🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BSI 23/30479527 DC 2023

BSI 23/30479527 DC 2023

$13.70

BS EN 18037 Guidelines on a sectoral cybersecurity assessment

Published By Publication Date Number of Pages
BSI 2023 66
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Category:

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

PDF Catalog

PDF Pages PDF Title
7 Introduction
9 1 Scope
2 Normative references
3 Terms and definitions
3.1 General terms
10 3.2 Terms related to organization
11 3.3 Terms related to sectoral approach to cybersecurity
12 3.4 Terms related to risk
14 4 Abbreviations
5 Sectoral Cybersecurity Assessment
5.1 Application of the sectoral cybersecurity assessment methodology
16 5.2 Principles and new capacities
19 6 Sectoral representation of risk
6.1 Sectoral ICT systems
6.1.1 Sectoral ICT system components and their relationships
6.1.2 Multi-layered architecture of sectoral ICT system
21 6.1.3 Risk –based definitions of cybersecurity and assurance requirements in sectoral systems
22 6.1.4 Sectoral ICT system architecture relevance for risk assessment
23 6.1.5 Cybersecurity certification of sectoral ICT systems
24 6.2 Consistent sectoral risk assessment
25 6.3 Performing sectoral risk assessment
6.3.1 General
26 6.3.2 Choosing an approach
6.3.3 Identifying business processes, objectives and requirements
6.3.4 Identifying primary and supporting assets
27 6.3.5 Defining risk scenarios
6.3.6 Assessment of consequences in risk scenarios
28 6.3.7 Assessment of likelihood in risk scenarios
29 6.3.8 Adding the attacker perspective: assessment of attack potential
30 6.3.9 Risk re-assessment for supporting assets
7 Normalized representation of risk, cybersecurity and assurance
7.1 Risk assessment results: meta-risk classes
31 7.2 Risk-based definition of common security levels and selection of controls
7.2.1 General
7.2.2 Introducing Common Security Levels (CSL)
32 7.2.3 Applying Meta-risk Classes and Common Security Levels for sectoral risk treatment
7.2.4 Attack Potential as criterion for selecting the CSL of controls
7.3 Consistent implementation of assurance
7.3.1 Introduction
33 7.3.2 Definition of a common assurance reference concept based on ISO/IEC 15408
34 7.3.3 Applying CTI concept of attack potential to CAR
8 Mapping cybersecurity and assurance requirements to scheme’s representation
35 Annex A (informative)Examples of normalized scales in sectoral risk assessment
A.1 Qualitative approach for assessment of consequences
36 A.2 Qualitative approach to likelihood assessment
A.3 Qualitative approach to risk estimation
37 A.4 Qualitative approach to risk mitigation
38 A.5 Addressing meta-risk classes by Common Assurance Reference classification
39 Annex B (informative)CTI fundamentals
B.1 General
40 B.2 Attacker types
41 B.3 Characteristics of attackers
45 B.4 Criteria for attack potential qualitative estimation
B.4.1 Characteristics: Opportunity
B.4.1.1 Area: System Access/Knowledge
47 B.4.1.2 Area: Vulnerabilities
49 B.4.2 Characteristics: Means
B.4.2.1 Area: Capabilities and Resources
51 B.4.2.2 Area: Skills
53 B.4.3 Characteristic: Motives
B.4.3.1 Area: Valuation
54 B.4.3.2 Area: Goals
56 B.5 Estimating Attack potential using CTI approach
B.5.1 General
B.5.2 Characteristics: Opportunity
57 B.5.3 Characteristics: Means
B.5.4 Characteristics: Motives
58 B.5.5 Calculation of attack potential level (APL)
B.5.6 Finding equivalence between CTI and ISO/IEC 18045 for the attack potential estimation
61 Annex C (informative)Application of Common Security Level approach – examples
C.1 General
C.2 Example use case: Mobile device-based authentication system
63 C.3 Example use case: Protection against cloned devices and cheating vendors
65 Annex D (informative)Example of assurance level mapping

Related products

BSI 23/30479527 DC 2023
$13.70