Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.DS-01.3: The organisation shall define and implement automated responses to detected integrity violations, using predefined safeguards that are proportionate to the severity and impact of the violation. |
|
PR.DS-01.3 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p110 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to minimise the impact of integrityviolations by enabling timely, proportionate, and automated responses that help contain threats, preserve system stability, and support forensic analysis, especially in environments where manual intervention may be delayed or impractical. To achieve this goal, the following guidance should be considered: • Severity levels and response actions should be defined, with integrity violations being categorised (e.g. low, medium, high impact) and linked to appropriate automated safeguards. • Alerts and notifications should be triggered automatically when integrity violations are detected, and inte- grated with Security Orchestration, Automation, and Response (SOAR) platforms to streamline incident handling. • Affected components should be quarantined orisolated, such as compromised files, applications, orsystems, to prevent further damage. • All events should be logged and auditable, including detected violations and automated actions, to support forensic investigations and compliance reporting. • Lightweight automation should be used where possible, such as: o Blocking specific processes or users o Reverting to a known-good configuration o Temporarily disabling affected services • Response mechanisms should be tested and tuned regularly in controlled environments to ensure effective- ness and avoid unnecessary disruption. • The European Union Agency for Cybersecurity (ENISA) guidance in the “Implementation Guidance on Security Measures” (For Public Consultation, Document No. ENISA/2024/IGSM) should be consulted. |
|
A general note, for any purpose. |
The goal of this control is to minimise the impact of integrityviolations by enabling timely, proportionate, and automated responses that help contain threats, preserve system stability, and support forensic analysis, especially in environments where manual intervention may be delayed or impractical. To achieve this goal, the following guidance should be considered: - Severity levels and response actions should be defined, with integrity violations being categorised (e.g. low, medium, high impact) and linked to appropriate automated safeguards. - Alerts and notifications should be triggered automatically when integrity violations are detected, and inte- grated with Security Orchestration, Automation, and Response (SOAR) platforms to streamline incident handling. - Affected components should be quarantined orisolated, such as compromised files, applications, orsystems, to prevent further damage. - All events should be logged and auditable, including detected violations and automated actions, to support forensic investigations and compliance reporting. - Lightweight automation should be used where possible, such as: - Blocking specific processes or users - Reverting to a known-good configuration - Temporarily disabling affected services - Response mechanisms should be tested and tuned regularly in controlled environments to ensure effective- ness and avoid unnecessary disruption. - The European Union Agency for Cybersecurity (ENISA) guidance in the “Implementation Guidance on Security Measures” (For Public Consultation, Document No. ENISA/2024/IGSM) should be consulted. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to minimise the impact of integrityviolations by enabling timely, proportionate, and automated responses that help contain threats, preserve system stability, and support forensic analysis, especially in environments where manual intervention may be delayed or impractical. To achieve this goal, the following guidance should be considered:</p><ul><li>Severity levels and response actions should be defined, with integrity violations being categorised (e.g. low, medium, high impact) and linked to appropriate automated safeguards.</li><li>Alerts and notifications should be triggered automatically when integrity violations are detected, and inte- grated with Security Orchestration, Automation, and Response (SOAR) platforms to streamline incident handling.</li><li>Affected components should be quarantined orisolated, such as compromised files, applications, orsystems, to prevent further damage.</li><li>All events should be logged and auditable, including detected violations and automated actions, to support forensic investigations and compliance reporting.</li><li>Lightweight automation should be used where possible, such as:<ul><li>Blocking specific processes or users</li><li>Reverting to a known-good configuration</li><li>Temporarily disabling affected services</li></ul></li><li>Response mechanisms should be tested and tuned regularly in controlled environments to ensure effective- ness and avoid unnecessary disruption.</li><li>The European Union Agency for Cybersecurity (ENISA) guidance in the “Implementation Guidance on Security Measures” (For Public Consultation, Document No. ENISA/2024/IGSM) should be consulted.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to minimise the impact of integrityviolations by enabling timely, proportionate, and automated responses that help contain threats, preserve system stability, and support forensic analysis, especially in environments where manual intervention may be delayed or impractical. To achieve this goal, the following guidance should be considered: - Severity levels and response actions should be defined, with integrity violations being categorised (e.g. low, medium, high impact) and linked to appropriate automated safeguards. - Alerts and notifications should be triggered automatically when integrity violations are detected, and inte- grated with Security Orchestration, Automation, and Response (SOAR) platforms to streamline incident handling. - Affected components should be quarantined orisolated, such as compromised files, applications, orsystems, to prevent further damage. - All events should be logged and auditable, including detected violations and automated actions, to support forensic investigations and compliance reporting. - Lightweight automation should be used where possible, such as: - Blocking specific processes or users - Reverting to a known-good configuration - Temporarily disabling affected services - Response mechanisms should be tested and tuned regularly in controlled environments to ensure effective- ness and avoid unnecessary disruption. - The European Union Agency for Cybersecurity (ENISA) guidance in the “Implementation Guidance on Security Measures” (For Public Consultation, Document No. ENISA/2024/IGSM) should be consulted. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.DS-01.3 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Automated integrity violation response |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall define and implement automated responses to detected integrity violations, using predefined safeguards that are proportionate to the severity and impact of the violation. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1