Lesson 1: Define critical infrastructure services.
Lesson 2: Describe the critical infrastructure service and determine its service level.
Lesson 3: Define the providers of critical infrastructure services.
Lesson 4: Identify the critical activities, resources and responsible persons needed to provide the critical infrastructure service.
Lesson 5: Analyse and identify the interdependencies of services from the viewpoint of the state’s operation.
Lesson 6: Visualise critical infrastructure data.
Lesson 7: Identify important information systems and assess their importance.
Lesson 8: Identify and analyse the interconnections and dependencies of information systems.
Lesson 9: Focus on more critical services and prioritise your activities.
Lesson 10: Identify threats and vulnerabilities.
Lesson 11: Assess the impact of service disruptions.
Lesson 12: Assess the risks associated with the service and information system.
Lesson 13: Implement the necessary security measures.
Lesson 14: Create a functioning organisation to protect critical information infrastructure.
Lesson 15: Follow regulations to improve cyber resilience of critical infrastructure services.
Lesson 16: Assess the security level of your information systems yourself and ask external experts to assess them as well.
Lesson 17: Scan networks yourself and ask external experts to scan them as well to find the organisation’s systems that shouldn’t be connected to the internet, but still are connected.
Lesson 18: Prepare business continuity and disaster recovery plans and test them at reasonable intervals.
Lesson 19: Establish reliable relations and maintain them.
Lesson 20: Share information and be a part of networks where information is shared.
Lesson 21: Train people to make sure they are aware of cyber threats and know how to behave.
Lesson 22: If the CII protection system does not work as planned and does not give the desired output, make improvements to the system.
Lesson 23:
Be prepared to provide critical infrastructure services without IT systems.
If possible, reduce dependence on IT systems.
If possible, during a crisis, provide critical services at reduced functionality and/or in reduced volumes.
3.12.71.237