Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
RS.CO-02.2: Cybersecurity incidents shall be shared with relevant external stakeholders within the timeframes defined in the Incident Response Plan, including reporting significant incidents to authorities as required by law. |
|
RS.CO-02.2 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p171 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p114 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure that all relevant external parties are informed about cybersecurity incidents in a timely, secure, and appropriate manner, helping to maintain trust and meet legal and contractual obligations. To achieve this: - Information should be shared securely and in line with the organisation’s Incident Response Plan and any information-sharing agreements. - Relevant stakeholders mayinclude designated internal roles, affected customers, suppliers, third-partyservice providers, and business partners. - Customers and partners should be notified if they are affected by an incident, with clear instructions on any actions they need to take. - Communication with external parties should follow any contractual requirements or agreements in place. - Crisis communication should be coordinated with critical suppliers to ensure consistent messaging. - When sharing information about attackers’ tactics or techniques, any sensitive or identifying data should be removed. - The Human Resources department should be informed if the incident involves malicious activity by an insider. - Senior leadership should receive regular updates on the status of major incidents. - National authorities, such as the CSIRT, law enforcement, or regulators, should be notified based on the criteria defined in the IRP and with approval from senior management. - All reporting should comply with relevant national and EU legislation, such as the EU Implementing Regu- lation. - Public updates about incidents are addressed under a separate control (RC.CO-04.1). |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that all relevant external parties are informed about cybersecurity incidents in a timely, secure, and appropriate manner, helping to maintain trust and meet legal and contractual obligations. To achieve this:</p><ul><li>Information should be shared securely and in line with the organisation’s Incident Response Plan and any information-sharing agreements.</li><li>Relevant stakeholders mayinclude designated internal roles, affected customers, suppliers, third-partyservice providers, and business partners.</li><li>Customers and partners should be notified if they are affected by an incident, with clear instructions on any actions they need to take.</li><li>Communication with external parties should follow any contractual requirements or agreements in place.</li><li>Crisis communication should be coordinated with critical suppliers to ensure consistent messaging.</li><li>When sharing information about attackers’ tactics or techniques, any sensitive or identifying data should be removed.</li><li>The Human Resources department should be informed if the incident involves malicious activity by an insider.</li><li>Senior leadership should receive regular updates on the status of major incidents.</li><li>National authorities, such as the CSIRT, law enforcement, or regulators, should be notified based on the criteria defined in the IRP and with approval from senior management.</li><li>All reporting should comply with relevant national and EU legislation, such as the EU Implementing Regu- lation.</li><li>Public updates about incidents are addressed under a separate control (RC.CO-04.1).</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that all relevant external parties are informed about cybersecurity incidents in a timely, secure, and appropriate manner, helping to maintain trust and meet legal and contractual obligations. To achieve this: • Information should be shared securely and in line with the organisation’s Incident Response Plan and any information-sharing agreements. • Relevant stakeholders mayinclude designated internal roles, affected customers, suppliers, third-partyservice providers, and business partners. • Customers and partners should be notified if they are affected by an incident, with clear instructions on any actions they need to take. • Communication with external parties should follow any contractual requirements or agreements in place. • Crisis communication should be coordinated with critical suppliers to ensure consistent messaging. • When sharing information about attackers’ tactics or techniques, any sensitive or identifying data should be removed. • The Human Resources department should be informed if the incident involves malicious activity by an insider. • Senior leadership should receive regular updates on the status of major incidents. • National authorities, such as the CSIRT, law enforcement, or regulators, should be notified based on the criteria defined in the IRP and with approval from senior management. • All reporting should comply with relevant national and EU legislation, such as the EU Implementing Regu- lation. • Public updates about incidents are addressed under a separate control (RC.CO-04.1). |
|
A general note, for any purpose. |
The goal of this control is to ensure that all relevant external parties are informed about cybersecurity incidents in a timely, secure, and appropriate manner, helping to maintain trust and meet legal and contractual obligations. To achieve this: - Information should be shared securely and in line with the organisation’s Incident Response Plan and any information-sharing agreements. - Relevant stakeholders mayinclude designated internal roles, affected customers, suppliers, third-partyservice providers, and business partners. - Customers and partners should be notified if they are affected by an incident, with clear instructions on any actions they need to take. - Communication with external parties should follow any contractual requirements or agreements in place. - Crisis communication should be coordinated with critical suppliers to ensure consistent messaging. - When sharing information about attackers’ tactics or techniques, any sensitive or identifying data should be removed. - The Human Resources department should be informed if the incident involves malicious activity by an insider. - Senior leadership should receive regular updates on the status of major incidents. - National authorities, such as the CSIRT, law enforcement, or regulators, should be notified based on the criteria defined in the IRP and with approval from senior management. - All reporting should comply with relevant national and EU legislation, such as the EU Implementing Regu- lation. - Public updates about incidents are addressed under a separate control (RC.CO-04.1). |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
RS.CO-02.2 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
External incident reporting |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Cybersecurity incidents shall be shared with relevant external stakeholders within the timeframes defined in the Incident Response Plan, including reporting significant incidents to authorities as required by law. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
1 |
|
|
The number of triples associated with the subject. |
21 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 23 of 23
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1