Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.IR-01.8: The organisation shall define, monitor, and control the flow of information and data within and between its critical systems to ensure that only authorised and secure exchanges occur, regardless of network boundaries or system architecture. |
|
PR.IR-01.8 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p138 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
This requirement builds on PR.IR-01.3 (control of system connections) and PR.IR-01.4 (boundary protection), but goes further by focusing on what data is allowed to move, where, and under what conditions — not just how systems are connected or segmented. It also complements ID.AM-03.2, which requires that network communication and internal data flows be mapped, documented, authorised, and updated. PR.IR-01.8 ensures that these documented flows are also actively enforced and monitored. Controlling information and data flows is especially critical in ICS/OT environments, where any unauthorised or unintended exchange of data can compromise health, safety, and environmental protection, and must therefore be strictly governed. To implement this requirement effectively, the organisation should: • Define and Enforce Flow Control Policies Tools and policies should be used to control how data moves between systems and within different parts of the network, ensuring only authorised flows occur. • Encrypt Data-in-Transit and at-Rest Use secure encryption protocols such as TLS/SSL for data in transit and AES-256 for data at rest to protect confidentiality and integrity. • Use Multi-FactorAuthentication (MFA) MFA should be implemented to verify the identity of users accessing systems that handle or transmit sen- sitive data. • Secure APIs APIs used for inter-system communication should follow secure development practices and be regularly reviewed for vulnerabilities. • Implement Continuous Monitoring Real-time monitoring tools should detect unauthorised data flows or anomalies, with alerts for immediate response. • Conduct Periodic Audits Regular audits should verify compliance with data flow policies and identify potential weaknesses or unau- thorised changes. • Apply Network Segmentation Segment the network to restrict unnecessary data flows and limit the impact of potential breaches. • Secure Remote Access VPNs should be used to securely connect remote systems and users to the organisation’s network. • Deploy Data Loss Prevention (DLP) DLP solutions should monitor and control the transfer of sensitive information, especially when leaving the organisation. • Train Staff and Raise Awareness Employees should be trained on data handling policies and the importance of controlling information flows. • Simulate Phishing Attacks Regular phishing simulations should be conducted to reduce the risk of social engineering attacks. |
|
A general note, for any purpose. |
This requirement builds on PR.IR-01.3 (control of system connections) and PR.IR-01.4 (boundary protection), but goes further by focusing on what data is allowed to move, where, and under what conditions — not just how systems are connected or segmented. It also complements ID.AM-03.2, which requires that network communication and internal data flows be mapped, documented, authorised, and updated. PR.IR-01.8 ensures that these documented flows are also actively enforced and monitored. Controlling information and data flows is especially critical in ICS/OT environments, where any unauthorised or unintended exchange of data can compromise health, safety, and environmental protection, and must therefore be strictly governed. To implement this requirement effectively, the organisation should: - Define and Enforce Flow Control Policies Tools and policies should be used to control how data moves between systems and within different parts of the network, ensuring only authorised flows occur. - Encrypt Data-in-Transit and at-Rest Use secure encryption protocols such as TLS/SSL for data in transit and AES-256 for data at rest to protect confidentiality and integrity. - Use Multi-FactorAuthentication (MFA) MFA should be implemented to verify the identity of users accessing systems that handle or transmit sen- sitive data. - Secure APIs APIs used for inter-system communication should follow secure development practices and be regularly reviewed for vulnerabilities. - Implement Continuous Monitoring Real-time monitoring tools should detect unauthorised data flows or anomalies, with alerts for immediate response. - Conduct Periodic Audits Regular audits should verify compliance with data flow policies and identify potential weaknesses or unau- thorised changes. - Apply Network Segmentation Segment the network to restrict unnecessary data flows and limit the impact of potential breaches. - Secure Remote Access VPNs should be used to securely connect remote systems and users to the organisation’s network. - Deploy Data Loss Prevention (DLP) DLP solutions should monitor and control the transfer of sensitive information, especially when leaving the organisation. - Train Staff and Raise Awareness Employees should be trained on data handling policies and the importance of controlling information flows. - Simulate Phishing Attacks Regular phishing simulations should be conducted to reduce the risk of social engineering attacks. |
|
A general note, for any purpose. |
<div><p>This requirement builds on PR.IR-01.3 (control of system connections) and PR.IR-01.4 (boundary protection), but goes further by focusing on what data is allowed to move, where, and under what conditions — not just how systems are connected or segmented. It also complements ID.AM-03.2, which requires that network communication and internal data flows be mapped, documented, authorised, and updated. PR.IR-01.8 ensures that these documented flows are also actively enforced and monitored. Controlling information and data flows is especially critical in ICS/OT environments, where any unauthorised or unintended exchange of data can compromise health, safety, and environmental protection, and must therefore be strictly governed. To implement this requirement effectively, the organisation should:</p><ul><li>Define and Enforce Flow Control Policies Tools and policies should be used to control how data moves between systems and within different parts of the network, ensuring only authorised flows occur.</li><li>Encrypt Data-in-Transit and at-Rest Use secure encryption protocols such as TLS/SSL for data in transit and AES-256 for data at rest to protect confidentiality and integrity.</li><li>Use Multi-FactorAuthentication (MFA) MFA should be implemented to verify the identity of users accessing systems that handle or transmit sen- sitive data.</li><li>Secure APIs APIs used for inter-system communication should follow secure development practices and be regularly reviewed for vulnerabilities.</li><li>Implement Continuous Monitoring Real-time monitoring tools should detect unauthorised data flows or anomalies, with alerts for immediate response.</li><li>Conduct Periodic Audits Regular audits should verify compliance with data flow policies and identify potential weaknesses or unau- thorised changes.</li><li>Apply Network Segmentation Segment the network to restrict unnecessary data flows and limit the impact of potential breaches.</li><li>Secure Remote Access VPNs should be used to securely connect remote systems and users to the organisation’s network.</li><li>Deploy Data Loss Prevention (DLP) DLP solutions should monitor and control the transfer of sensitive information, especially when leaving the organisation.</li><li>Train Staff and Raise Awareness Employees should be trained on data handling policies and the importance of controlling information flows.</li><li>Simulate Phishing Attacks Regular phishing simulations should be conducted to reduce the risk of social engineering attacks.</li></ul></div> |
|
A general note, for any purpose. |
This requirement builds on PR.IR-01.3 (control of system connections) and PR.IR-01.4 (boundary protection), but goes further by focusing on what data is allowed to move, where, and under what conditions — not just how systems are connected or segmented. It also complements ID.AM-03.2, which requires that network communication and internal data flows be mapped, documented, authorised, and updated. PR.IR-01.8 ensures that these documented flows are also actively enforced and monitored. Controlling information and data flows is especially critical in ICS/OT environments, where any unauthorised or unintended exchange of data can compromise health, safety, and environmental protection, and must therefore be strictly governed. To implement this requirement effectively, the organisation should: - Define and Enforce Flow Control Policies Tools and policies should be used to control how data moves between systems and within different parts of the network, ensuring only authorised flows occur. - Encrypt Data-in-Transit and at-Rest Use secure encryption protocols such as TLS/SSL for data in transit and AES-256 for data at rest to protect confidentiality and integrity. - Use Multi-FactorAuthentication (MFA) MFA should be implemented to verify the identity of users accessing systems that handle or transmit sen- sitive data. - Secure APIs APIs used for inter-system communication should follow secure development practices and be regularly reviewed for vulnerabilities. - Implement Continuous Monitoring Real-time monitoring tools should detect unauthorised data flows or anomalies, with alerts for immediate response. - Conduct Periodic Audits Regular audits should verify compliance with data flow policies and identify potential weaknesses or unau- thorised changes. - Apply Network Segmentation Segment the network to restrict unnecessary data flows and limit the impact of potential breaches. - Secure Remote Access VPNs should be used to securely connect remote systems and users to the organisation’s network. - Deploy Data Loss Prevention (DLP) DLP solutions should monitor and control the transfer of sensitive information, especially when leaving the organisation. - Train Staff and Raise Awareness Employees should be trained on data handling policies and the importance of controlling information flows. - Simulate Phishing Attacks Regular phishing simulations should be conducted to reduce the risk of social engineering attacks. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.IR-01.8 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Information flow control |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall define, monitor, and control the flow of information and data within and between its critical systems to ensure that only authorised and secure exchanges occur, regardless of network boundaries or system architecture. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1