http://cyfun.data.gift/data/requirement_GV_OV_03_1

Concept

http://cyfun.data.gift/data/subcategory_GV.OV-03
- External link
- Internal link

Properties and relations

Direct links from the subject.

Property	Value
type The subject is an instance of a class. External link Internal link	http://cyfun.data.gift/ontology#Requirement External link Internal link
type The subject is an instance of a class. External link Internal link	Concept An idea or notion; a unit of thought. External link Internal link
label A human-readable name for the subject. External link Internal link	GV.OV-03.1: The organisation's cybersecurity risk management performance shall be evaluated, reviewed and adjusted when necessary
http://cyfun.data.gift/ontology#requirementId External link Internal link	GV.OV-03.1
http://cyfun.data.gift/ontology#foundIn External link Internal link	http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p31 External link Internal link
has broader Relates a concept to a concept that is more general in meaning. External link Internal link	http://cyfun.data.gift/data/subcategory_GV.OV-03 External link Internal link
note A general note, for any purpose. External link Internal link	The goal of this control is to ensure that an organisation's cybersecurity risk management performance is continuously evaluated, reviewed, and adjusted as necessary. To achieve this goal, the following should be considered: - Key Performance Indicators (KPIs) should be identified, implemented and regularly reviewed to ensure that organisation-wide policies and procedures achieve the information- and cybersecurity objectives. - Key information and cybersecurity-related risk indicators should be regularly assessed to identify risks to the organisation, including likelihood and potential impact. Information and cybersecurity-related risk indicators are for example: - Number of cyber-attacks detected - Number of data leaks detected - Time to detection - Time to recovery - Number of devices not managed by the organisation - Level of access different users have to sensitive data - Number of not-up-to-date software and systems - Number of unmanaged network connections - Metrics on information- and cybersecurity risk management should be collected and shared with senior leadership.
note A general note, for any purpose. External link Internal link	The goal of this control is to ensure that an organisation's cybersecurity risk management performance is continuously evaluated, reviewed, and adjusted as necessary. To achieve this goal, the following should be considered: - Key Performance Indicators (KPIs) should be identified, implemented and regularly reviewed to ensure that organisation-wide policies and procedures achieve the information- and cybersecurity objectives. - Key information and cybersecurity-related risk indicators should be regularly assessed to identify risks to the organisation, including likelihood and potential impact. Information and cybersecurity-related risk indicators are for example: - Number of cyber-attacks detected - Number of data leaks detected - Time to detection - Time to recovery - Number of devices not managed by the organisation - Level of access different users have to sensitive data - Number of not-up-to-date software and systems - Number of unmanaged network connections - Metrics on information- and cybersecurity risk management should be collected and shared with senior leadership.
note A general note, for any purpose. External link Internal link	<div><p>The goal of this control is to ensure that an organisation's cybersecurity risk management performance is continuously evaluated, reviewed, and adjusted as necessary. To achieve this goal, the following should be considered:</p><ul><li>Key Performance Indicators (KPIs) should be identified, implemented and regularly reviewed to ensure that organisation-wide policies and procedures achieve the information- and cybersecurity objectives.</li><li>Key information and cybersecurity-related risk indicators should be regularly assessed to identify risks to the organisation, including likelihood and potential impact. Information and cybersecurity-related risk indicators are for example:<ul><li>Number of cyber-attacks detected</li><li>Number of data leaks detected</li><li>Time to detection</li><li>Time to recovery</li><li>Number of devices not managed by the organisation</li><li>Level of access different users have to sensitive data</li><li>Number of not-up-to-date software and systems</li><li>Number of unmanaged network connections</li></ul></li><li>Metrics on information- and cybersecurity risk management should be collected and shared with senior leadership.</li></ul></div>
note A general note, for any purpose. External link Internal link	The goal of this control is to ensure that an organisation's cybersecurity risk management performance is continuously evaluated, reviewed, and adjusted as necessary. To achieve this goal, the following should be considered: • Key Performance Indicators (KPIs) should be identified, implemented and regularly reviewed to ensure that organisation-wide policies and procedures achieve the information- and cybersecurity objectives. • Key information and cybersecurity-related risk indicators should be regularly assessed to identify risks to the organisation, including likelihood and potential impact. Information and cybersecurity-related risk indicators are for example: o Number of cyber-attacks detected o Number of data leaks detected o Time to detection o Time to recovery o Number of devices not managed by the organisation o Level of access different users have to sensitive data o Number of not-up-to-date software and systems o Number of unmanaged network connections • Metrics on information- and cybersecurity risk management should be collected and shared with senior leadership.
notation A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. External link Internal link	GV.OV-03.1
alternative label skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. External link Internal link	Cybersecurity performance evaluation
preferred label A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. External link Internal link	The organisation's cybersecurity risk management performance shall be evaluated, reviewed and adjusted when necessary
is in scheme Relates a resource (for example a concept) to a concept scheme in which it is included. External link Internal link	http://cyfun.data.gift/data/CyFun2025 External link Internal link
is in scheme Relates a resource (for example a concept) to a concept scheme in which it is included. External link Internal link	http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL External link Internal link
is in scheme Relates a resource (for example a concept) to a concept scheme in which it is included. External link Internal link	http://cyfun.data.gift/data/CyFun2025_ESSENTIAL External link Internal link
http://cyfun.data.gift/ontology#level External link Internal link	http://cyfun.data.gift/data/level_ESSENTIAL External link Internal link
triple count The number of triples associated with the subject. External link Internal link	17
in dataset Specifies the dataset the subject is part of. External link Internal link	http://data.gift/d/datasets/69E8863AA6CE46D9ACD13109 External link Internal link

type

The subject is an instance of a class.

http://cyfun.data.gift/ontology#Requirement

type

The subject is an instance of a class.

Concept

An idea or notion; a unit of thought.

label

A human-readable name for the subject.

GV.OV-03.1: The organisation's cybersecurity risk management performance shall be evaluated, reviewed and adjusted when necessary

http://cyfun.data.gift/ontology#requirementId

GV.OV-03.1

http://cyfun.data.gift/ontology#foundIn

http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p31

has broader

Relates a concept to a concept that is more general in meaning.

http://cyfun.data.gift/data/subcategory_GV.OV-03

note

A general note, for any purpose.

The goal of this control is to ensure that an organisation's cybersecurity risk management performance is continuously evaluated, reviewed, and adjusted as necessary. To achieve this goal, the following should be considered: - Key Performance Indicators (KPIs) should be identified, implemented and regularly reviewed to ensure that organisation-wide policies and procedures achieve the information- and cybersecurity objectives. - Key information and cybersecurity-related risk indicators should be regularly assessed to identify risks to the organisation, including likelihood and potential impact. Information and cybersecurity-related risk indicators are for example: - Number of cyber-attacks detected - Number of data leaks detected - Time to detection - Time to recovery - Number of devices not managed by the organisation - Level of access different users have to sensitive data - Number of not-up-to-date software and systems - Number of unmanaged network connections - Metrics on information- and cybersecurity risk management should be collected and shared with senior leadership.

note

A general note, for any purpose.

note

A general note, for any purpose.

<div><p>The goal of this control is to ensure that an organisation's cybersecurity risk management performance is continuously evaluated, reviewed, and adjusted as necessary. To achieve this goal, the following should be considered:</p><ul><li>Key Performance Indicators (KPIs) should be identified, implemented and regularly reviewed to ensure that organisation-wide policies and procedures achieve the information- and cybersecurity objectives.</li><li>Key information and cybersecurity-related risk indicators should be regularly assessed to identify risks to the organisation, including likelihood and potential impact. Information and cybersecurity-related risk indicators are for example:<ul><li>Number of cyber-attacks detected</li><li>Number of data leaks detected</li><li>Time to detection</li><li>Time to recovery</li><li>Number of devices not managed by the organisation</li><li>Level of access different users have to sensitive data</li><li>Number of not-up-to-date software and systems</li><li>Number of unmanaged network connections</li></ul></li><li>Metrics on information- and cybersecurity risk management should be collected and shared with senior leadership.</li></ul></div>

note

A general note, for any purpose.

The goal of this control is to ensure that an organisation's cybersecurity risk management performance is continuously evaluated, reviewed, and adjusted as necessary. To achieve this goal, the following should be considered: • Key Performance Indicators (KPIs) should be identified, implemented and regularly reviewed to ensure that organisation-wide policies and procedures achieve the information- and cybersecurity objectives. • Key information and cybersecurity-related risk indicators should be regularly assessed to identify risks to the organisation, including likelihood and potential impact. Information and cybersecurity-related risk indicators are for example: o Number of cyber-attacks detected o Number of data leaks detected o Time to detection o Time to recovery o Number of devices not managed by the organisation o Level of access different users have to sensitive data o Number of not-up-to-date software and systems o Number of unmanaged network connections • Metrics on information- and cybersecurity risk management should be collected and shared with senior leadership.

notation

A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme.

GV.OV-03.1

alternative label

skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties.

Cybersecurity performance evaluation

preferred label

A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag.

The organisation's cybersecurity risk management performance shall be evaluated, reviewed and adjusted when necessary

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025_ESSENTIAL

http://cyfun.data.gift/ontology#level

http://cyfun.data.gift/data/level_ESSENTIAL

triple count

The number of triples associated with the subject.

in dataset

Specifies the dataset the subject is part of.

http://data.gift/d/datasets/69E8863AA6CE46D9ACD13109

References

Inverse links to the subject.

Property	Subject
http://cyfun.data.gift/ontology#hasRequirement External link Internal link	http://cyfun.data.gift/data/subcategory_GV.OV-03 External link Internal link
has narrower Relates a concept to a concept that is more specific in meaning. External link Internal link	http://cyfun.data.gift/data/subcategory_GV.OV-03 External link Internal link

http://cyfun.data.gift/ontology#hasRequirement

http://cyfun.data.gift/data/subcategory_GV.OV-03

has narrower

Relates a concept to a concept that is more specific in meaning.

http://cyfun.data.gift/data/subcategory_GV.OV-03

http://cyfun.data.gift/data/requirement_GV_OV_03_1

other concept-schemes 3

broader concepts 1

Properties and relations

References