APPENDIX 1: LESSONS LEARNED

Lesson 1: Define critical infrastructure services.

Lesson 2: Describe the critical infrastructure service and determine its service level.

Lesson 3: Define the providers of critical infrastructure services.

Lesson 4: Identify the critical activities, resources and responsible persons needed to provide the critical infrastructure service.

Lesson 5: Analyse and identify the interdependencies of services from the viewpoint of the state’s operation.

Lesson 6: Visualise critical infrastructure data.

Lesson 7: Identify important information systems and assess their importance.

Lesson 8: Identify and analyse the interconnections and dependencies of information systems.

Lesson 9: Focus on more critical services and prioritise your activities.

Lesson 10: Identify threats and vulnerabilities.

Lesson 11: Assess the impact of service disruptions.

Lesson 12: Assess the risks associated with the service and information system.

Lesson 13: Implement the necessary security measures.

Lesson 14: Create a functioning organisation to protect critical information infrastructure.

Lesson 15: Follow regulations to improve cyber resilience of critical infrastructure services.

Lesson 16: Assess the security level of your information systems yourself and ask external experts to assess them as well.

Lesson 17: Scan networks yourself and ask external experts to scan them as well to find the organisation’s systems that shouldn’t be connected to the internet, but still are connected.

Lesson 18: Prepare business continuity and disaster recovery plans and test them at reasonable intervals.

Lesson 19: Establish reliable relations and maintain them.

Lesson 20: Share information and be a part of networks where information is shared.

Lesson 21: Train people to make sure they are aware of cyber threats and know how to behave.

Lesson 22: If the CII protection system does not work as planned and does not give the desired output, make improvements to the system.

Lesson 23:

Be prepared to provide critical infrastructure services without IT systems.

If possible, reduce dependence on IT systems.

If possible, during a crisis, provide critical services at reduced functionality and/or in reduced volumes.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.12.71.237