Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
The financial entities referred to in Article 16(1) of Regulation (EU) 2022/2554 shall, as part of their systems, protocols, and tools, and for all ICT assets:
(a) monitor and manage the lifecycle of all ICT assets;
(b) monitor whether the ICT assets are supported by ICT third-party service providers of financial entities, where applicable;
(c) identify capacity requirements of their ICT assets and measures to maintain and improve the availability and efficiency of ICT systems and prevent ICT capacity shortages before they materialise;
(d) perform automated vulnerability scanning and assessments of ICT assets commensurate to their classification as referred to in Article 30(1) and to the overall risk profile of the ICT asset, and deploy patches to address identified vulnerabilities;
(e) manage the risks related to outdated, unsupported, or legacy ICT assets;
(f) log events related to logical and physical access control, ICT operations, including system and network traffic activities, and ICT change management;
(g) identify and implement measures to monitor and analyse information on anomalous activities and behaviour for critical or important ICT operations;
(h) implement measures to monitor relevant and up-to-date information about cyber threats;
(i) implement measures to identify possible information leakages, malicious code and other security threats, and publicly known vulnerabilities in software and hardware, and check for corresponding new security updates.
For the purposes of point (f), financial entities shall align the level of detail of the logs with their purpose and usage of the ICT asset producing those logs.
The financial entities referred to in Article 16(1) of Regulation (EU) 2022/2554 shall, as part of their systems, protocols, and tools, and for all ICT assets:
(a) monitor and manage the lifecycle of all ICT assets;
(b) monitor whether the ICT assets are supported by ICT third-party service providers of financial entities, where applicable;
(c) identify capacity requirements of their ICT assets and measures to maintain and improve the availability and efficiency of ICT systems and prevent ICT capacity shortages before they materialise;
(d) perform automated vulnerability scanning and assessments of ICT assets commensurate to their classification as referred to in Article 30(1) and to the overall risk profile of the ICT asset, and deploy patches to address identified vulnerabilities;
(e) manage the risks related to outdated, unsupported, or legacy ICT assets;
(f) log events related to logical and physical access control, ICT operations, including system and network traffic activities, and ICT change management;
(g) identify and implement measures to monitor and analyse information on anomalous activities and behaviour for critical or important ICT operations;
(h) implement measures to monitor relevant and up-to-date information about cyber threats;
(i) implement measures to identify possible information leakages, malicious code and other security threats, and publicly known vulnerabilities in software and hardware, and check for corresponding new security updates.
For the purposes of point (f), financial entities shall align the level of detail of the logs with their purpose and usage of the ICT asset producing those logs.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
