It is crucial that privileged users are aware of the security risks associated with their elevated access rights. This includes knowledge about phishing, malware, and other cyber threats. o Access management: Users should understand how to properly manage their access rights, including using strong passwords, multi-factor authentication, and restricting access only to what is necessary for their role. o Compliance and regulation: It is important that privileged users are aware of relevant laws and regulations, such as GDPR, NIS2, DORA…, and how they affect their work. o Incident response: Training on how to respond to security incidents is essential. This includes recognising suspicious activity and knowing how and to whom to report it. o Data management best practices: Users should be trained on how to store, process and transfer sensitive data securely. o Ethics and responsibility: It is important that privileged users are aware of theirethical responsibilities and the possible consequences of misusing their access rights. • Privileged users should be periodicallyassessed and tested on theirunderstanding of cybersecuritypractices for their specialised roles. • Consider annual refreshers to reinforce existing practices and introduce new practices. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that individuals granted privileged access,whetherin ITorOTenvironments, are demonstrably competent and fully aware of the cybersecurity responsibilities, risks, and authority bound- aries tied to their role. This reduces the likelihood of accidental misuse or exploitation of elevated privileges, especially in critical systems where operational continuity and safety are at stake. To ensure this goal is met, the organisation should consider the following:</p><ul><li>Privileged users should be trained in various aspects to ensure that they use their elevated access rights in a safe and responsible manner. The following training topics could be considered:<ul><li>Security awareness: It is crucial that privileged users are aware of the security risks associated with their elevated access rights. This includes knowledge about phishing, malware, and other cyber threats.</li><li>Access management: Users should understand how to properly manage their access rights, including using strong passwords, multi-factor authentication, and restricting access only to what is necessary for their role.</li><li>Compliance and regulation: It is important that privileged users are aware of relevant laws and regulations, such as GDPR, NIS2, DORA…, and how they affect their work.</li><li>Incident response: Training on how to respond to security incidents is essential. This includes recognising suspicious activity and knowing how and to whom to report it.</li><li>Data management best practices: Users should be trained on how to store, process and transfer sensitive data securely.</li><li>Ethics and responsibility: It is important that privileged users are aware of theirethical responsibilities and the possible consequences of misusing their access rights.</li></ul></li><li>Privileged users should be periodicallyassessed and tested on theirunderstanding of cybersecuritypractices for their specialised roles.</li><li>Consider annual refreshers to reinforce existing practices and introduce new practices.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that individuals granted privileged access,whetherin ITorOTenvironments, are demonstrably competent and fully aware of the cybersecurity responsibilities, risks, and authority bound- aries tied to their role. This reduces the likelihood of accidental misuse or exploitation of elevated privileges, especially in critical systems where operational continuity and safety are at stake. To ensure this goal is met, the organisation should consider the following: - Privileged users should be trained in various aspects to ensure that they use their elevated access rights in a safe and responsible manner. The following training topics could be considered: - Security awareness: It is crucial that privileged users are aware of the security risks associated with their elevated access rights. This includes knowledge about phishing, malware, and other cyber threats. - Access management: Users should understand how to properly manage their access rights, including using strong passwords, multi-factor authentication, and restricting access only to what is necessary for their role. - Compliance and regulation: It is important that privileged users are aware of relevant laws and regulations, such as GDPR, NIS2, DORA…, and how they affect their work. - Incident response: Training on how to respond to security incidents is essential. This includes recognising suspicious activity and knowing how and to whom to report it. - Data management best practices: Users should be trained on how to store, process and transfer sensitive data securely. - Ethics and responsibility: It is important that privileged users are aware of theirethical responsibilities and the possible consequences of misusing their access rights. - Privileged users should be periodicallyassessed and tested on theirunderstanding of cybersecuritypractices for their specialised roles. - Consider annual refreshers to reinforce existing practices and introduce new practices. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.AT-02.3 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Privileged user qualification |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Privileged users shall be qualified before privileges are granted, and these users shall be able to demonstrate the understanding of their roles, responsibilities, and authorities. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1