Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
DE.CM-01.4: The organisation shall continuously monitor its network to spot signs of cyber threats or unusual activity, using clearly defined rules for what counts as a potential security incident. |
|
DE.CM-01.4 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p147 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The aim of this control is to ensure that the organisation continuously monitors its network and systems to detect signs of cyber threats or unusual activity.This is done using clearly defined rules that help identifywhat qualifies as a potential security incident. To achieve this, consider the following: - This control builds on DE.AE-08.1, which requires that incidents have to be reported based on predefined criteria. - The organisation should decide which types of cybersecurityevents and warning signs need to be monitored, and define what information must be recorded in audit logs. - Automated tools should be used to detect suspicious activity, such as unexpected network traffic, failed login attempts, or incorrect system settings. - Monitoring should be flexible and increase during high-risk periods, such aswhen threat alerts are received during geopolitical tensions, or after internal issues. - Monitoring should include not only digital systems but also physical spaces, staff behaviour, and interactions with service providers, where relevant. - Network activity should be continuously analysed to detect changes that might indicate weakened security, following zero-trust principles. - Alerts should be triggered automatically when certain thresholds are met, and known false alarms should be filtered out to avoid overwhelming staff. |
|
A general note, for any purpose. |
The aim of this control is to ensure that the organisation continuously monitors its network and systems to detect signs of cyber threats or unusual activity.This is done using clearly defined rules that help identifywhat qualifies as a potential security incident. To achieve this, consider the following: • This control builds on DE.AE-08.1, which requires that incidents have to be reported based on predefined criteria. • The organisation should decide which types of cybersecurityevents and warning signs need to be monitored, and define what information must be recorded in audit logs. • Automated tools should be used to detect suspicious activity, such as unexpected network traffic, failed login attempts, or incorrect system settings. • Monitoring should be flexible and increase during high-risk periods, such aswhen threat alerts are received during geopolitical tensions, or after internal issues. • Monitoring should include not only digital systems but also physical spaces, staff behaviour, and interactions with service providers, where relevant. • Network activity should be continuously analysed to detect changes that might indicate weakened security, following zero-trust principles. • Alerts should be triggered automatically when certain thresholds are met, and known false alarms should be filtered out to avoid overwhelming staff. |
|
A general note, for any purpose. |
The aim of this control is to ensure that the organisation continuously monitors its network and systems to detect signs of cyber threats or unusual activity.This is done using clearly defined rules that help identifywhat qualifies as a potential security incident. To achieve this, consider the following: - This control builds on DE.AE-08.1, which requires that incidents have to be reported based on predefined criteria. - The organisation should decide which types of cybersecurityevents and warning signs need to be monitored, and define what information must be recorded in audit logs. - Automated tools should be used to detect suspicious activity, such as unexpected network traffic, failed login attempts, or incorrect system settings. - Monitoring should be flexible and increase during high-risk periods, such aswhen threat alerts are received during geopolitical tensions, or after internal issues. - Monitoring should include not only digital systems but also physical spaces, staff behaviour, and interactions with service providers, where relevant. - Network activity should be continuously analysed to detect changes that might indicate weakened security, following zero-trust principles. - Alerts should be triggered automatically when certain thresholds are met, and known false alarms should be filtered out to avoid overwhelming staff. |
|
A general note, for any purpose. |
<div><p>The aim of this control is to ensure that the organisation continuously monitors its network and systems to detect signs of cyber threats or unusual activity.This is done using clearly defined rules that help identifywhat qualifies as a potential security incident. To achieve this, consider the following:</p><ul><li>This control builds on DE.AE-08.1, which requires that incidents have to be reported based on predefined criteria.</li><li>The organisation should decide which types of cybersecurityevents and warning signs need to be monitored, and define what information must be recorded in audit logs.</li><li>Automated tools should be used to detect suspicious activity, such as unexpected network traffic, failed login attempts, or incorrect system settings.</li><li>Monitoring should be flexible and increase during high-risk periods, such aswhen threat alerts are received during geopolitical tensions, or after internal issues.</li><li>Monitoring should include not only digital systems but also physical spaces, staff behaviour, and interactions with service providers, where relevant.</li><li>Network activity should be continuously analysed to detect changes that might indicate weakened security, following zero-trust principles.</li><li>Alerts should be triggered automatically when certain thresholds are met, and known false alarms should be filtered out to avoid overwhelming staff.</li></ul></div> |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
DE.CM-01.4 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Continuous network threat monitoring |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall continuously monitor its network to spot signs of cyber threats or unusual activity, using clearly defined rules for what counts as a potential security incident. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1