7. POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT MEASURES
8. BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING
9. CRYPTOGRAPHY

3.4 Event assessment and classification

3.4.1. The relevant entities shall assess suspicious events to determine whether they constitute incidents and, if so, determine their nature and severity.

3.4.2. For the purpose of point 3.4.1, the relevant entities shall act in the following manner:

(a) carry out the assessment based on predefined criteria laid down in advance, and on a triage to determine prioritisation of incident containment and eradication;
(b) assess the existence of recurring incidents as referred to in Article 4 of this Regulation on a quarterly basis;
(c) review the appropriate logs for the purposes of event assessment and classification;
(d) put in place a process for log correlation and analysis, and
(e) reassess and reclassify events in case of new information becoming available or after analysis of previously available information.

Stand: 27.06.2024

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!