Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
GV.OC-04.4: Recovery time and recovery point objectives for the resumption of essential ICT/ OT system processes shall be defined and monitored. |
|
GV.OC-04.4 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p15 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that the organisation defines and monitors clear RecoveryTime Objectives (RTO) and Recovery Point Objectives (RPO) for restoring essential ICT and OT system processes after a dis- ruption. Consider the following elements for defining and monitoring RTO’s and RPO’s for critical ICT/OT systems:</p><ul><li>Governance & Policy Definition<ul><li>Establish formal policies and accountability for defining and monitoring RTO/RPO.</li><li>Align recovery objectives with business continuity and disaster recovery frameworks (e.g., ISO 22301, ISO/IEC 27031).</li><li>Ensure leadership buy-in and regulatory compliance.</li></ul></li><li>Business Impact Analysis (BIA)<ul><li>IdentifyinterdependenciesbetweenICTandOTsystemsandtheircascadingeffectsonbusinessoperations.</li><li>Determine acceptable downtime thresholds for different system categories.</li></ul></li><li>Risk & Threat Assessment<ul><li>Perform real-world threat simulations (e.g., ransomware drills, DDoS stress testing).</li><li>Integrate threat intelligence into recovery planning to anticipate evolving risks.</li></ul></li><li>Classification & Prioritisation of Systems<ul><li>Define tiered recovery strategies based on business impact (e.g., Tier 1 = immediate restoration, Tier 2 = delayed recovery).</li><li>Establish failover mechanisms for critical OT processes that must operate continuously.</li></ul></li><li>Backup & Recovery Strategies<ul><li>Implement immutable backups to protect against ransomware.</li><li>Ensure offsite and cloud-based recovery options for geographic resilience.</li><li>Conduct regular validation and integrity checks on backups to prevent failures during recovery.</li></ul></li><li>Testing & Validation of Recovery Objectives<ul><li>Perform disaster recovery testing (tabletop exercises, full restoration drills).</li><li>Measure RTO/RPO effectiveness through real-time monitoring and incident response simulations.</li><li>Establish automated recovery orchestration to speed up resumption of services.</li></ul></li><li>Continuous Monitoring & Improvement<ul><li>Use real-time analytics to assess deviations from expected RTO/RPO values.</li><li>Adapt recovery objectives based on lessons learned from incidents and audits.</li></ul></li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that the organisation defines and monitors clear RecoveryTime Objectives (RTO) and Recovery Point Objectives (RPO) for restoring essential ICT and OT system processes after a dis- ruption. Consider the following elements for defining and monitoring RTO’s and RPO’s for critical ICT/OT systems: - Governance & Policy Definition - Establish formal policies and accountability for defining and monitoring RTO/RPO. - Align recovery objectives with business continuity and disaster recovery frameworks (e.g., ISO 22301, ISO/IEC 27031). - Ensure leadership buy-in and regulatory compliance. - Business Impact Analysis (BIA) - IdentifyinterdependenciesbetweenICTandOTsystemsandtheircascadingeffectsonbusinessoperations. - Determine acceptable downtime thresholds for different system categories. - Risk & Threat Assessment - Perform real-world threat simulations (e.g., ransomware drills, DDoS stress testing). - Integrate threat intelligence into recovery planning to anticipate evolving risks. - Classification & Prioritisation of Systems - Define tiered recovery strategies based on business impact (e.g., Tier 1 = immediate restoration, Tier 2 = delayed recovery). - Establish failover mechanisms for critical OT processes that must operate continuously. - Backup & Recovery Strategies - Implement immutable backups to protect against ransomware. - Ensure offsite and cloud-based recovery options for geographic resilience. - Conduct regular validation and integrity checks on backups to prevent failures during recovery. - Testing & Validation of Recovery Objectives - Perform disaster recovery testing (tabletop exercises, full restoration drills). - Measure RTO/RPO effectiveness through real-time monitoring and incident response simulations. - Establish automated recovery orchestration to speed up resumption of services. - Continuous Monitoring & Improvement - Use real-time analytics to assess deviations from expected RTO/RPO values. - Adapt recovery objectives based on lessons learned from incidents and audits. |
|
A general note, for any purpose. |
The goal of this control is to ensure that the organisation defines and monitors clear RecoveryTime Objectives (RTO) and Recovery Point Objectives (RPO) for restoring essential ICT and OT system processes after a dis- ruption. Consider the following elements for defining and monitoring RTO’s and RPO’s for critical ICT/OT systems: • Governance & Policy Definition o Establish formal policies and accountability for defining and monitoring RTO/RPO. o Align recovery objectives with business continuity and disaster recovery frameworks (e.g., ISO 22301, ISO/IEC 27031). o Ensure leadership buy-in and regulatory compliance. • Business Impact Analysis (BIA) o IdentifyinterdependenciesbetweenICTandOTsystemsandtheircascadingeffectsonbusinessoperations. o Determine acceptable downtime thresholds for different system categories. • Risk & Threat Assessment o Perform real-world threat simulations (e.g., ransomware drills, DDoS stress testing). o Integrate threat intelligence into recovery planning to anticipate evolving risks. • Classification & Prioritisation of Systems o Define tiered recovery strategies based on business impact (e.g., Tier 1 = immediate restoration, Tier 2 = delayed recovery). o Establish failover mechanisms for critical OT processes that must operate continuously. • Backup & Recovery Strategies o Implement immutable backups to protect against ransomware. o Ensure offsite and cloud-based recovery options for geographic resilience. o Conduct regular validation and integrity checks on backups to prevent failures during recovery. • Testing & Validation of Recovery Objectives o Perform disaster recovery testing (tabletop exercises, full restoration drills). o Measure RTO/RPO effectiveness through real-time monitoring and incident response simulations. o Establish automated recovery orchestration to speed up resumption of services. • Continuous Monitoring & Improvement o Use real-time analytics to assess deviations from expected RTO/RPO values. o Adapt recovery objectives based on lessons learned from incidents and audits. |
|
A general note, for any purpose. |
The goal of this control is to ensure that the organisation defines and monitors clear RecoveryTime Objectives (RTO) and Recovery Point Objectives (RPO) for restoring essential ICT and OT system processes after a dis- ruption. Consider the following elements for defining and monitoring RTO’s and RPO’s for critical ICT/OT systems: - Governance & Policy Definition - Establish formal policies and accountability for defining and monitoring RTO/RPO. - Align recovery objectives with business continuity and disaster recovery frameworks (e.g., ISO 22301, ISO/IEC 27031). - Ensure leadership buy-in and regulatory compliance. - Business Impact Analysis (BIA) - IdentifyinterdependenciesbetweenICTandOTsystemsandtheircascadingeffectsonbusinessoperations. - Determine acceptable downtime thresholds for different system categories. - Risk & Threat Assessment - Perform real-world threat simulations (e.g., ransomware drills, DDoS stress testing). - Integrate threat intelligence into recovery planning to anticipate evolving risks. - Classification & Prioritisation of Systems - Define tiered recovery strategies based on business impact (e.g., Tier 1 = immediate restoration, Tier 2 = delayed recovery). - Establish failover mechanisms for critical OT processes that must operate continuously. - Backup & Recovery Strategies - Implement immutable backups to protect against ransomware. - Ensure offsite and cloud-based recovery options for geographic resilience. - Conduct regular validation and integrity checks on backups to prevent failures during recovery. - Testing & Validation of Recovery Objectives - Perform disaster recovery testing (tabletop exercises, full restoration drills). - Measure RTO/RPO effectiveness through real-time monitoring and incident response simulations. - Establish automated recovery orchestration to speed up resumption of services. - Continuous Monitoring & Improvement - Use real-time analytics to assess deviations from expected RTO/RPO values. - Adapt recovery objectives based on lessons learned from incidents and audits. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
GV.OC-04.4 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Recovery time and point objectives |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Recovery time and recovery point objectives for the resumption of essential ICT/ OT system processes shall be defined and monitored. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1