nis implementation & challenges€¦ · industry standard best practices risk management...
TRANSCRIPT
![Page 1: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/1.jpg)
NIS IMPLEMENTATION & CHALLENGESCSC webinar – 11/06/2020
![Page 2: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/2.jpg)
INTRODUCING DNS BELGIUM
2
#0
![Page 3: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/3.jpg)
WHO WE ARE
3
Top Level Domain registry
Not-for profit organisation
![Page 4: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/4.jpg)
ORGANISATION
4
Founding members Effective members
4
![Page 5: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/5.jpg)
CORE TASKS
5
Registry database administration
Lookup services (WHOIS/RDAP)
Authoritative DNS operation
![Page 6: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/6.jpg)
KEY FIGURES
6
≈ 35 Employees
+1,65m .be
8.100 .brussels
6.500 .vlaanderen
Domain names
20.000New registrations
per month
400Registrars
+7m €Income
![Page 7: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/7.jpg)
STRATEGIC OBJECTIVES
7
Operational excellence
Sustainability in its broad definition
Cyber security
Internal security State of the art corporate
governance
Legal compliance
![Page 8: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/8.jpg)
CONTEXT AKA ISO/IEC 27001 CHAPTER 4
8
#1
![Page 9: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/9.jpg)
INFORMATION SECURITY VERSUS CYBERSECURITY
9
Source:
https://www.ntnu.edu/ccis/
![Page 10: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/10.jpg)
BEFORE 2016
• Very mature technical baseline but no management “framework”
• Implicit risk management
• No dedicated security officer
• Legal initiatives in the field of cybersecurity ?
• 01/2015 -> Start “ISO 27001” project
10
![Page 11: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/11.jpg)
ANNEX II OF THE NIS DIRECTIVE
11
That’s us
![Page 12: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/12.jpg)
EU CYBERSECURITY ACT
12
• As a priority focus for future mandatory schemes: the sectors listed in Annex II of the NIS Directive (which includes TLD registries)
![Page 13: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/13.jpg)
RELATIONSHIP WITH THE NIS DIRECTIVE
• EU Cybersecurity Act & NIS Directive are both part of the EU Cybersecurity Package
• They focus on complementary activities to drive greater cybersecurity resilience across the EU
• The NIS Directive emphasises cybersecurity incident preparedness and cooperative response planning and management
• The Cybersecurity Certification Framework focuses on cybersecurity certification schemes to ensure actors like service providers take reasonable cybersecurity measures upfrontin their ICT products, services, and processes (‘security by design’)
13
![Page 14: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/14.jpg)
TITLE OF THE PRESENTATION 14
SCOPING
#Challenge 1
![Page 15: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/15.jpg)
SCOPE DRIFT?
15
Scope NIS
Scope GDPR
Scope CSA
Scope NIS
![Page 16: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/16.jpg)
NIS 2.0?
16
Source:
https://www.europarl.europa.eu
![Page 17: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/17.jpg)
THE ECOSYSTEM
17
Source:
https://www.icann.org
![Page 18: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/18.jpg)
SHARING AND CARING WITHIN CENTR
• Security Working Group since 2011
• ISO/IEC 27001 implementation workshops
• GDPR & NIS experience sharing
• S3G project for EU CSA
• …
And also TECH, R&D, Legal, Admin, Marketing
working groups
18
![Page 19: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/19.jpg)
THE POWER OF THE SoA
20
#2
![Page 20: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/20.jpg)
THE GLOBAL PICTURE
21
A.18.2.3 Technical
compliance review
GAPS
![Page 21: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/21.jpg)
SoA, MIND MAPPING FOR THE CISO
• Statement of Applicability
• What controls are applied via which policies & procedures
• Why these controls are implemented
• At least Annex A controls are considered/evaluated
• But can be extended (but who does this?)
❖ ISO/IEC 27017
❖ ISO/IEC 27701
❖ …
22
![Page 22: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/22.jpg)
SoA IN PRACTICE
23
x
x
NIS consequences
![Page 23: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/23.jpg)
A STANDARD FOR MANAGERS
• ISO/IEC 27001 is a management standard
• How to implement, operate & improve your ISMS
• Limited/restricted set of controls and controls “as is”
• Security policy translates, clarifies, and communicates the
management position on security -> high-level security principles
• Security policy acts as a bridge between management objectives and
specific security requirements
24
![Page 24: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/24.jpg)
TITLE OF THE PRESENTATION 25
HOW TO MONITOR EFFECTIVENESS
#Challenge 2
![Page 25: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/25.jpg)
CHAPTER 9: PERFORMANCE EVALUATION
26
Nonconformity source Examples
Business requirements Availability issues (KPI's/SLA's)
Business Continuity Management reviews
Security requirements Policy reviews
Security baseline analysis
Legal, regulatory and contractual requirements Vendor management
Legal assessments
Contact with special interest groups Feedback from interested parties
Industry standard best practices
Risk management processes Risk assessment output
Gap analysis
Information security incidents Knowledge gained from analysing and resolving incidents
Log files, network flows and monitoring alerts
Internal and external audits Review meetings
Audit reports
Management reviews Review meetings
Information security objectives monitoring
Technical security audits Results from penetration testing
Results from vulnerability scanning
ISMS evaluation and document reviews Outcome from ISMS review cycles
Internal security forums
...
![Page 26: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/26.jpg)
NO STANDARD STANDARD
27
#3
![Page 27: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/27.jpg)
NIS LAW ARTICLE 20
• The OES shall take appropriate and proportionate technical
and organisational measures to manage the risks that threaten
the security of networks and information systems on which its
essential services depend
❖What is “appropriate”?
❖What is “proportionate”?
❖How to audit technical measures?
28
} A risk-based
business decission
![Page 28: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/28.jpg)
NIS LAW ARTICLE 20
• The OES shall take appropriate and proportionate technical and
organisational measures to manage the risks …
=> Organisational measures = ISMS = ISO/IEC 27001
=> Technical measures = ISO/IEC 27002, 27017, 27018, 27032, … ? PCI DSS, …
• These measures shall ensure a level of physical and logical security
appropriate to the existing risks, taking into account the state of knowledge
=> ISO/IEC 27005, ISO 31000, …
• The operator shall also take appropriate measures to prevent or limit the
impact of incidents …, with a view to ensuring the continuity of these services
=> NIST cybersecurity framework; ISO 22301
29
![Page 29: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/29.jpg)
A FOUNDATION TO CREATE YOUR OWN BASELINE
• Management standard
• Technical standard
• Best practice
30
Source: https://www.enisa.europa.eu
![Page 30: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/30.jpg)
TITLE OF THE PRESENTATION 31
SECTOR-SPECIFIC
#Challenge 3
![Page 31: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/31.jpg)
HORIZONTAL VERSUS VERTICAL
32
Source:
https://www.enisa.europa.eu
![Page 32: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/32.jpg)
FOUNDATIONS OF THE INTERNET
33
![Page 33: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/33.jpg)
BEST PRACTICES
34
![Page 34: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/34.jpg)
REALITY CHECK
35
![Page 35: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/35.jpg)
FILLING THE GAPS
36
#4
![Page 36: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/36.jpg)
LEGAL FRAMEWORK
• GDPR -> NIS -> EU CSA
37
TABLE 1: Mapping products and services on legislation
TABLE 2: Mapping legislation on standards and best practices
Legislation ccTLD implementation Main object
GDPR ISO/IEC 27001 ISO/IEC 27002 ISO/IEC 27018 ISO/IEC 27701 … Customer
NIS ISO/IEC 27001 ISO/IEC 27002 ISO 22301 … Network and
information systems
CSA (GDPR + NIS) DNSSEC DoT Vuln. scanning PEN testing … ConsumerCertification scheme (incl. technical standards)
Product Service Relevant legislation
.ccTLD authoritative DNS service NIS CSA
registration service GDPR NIS CSA
lookup service GDPR CSA
![Page 37: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/37.jpg)
PLAYBOOKS
38
![Page 38: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/38.jpg)
CM-SMM
39
Baseline
(ML3)
![Page 39: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/39.jpg)
CM-SMM
40
![Page 40: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/40.jpg)
TECHNICAL MEASURES
41
#5
![Page 41: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/41.jpg)
WHAT’S IN THE TOOLBOX?
• DNSSEC
• Domain Guard
• Domain Shield
• Local/global anycast
42
![Page 42: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/42.jpg)
44
DNSSEC
• How can we be sure that the public keys are not tampered with?
• Solution: store a hash of the DNSKEY record at the parent, in a DS record
= trust anchors
Sourc
e: im
perv
a.c
om
![Page 43: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/43.jpg)
TITLE OF THE PRESENTATION 45
USE IT OR LOSE IT (*)
#Challenge 4
![Page 44: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/44.jpg)
CHICKEN AND EGG
• Core infrastructure of DNS has been equipped with
DNSSEC support
o July 2010: root signed
o Aug 2010: be zone signed
o Oct 2010: first registrars started signing domains
• Caching recursive name servers need to enable
DNSSEC validation
• Registrants/registrars need to sign the DNS zones
associated with these domains using DNSSEC
46
![Page 45: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/45.jpg)
DNS HIJACKING – FACEBOOK vs NY TIMES
48
![Page 46: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/46.jpg)
DDOS DEFENSE: ANYCAST DNS
• In anycast, one IP address can apply to many servers
• Anycast DNS means that any one of a number of DNS
servers can respond to DNS queries
• Typically the one that is geographically closest will provide
the response (path-length; BGP)
49
![Page 47: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/47.jpg)
DDOS PROTECTION: ANYCAST@ISP
50
unaffected users /
caching name servers@ISP
massive
DDOS attack
![Page 48: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/48.jpg)
ISMS IN DAILY LIFE
51
#6
![Page 49: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/49.jpg)
TITLE OF THE PRESENTATION 52
HOW TO KEEP IT ALIVE?
#Challenge 5
![Page 50: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/50.jpg)
AWARENESS
• Repeat - repeat – repeat
• ISMS content reviews by relevant staff
• Both internal & external
o Campaigns
o Projects
o Cyber security challenges
o …
53
![Page 51: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/51.jpg)
RISK MANAGEMENT
• Based on ISO/IEC 27005
• Corporate risk mgmt
• Security risk assessments incorporated in project mgmt flow
• Risk treatment incorporated in agile organisation
54
![Page 52: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/52.jpg)
SIEM
• Trigger alert
Ticketing system
• Automated creation of security event/incident
Monitoring officer
• Triage
• Basic analysis
Subject matter expert
• Detailed analysis
• Documentation
Staff (*)
• Report all security events/incidents
Ticketing system
• Creation of security event/incident
Security officer
• Analysis
• Documentation
Subject matter expert
• Detailed analysis
• Documentation
REPORTING INCIDENTS
55
![Page 53: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/53.jpg)
AUDITS
56
IA Q1
EA H1
IA Q2
IA Q3
IA Q4
EA H2
![Page 54: NIS IMPLEMENTATION & CHALLENGES€¦ · Industry standard best practices Risk management processes Risk assessment output Gap analysis Information security incidents Knowledge gained](https://reader034.vdocuments.us/reader034/viewer/2022050105/5f437aacdb3e1678c87b984e/html5/thumbnails/54.jpg)