3. INCIDENT HANDLING

3.1 Incident handling policy

3.1.1. For the purpose of Article 21(2), point (b) of Directive (EU) 2022/2555, the relevant entities shall establish an incident handling policy laying down the roles, responsibilities, and procedures for detecting, analysing, containing or responding to, recovering, documenting and reporting of incidents in a timely manner. 3.1.2. The policy referred to in point 3.1.1shall include:

Von |2024-09-16T11:34:04+02:00September 11th, 2024|Kommentare deaktiviert für 3.1 Incident handling policy

3.2 Monitoring and logging

3.2.1. The relevant entities shall lay down procedures and use tools to monitor and log activities on their network and information systems to detect events that could be considered as incidents and respond accordingly to mitigate the impact. 3.2.2. To the extent feasible, monitoring shall be automated and carried out either continuously or in periodic

Von |2024-09-11T14:47:51+02:00September 11th, 2024|Kommentare deaktiviert für 3.2 Monitoring and logging

3.3 Event reporting

3.3.1. The relevant entities shall put in place a simple mechanism allowing their employees, suppliers, and customers to report suspicious events. 3.3.2. The relevant entities shall communicate the event reporting mechanism to their suppliers and customers and shall regularly train their employees how to use the mechanism.

Von |2024-09-11T14:46:04+02:00September 11th, 2024|Kommentare deaktiviert für 3.3 Event reporting

3.4 Event assessment and classification

3.4.1. The relevant entities shall assess suspicious events to determine whether they constitute incidents and, if so, determine their nature and severity. 3.4.2. For the purpose of point 3.4.1, the relevant entities shall act in the following manner: (a) carry out the assessment based on predefined criteria laid down in advance, and on a triage

Von |2024-09-11T14:45:21+02:00September 11th, 2024|Kommentare deaktiviert für 3.4 Event assessment and classification

3.5 Incident response

3.5.1. The relevant entities shall respond to incidents in accordance with documented procedures and in a timely manner. 3.5.2. The incident response procedures shall include the following stages: (a) incident containment, to prevent the consequences of the incident from spreading; (b) eradication, to prevent the incident from continuing or reappearing, (c) recovery from the incident,

Von |2024-09-11T14:44:29+02:00September 11th, 2024|Kommentare deaktiviert für 3.5 Incident response

3.6 Post-incident reviews

3.6.1. The relevant entities shall carry out post-incident reviews that shall identify the root cause of the incident and result in lessons learned to reduce the occurrence and consequences of future incidents. 3.6.2. The relevant entities shall ensure that post-incident reviews contribute to improving their approach to network and information security, to risk treatment measures,

Von |2024-09-11T14:43:37+02:00September 11th, 2024|Kommentare deaktiviert für 3.6 Post-incident reviews
Nach oben