Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
MIL1 requirements
a. Internal and external information sources to support threat management activities are identified, at least in an ad hoc manner
b. Information about cybersecurity threats is gathered and interpreted for the function, at least in an ad hoc manner
c. Threat objectives for the function are identified, at least in an ad hoc manner
d. Threats that are relevant to the delivery of the function are addressed, at least in an ad hoc manner
MIL2 requirements
e. A threat profile for the function is established that includes threat objectives and additional threat characteristics (for example, threat actor types, motives, capabilities, and targets)
f. Threat information sources that collectively address all components of the threat profile are prioritized and monitored
g. Identified threats are analyzed and prioritized and are addressed accordingly
h. Threat information is exchanged with stakeholders (for example, executives, operations staff, government, connected organizations, vendors, sector organizations, regulators, Information Sharing and Analysis Centers [ISACs])
MIL3 requirements
i. The threat profile for the function is updated periodically and according to defined triggers, such as system changes and external events
j. Threat monitoring and response activities leverage and trigger predefined states of operation (SITUATION-3g)
k. Secure, near-real-time methods are used for receiving and sharing threat information to enable rapid analysis and action
MIL1 requirements
a. Internal and external information sources to support threat management activities are identified, at least in an ad hoc manner
b. Information about cybersecurity threats is gathered and interpreted for the function, at least in an ad hoc manner
c. Threat objectives for the function are identified, at least in an ad hoc manner
d. Threats that are relevant to the delivery of the function are addressed, at least in an ad hoc manner
MIL2 requirements
e. A threat profile for the function is established that includes threat objectives and additional threat characteristics (for example, threat actor types, motives, capabilities, and targets)
f. Threat information sources that collectively address all components of the threat profile are prioritized and monitored
g. Identified threats are analyzed and prioritized and are addressed accordingly
h. Threat information is exchanged with stakeholders (for example, executives, operations staff, government, connected organizations, vendors, sector organizations, regulators, Information Sharing and Analysis Centers [ISACs])
MIL3 requirements
i. The threat profile for the function is updated periodically and according to defined triggers, such as system changes and external events
j. Threat monitoring and response activities leverage and trigger predefined states of operation (SITUATION-3g)
k. Secure, near-real-time methods are used for receiving and sharing threat information to enable rapid analysis and action
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
