Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.AT-02.2: Individuals in specialised roles shall be provided with awareness and training before privileges are granted, so that they possess the knowledge and skills to perform rel- evant tasks with cybersecurity risks in mind. |
|
PR.AT-02.2 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p76 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p107 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure that individuals in specialised roles receive cybersecurity awareness and training before privileged access is granted, enabling them to perform their tasks with a strong understanding of cybersecurity risks. To achieve this goal, the organisation should: - The specialised roles within the organisation that require additional cybersecurity training (e.g. physical and cybersecuritypersonnel,financepersonnel,peopleinmanagementroles,andanyonewithaccesstobusiness- critical data) should be formally identified. - Role-based cybersecurityawareness and training should be provided to all those in specialised roles, including contractors, partners, suppliers, and other third parties. - It should be ensured that the training is delivered before access is granted, and that it is tailored to the specific risks and responsibilities of each role. - Individuals should be periodically assessed and tested on their understanding of cybersecurity practices through tests, simulations, or practical evaluations relevant to their role. - Consider annual refreshers to reinforce existing practices and introduce new practices. - Both InformationTechnology(IT) and OperationalTechnology(OT) contexts should be included, particularly for roles that interact with industrial systems or critical infrastructure. |
|
A general note, for any purpose. |
The goal of this control is to ensure that individuals in specialised roles receive cybersecurity awareness and training before privileged access is granted, enabling them to perform their tasks with a strong understanding of cybersecurity risks. To achieve this goal, the organisation should: - The specialised roles within the organisation that require additional cybersecurity training (e.g. physical and cybersecuritypersonnel,financepersonnel,peopleinmanagementroles,andanyonewithaccesstobusiness- critical data) should be formally identified. - Role-based cybersecurityawareness and training should be provided to all those in specialised roles, including contractors, partners, suppliers, and other third parties. - It should be ensured that the training is delivered before access is granted, and that it is tailored to the specific risks and responsibilities of each role. - Individuals should be periodically assessed and tested on their understanding of cybersecurity practices through tests, simulations, or practical evaluations relevant to their role. - Consider annual refreshers to reinforce existing practices and introduce new practices. - Both InformationTechnology(IT) and OperationalTechnology(OT) contexts should be included, particularly for roles that interact with industrial systems or critical infrastructure. |
|
A general note, for any purpose. |
The goal of this control is to ensure that individuals in specialised roles receive cybersecurity awareness and training before privileged access is granted, enabling them to perform their tasks with a strong understanding of cybersecurity risks. To achieve this goal, the organisation should: • The specialised roles within the organisation that require additional cybersecurity training (e.g. physical and cybersecuritypersonnel,financepersonnel,peopleinmanagementroles,andanyonewithaccesstobusiness- critical data) should be formally identified. • Role-based cybersecurityawareness and training should be provided to all those in specialised roles, including contractors, partners, suppliers, and other third parties. • It should be ensured that the training is delivered before access is granted, and that it is tailored to the specific risks and responsibilities of each role. • Individuals should be periodically assessed and tested on their understanding of cybersecurity practices through tests, simulations, or practical evaluations relevant to their role. • Consider annual refreshers to reinforce existing practices and introduce new practices. • Both InformationTechnology(IT) and OperationalTechnology(OT) contexts should be included, particularly for roles that interact with industrial systems or critical infrastructure. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that individuals in specialised roles receive cybersecurity awareness and training before privileged access is granted, enabling them to perform their tasks with a strong understanding of cybersecurity risks. To achieve this goal, the organisation should:</p><ul><li>The specialised roles within the organisation that require additional cybersecurity training (e.g. physical and cybersecuritypersonnel,financepersonnel,peopleinmanagementroles,andanyonewithaccesstobusiness- critical data) should be formally identified.</li><li>Role-based cybersecurityawareness and training should be provided to all those in specialised roles, including contractors, partners, suppliers, and other third parties.</li><li>It should be ensured that the training is delivered before access is granted, and that it is tailored to the specific risks and responsibilities of each role.</li><li>Individuals should be periodically assessed and tested on their understanding of cybersecurity practices through tests, simulations, or practical evaluations relevant to their role.</li><li>Consider annual refreshers to reinforce existing practices and introduce new practices.</li><li>Both InformationTechnology(IT) and OperationalTechnology(OT) contexts should be included, particularly for roles that interact with industrial systems or critical infrastructure.</li></ul></div> |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.AT-02.2 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Specialised role training |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Individuals in specialised roles shall be provided with awareness and training before privileges are granted, so that they possess the knowledge and skills to perform rel- evant tasks with cybersecurity risks in mind. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1