Content library
CyberFundamentals (Belgium)
PR.DS-4: Adequate capacity to ensure availability is maintained.

How to fill the requirement

CyberFundamentals (Belgium)

PR.DS-4: Adequate capacity to ensure availability is maintained.

Task name
Priority
Status
Theme
Policy
Other requirements
Definition and monitoring of alarm policies
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
requirements

Task is fulfilling also these other security requirements

12.4.1: Event logging
ISO27 Full
16.1.7: Collection of evidence
ISO27 Full
PR.DS-4: Availability
NIST
DE.AE-5: Incident alert thresholds
NIST
RS.AN-1: Notifications from detection systems
NIST
1. Task description

Often, security tools provide a way to set alert policies when something potentially dangerous happens in an organization's environment. For example, Microsoft 365 has built-in alert policies to alert you to abuse of administrator privileges, malware, potential internal and external risks, and data security risks.

The organization must identify security-related events in data systems and the environments in which they operate. To respond to changes related to these events, alarm policies must be created.

Alarm policies need to be actively monitored and modified based on experience.

Anticipating capacity-related problems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Technical vulnerability management
requirements

Task is fulfilling also these other security requirements

11.2.2: Supporting utilities
ISO27 Full
12.1.3: Capacity management
ISO27 Full
PR.DS-4: Availability
NIST
TEK-22: Tietojärjestelmien saatavuus
Julkri
8.6: Capacity management
ISO27k1 Full
1. Task description

The operation of information systems may depend on certain key resources, such as server capacity, file storage capacity, data processing capacity, monitoring capacity or certain key persons.

In particular, some of these resources may have long delivery times or high costs in certain situations, in which case special attention must be paid to future capacity problems with them.

We monitor the use of key system resources and identify trends, potential security bottlenecks and dependencies on important people.

Protection of critical systems from Denial-of-Service (DoS) attacks
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Network security
requirements

Task is fulfilling also these other security requirements

PR.DS-4: Adequate capacity to ensure availability is maintained.
CyFun
1. Task description

The organization should Implement measures to secure the organization’s critical systems from Denial-of-Service (DoS) attacks, or at least limit their impact. These could include:

  • Reviewing current system vulnerabilities
  • Deploying DoS mitigation solutions such as firewalls, intrusion detection systems, and traffic filtering
  • Using cloud-based DoS protection services
  • Configuring rate limiting and monitoring traffic patterns for anomalies
  • Developing a response plan to quickly react to and mitigate the effects of DoS attacks.
No items found.