>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

1.6.11.6.1

>Control Description

+ A definition for a reportable security event or observation exists and is known by employees and relevant stakeholders. The following aspects are considered: - Events and observations related to personnel (e.g., misconduct / misbehaviour) - Events and observations related to physical security (e.g., intrusion, theft, unauthorized access to security zones, vulnerabilities in the security zones) - Events and observations related to IT and cyber security (e.g., vulnerable IT-systems, detected successful or unsuccessful attacks) - Events and observations related to suppliers and other business partners (e.g., any incidents that can have negative effect on the security of own organization) + Adequate mechanisms based on perceived risks to report security events are defined, implemented, and known to all relevant potential reporters + Adequate channels for communication with event reporters exist.

>Cross-Framework Mappings

SCF

IRO-02
Compare
IRO-03
Compare

Ask AI

Configure your API key to use AI features.