Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
ID.RA-03.1: Threats shall be identified and assessed in relation to all relevant assets, including software, network and system architectures, and facilities. |
|
ID.RA-03.1 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p68 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p49 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that threats are systematicallyidentified and assessed in relation to all relevant assets, including software, network and system architectures, and facilities. This builds on ID.RA-01.1, which establishes the foundation for identifying both threats and vulnerabilities across critical assets. To achieve this goal, the organisation should:</p><ul><li>Extend Threat Identification Across All Assets Threats should be assessed in relation to all relevant assets, including IT and OT systems, applications, net- work designs, and physical facilities that support critical operations.</li><li>Maintain a Dedicated Threat Intelligence Process A structured process should be in place to gather, analyse, and assess threat intelligence from internal and external sources, including sector-specific advisories and OT-focused threat feeds.</li><li>Differentiate Threat Intelligence from Vulnerability Management Threat intelligence should be managed separately from vulnerability management, with distinct processes and evidence to ensure clarity and focus.Threats refer to potential actors or events, while vulnerabilities refer to weaknesses that could be exploited.</li><li>Integrate with Risk Analysis Identified threats should be linked to known vulnerabilities and recorded in a central risk register to support prioritisation and mitigation planning, as outlined in ID.RA-01.1.</li><li>Include OT-Specific Threats ThreatassessmentsshouldconsiderOT-specificriskssuchassupplychaincompromise,unauthorisedremote access, and exploitation of legacy systems or proprietary protocols.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that threats are systematicallyidentified and assessed in relation to all relevant assets, including software, network and system architectures, and facilities. This builds on ID.RA-01.1, which establishes the foundation for identifying both threats and vulnerabilities across critical assets. To achieve this goal, the organisation should: - Extend Threat Identification Across All Assets Threats should be assessed in relation to all relevant assets, including IT and OT systems, applications, net- work designs, and physical facilities that support critical operations. - Maintain a Dedicated Threat Intelligence Process A structured process should be in place to gather, analyse, and assess threat intelligence from internal and external sources, including sector-specific advisories and OT-focused threat feeds. - Differentiate Threat Intelligence from Vulnerability Management Threat intelligence should be managed separately from vulnerability management, with distinct processes and evidence to ensure clarity and focus.Threats refer to potential actors or events, while vulnerabilities refer to weaknesses that could be exploited. - Integrate with Risk Analysis Identified threats should be linked to known vulnerabilities and recorded in a central risk register to support prioritisation and mitigation planning, as outlined in ID.RA-01.1. - Include OT-Specific Threats ThreatassessmentsshouldconsiderOT-specificriskssuchassupplychaincompromise,unauthorisedremote access, and exploitation of legacy systems or proprietary protocols. |
|
A general note, for any purpose. |
The goal of this control is to ensure that threats are systematicallyidentified and assessed in relation to all relevant assets, including software, network and system architectures, and facilities. This builds on ID.RA-01.1, which establishes the foundation for identifying both threats and vulnerabilities across critical assets. To achieve this goal, the organisation should: - Extend Threat Identification Across All Assets Threats should be assessed in relation to all relevant assets, including IT and OT systems, applications, net- work designs, and physical facilities that support critical operations. - Maintain a Dedicated Threat Intelligence Process A structured process should be in place to gather, analyse, and assess threat intelligence from internal and external sources, including sector-specific advisories and OT-focused threat feeds. - Differentiate Threat Intelligence from Vulnerability Management Threat intelligence should be managed separately from vulnerability management, with distinct processes and evidence to ensure clarity and focus.Threats refer to potential actors or events, while vulnerabilities refer to weaknesses that could be exploited. - Integrate with Risk Analysis Identified threats should be linked to known vulnerabilities and recorded in a central risk register to support prioritisation and mitigation planning, as outlined in ID.RA-01.1. - Include OT-Specific Threats ThreatassessmentsshouldconsiderOT-specificriskssuchassupplychaincompromise,unauthorisedremote access, and exploitation of legacy systems or proprietary protocols. |
|
A general note, for any purpose. |
The goal of this control is to ensure that threats are systematicallyidentified and assessed in relation to all relevant assets, including software, network and system architectures, and facilities. This builds on ID.RA-01.1, which establishes the foundation for identifying both threats and vulnerabilities across critical assets. To achieve this goal, the organisation should: • Extend Threat Identification Across All Assets Threats should be assessed in relation to all relevant assets, including IT and OT systems, applications, net- work designs, and physical facilities that support critical operations. • Maintain a Dedicated Threat Intelligence Process A structured process should be in place to gather, analyse, and assess threat intelligence from internal and external sources, including sector-specific advisories and OT-focused threat feeds. • Differentiate Threat Intelligence from Vulnerability Management Threat intelligence should be managed separately from vulnerability management, with distinct processes and evidence to ensure clarity and focus.Threats refer to potential actors or events, while vulnerabilities refer to weaknesses that could be exploited. • Integrate with Risk Analysis Identified threats should be linked to known vulnerabilities and recorded in a central risk register to support prioritisation and mitigation planning, as outlined in ID.RA-01.1. • Include OT-Specific Threats ThreatassessmentsshouldconsiderOT-specificriskssuchassupplychaincompromise,unauthorisedremote access, and exploitation of legacy systems or proprietary protocols. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
ID.RA-03.1 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Threat assessment for assets |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Threats shall be identified and assessed in relation to all relevant assets, including software, network and system architectures, and facilities. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1