Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
RS.MA-02.2: Automated tools shall be used to support the investigation and impact assessment of validated cybersecurity incidents. |
|
RS.MA-02.2 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p165 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that organisations are equipped with the technical capabilities to efficiently and accurately handle cybersecurity incidents once they have been validated. To implement this control, the following should be considered:</p><ul><li>Automated tools should help collect, analyse, and correlate incident data to support timely and accurate investigation.</li><li>These tools should assist in identifying the scope, severity, and potential impact of incidents that have been validated through triage. A validated incident is one that has been confirmed to be cybersecurity-related (not a false alarm or unrelated technical issue, meets predefined severity criteria (such as indicators of com- promise, threat intelligence, or known attack patterns), and requires response actions (meaning it meets the threshold for further investigation, categorisation, and escalation).</li><li>The following types of tools can be considered to support these activities:<ul><li>Security Information and Event Management (SIEM) systems for centralised log collection and analysis.</li><li>Extended Detection and Response (XDR) platforms for integrated threat detection across endpoints, net- works, and servers.</li><li>Security Orchestration, Automation and Response (SOAR) platforms to automate workflows and coor- dinate response actions.</li><li>Threat Intelligence Platforms to enrich incident data with external threat context.</li><li>Network Intrusion Detection Systems (NIDS) to monitor and alert on suspicious network activity.</li><li>Computer Incident Response Centres (CIRCs) for centralised coordination and expert analysis.</li></ul></li><li>Automated mechanisms should be integrated with the incident response process to ensure that validated incidents are investigated efficiently and prioritised appropriately, in line with the organisation’s incident response plan.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that organisations are equipped with the technical capabilities to efficiently and accurately handle cybersecurity incidents once they have been validated. To implement this control, the following should be considered: • Automated tools should help collect, analyse, and correlate incident data to support timely and accurate investigation. • These tools should assist in identifying the scope, severity, and potential impact of incidents that have been validated through triage. A validated incident is one that has been confirmed to be cybersecurity-related (not a false alarm or unrelated technical issue, meets predefined severity criteria (such as indicators of com- promise, threat intelligence, or known attack patterns), and requires response actions (meaning it meets the threshold for further investigation, categorisation, and escalation). • The following types of tools can be considered to support these activities: o Security Information and Event Management (SIEM) systems for centralised log collection and analysis. o Extended Detection and Response (XDR) platforms for integrated threat detection across endpoints, net- works, and servers. o Security Orchestration, Automation and Response (SOAR) platforms to automate workflows and coor- dinate response actions. o Threat Intelligence Platforms to enrich incident data with external threat context. o Network Intrusion Detection Systems (NIDS) to monitor and alert on suspicious network activity. o Computer Incident Response Centres (CIRCs) for centralised coordination and expert analysis. • Automated mechanisms should be integrated with the incident response process to ensure that validated incidents are investigated efficiently and prioritised appropriately, in line with the organisation’s incident response plan. |
|
A general note, for any purpose. |
The goal of this control is to ensure that organisations are equipped with the technical capabilities to efficiently and accurately handle cybersecurity incidents once they have been validated. To implement this control, the following should be considered: - Automated tools should help collect, analyse, and correlate incident data to support timely and accurate investigation. - These tools should assist in identifying the scope, severity, and potential impact of incidents that have been validated through triage. A validated incident is one that has been confirmed to be cybersecurity-related (not a false alarm or unrelated technical issue, meets predefined severity criteria (such as indicators of com- promise, threat intelligence, or known attack patterns), and requires response actions (meaning it meets the threshold for further investigation, categorisation, and escalation). - The following types of tools can be considered to support these activities: - Security Information and Event Management (SIEM) systems for centralised log collection and analysis. - Extended Detection and Response (XDR) platforms for integrated threat detection across endpoints, net- works, and servers. - Security Orchestration, Automation and Response (SOAR) platforms to automate workflows and coor- dinate response actions. - Threat Intelligence Platforms to enrich incident data with external threat context. - Network Intrusion Detection Systems (NIDS) to monitor and alert on suspicious network activity. - Computer Incident Response Centres (CIRCs) for centralised coordination and expert analysis. - Automated mechanisms should be integrated with the incident response process to ensure that validated incidents are investigated efficiently and prioritised appropriately, in line with the organisation’s incident response plan. |
|
A general note, for any purpose. |
The goal of this control is to ensure that organisations are equipped with the technical capabilities to efficiently and accurately handle cybersecurity incidents once they have been validated. To implement this control, the following should be considered: - Automated tools should help collect, analyse, and correlate incident data to support timely and accurate investigation. - These tools should assist in identifying the scope, severity, and potential impact of incidents that have been validated through triage. A validated incident is one that has been confirmed to be cybersecurity-related (not a false alarm or unrelated technical issue, meets predefined severity criteria (such as indicators of com- promise, threat intelligence, or known attack patterns), and requires response actions (meaning it meets the threshold for further investigation, categorisation, and escalation). - The following types of tools can be considered to support these activities: - Security Information and Event Management (SIEM) systems for centralised log collection and analysis. - Extended Detection and Response (XDR) platforms for integrated threat detection across endpoints, net- works, and servers. - Security Orchestration, Automation and Response (SOAR) platforms to automate workflows and coor- dinate response actions. - Threat Intelligence Platforms to enrich incident data with external threat context. - Network Intrusion Detection Systems (NIDS) to monitor and alert on suspicious network activity. - Computer Incident Response Centres (CIRCs) for centralised coordination and expert analysis. - Automated mechanisms should be integrated with the incident response process to ensure that validated incidents are investigated efficiently and prioritised appropriately, in line with the organisation’s incident response plan. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
RS.MA-02.2 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Automated incident investigation tools |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Automated tools shall be used to support the investigation and impact assessment of validated cybersecurity incidents. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1