Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
DE.CM-09.4: The organisation shall establish a system to accurately distinguish between legitimate alerts and false positives, ensuring effective detection and removal of malicious code. |
|
DE.CM-09.4 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p154 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure that the organisation can accurately identify real threats while avoiding unnecessary alerts caused by false positives. This helps improve the effectiveness of detecting and removing malicious code, while reducing wasted time and resources responding to harmless activity. To help detect and remove malicious code effectively while avoiding false alarms, the following practices should be considered: - Automatic Updates Malicious code protection tools should be configured to update automatically where possible, or manually according to a defined schedule, in line with organisational policies and operational constraints. - Secure Development Practices Software used in IT and OT systems should follow secure development practices, including code reviews and vulnerability checks, to reduce the risk of introducing malicious code. - Layered Protection Both signature-based protection (which detects known threats) and behaviour-based protection (which looks for unusual or suspicious activity) should be used in places where networks connect to the internet, where staff access control systems, and where files or data are shared between systems. - Scanning for Threats Protection tools should be set to perform regularscans and,where feasible, real-time checks offiles and data transfers, especially those coming from external sources or removable media. - Blocking and Quarantine Detected malicious code should be blocked and isolated to prevent it from affecting other systems. In OT environments, this should be done in a way that does not disrupt critical operations. - Alerts and Notifications Alerts should be sent to designated personnel when malicious code is detected, with clear procedures for responding in both IT and OT contexts. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that the organisation can accurately identify real threats while avoiding unnecessary alerts caused by false positives. This helps improve the effectiveness of detecting and removing malicious code, while reducing wasted time and resources responding to harmless activity. To help detect and remove malicious code effectively while avoiding false alarms, the following practices should be considered:</p><ul><li>Automatic Updates Malicious code protection tools should be configured to update automatically where possible, or manually according to a defined schedule, in line with organisational policies and operational constraints.</li><li>Secure Development Practices Software used in IT and OT systems should follow secure development practices, including code reviews and vulnerability checks, to reduce the risk of introducing malicious code.</li><li>Layered Protection Both signature-based protection (which detects known threats) and behaviour-based protection (which looks for unusual or suspicious activity) should be used in places where networks connect to the internet, where staff access control systems, and where files or data are shared between systems.</li><li>Scanning for Threats Protection tools should be set to perform regularscans and,where feasible, real-time checks offiles and data transfers, especially those coming from external sources or removable media.</li><li>Blocking and Quarantine Detected malicious code should be blocked and isolated to prevent it from affecting other systems. In OT environments, this should be done in a way that does not disrupt critical operations.</li><li>Alerts and Notifications Alerts should be sent to designated personnel when malicious code is detected, with clear procedures for responding in both IT and OT contexts.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that the organisation can accurately identify real threats while avoiding unnecessary alerts caused by false positives. This helps improve the effectiveness of detecting and removing malicious code, while reducing wasted time and resources responding to harmless activity. To help detect and remove malicious code effectively while avoiding false alarms, the following practices should be considered: • Automatic Updates Malicious code protection tools should be configured to update automatically where possible, or manually according to a defined schedule, in line with organisational policies and operational constraints. • Secure Development Practices Software used in IT and OT systems should follow secure development practices, including code reviews and vulnerability checks, to reduce the risk of introducing malicious code. • Layered Protection Both signature-based protection (which detects known threats) and behaviour-based protection (which looks for unusual or suspicious activity) should be used in places where networks connect to the internet, where staff access control systems, and where files or data are shared between systems. • Scanning for Threats Protection tools should be set to perform regularscans and,where feasible, real-time checks offiles and data transfers, especially those coming from external sources or removable media. • Blocking and Quarantine Detected malicious code should be blocked and isolated to prevent it from affecting other systems. In OT environments, this should be done in a way that does not disrupt critical operations. • Alerts and Notifications Alerts should be sent to designated personnel when malicious code is detected, with clear procedures for responding in both IT and OT contexts. |
|
A general note, for any purpose. |
The goal of this control is to ensure that the organisation can accurately identify real threats while avoiding unnecessary alerts caused by false positives. This helps improve the effectiveness of detecting and removing malicious code, while reducing wasted time and resources responding to harmless activity. To help detect and remove malicious code effectively while avoiding false alarms, the following practices should be considered: - Automatic Updates Malicious code protection tools should be configured to update automatically where possible, or manually according to a defined schedule, in line with organisational policies and operational constraints. - Secure Development Practices Software used in IT and OT systems should follow secure development practices, including code reviews and vulnerability checks, to reduce the risk of introducing malicious code. - Layered Protection Both signature-based protection (which detects known threats) and behaviour-based protection (which looks for unusual or suspicious activity) should be used in places where networks connect to the internet, where staff access control systems, and where files or data are shared between systems. - Scanning for Threats Protection tools should be set to perform regularscans and,where feasible, real-time checks offiles and data transfers, especially those coming from external sources or removable media. - Blocking and Quarantine Detected malicious code should be blocked and isolated to prevent it from affecting other systems. In OT environments, this should be done in a way that does not disrupt critical operations. - Alerts and Notifications Alerts should be sent to designated personnel when malicious code is detected, with clear procedures for responding in both IT and OT contexts. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
DE.CM-09.4 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Alert accuracy and false positive management |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall establish a system to accurately distinguish between legitimate alerts and false positives, ensuring effective detection and removal of malicious code. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1