{"id":446881,"date":"2024-10-20T08:49:01","date_gmt":"2024-10-20T08:49:01","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bsi-23-30479527-dc-2023\/"},"modified":"2024-10-26T16:25:46","modified_gmt":"2024-10-26T16:25:46","slug":"bsi-23-30479527-dc-2023","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bsi-23-30479527-dc-2023\/","title":{"rendered":"BSI 23\/30479527 DC 2023"},"content":{"rendered":"<h4>PDF Catalog<\/h4>\n<table border=\"1px\" class=\"des-table\">\n<tr>\n<th>PDF Pages<\/th>\n<th>PDF Title<\/th>\n<\/tr>\n<tr>\n<td><b>7<b><\/td>\n<td>Introduction  <\/td>\n<\/tr>\n<tr>\n<td><b>9<b><\/td>\n<td>1 Scope <br \/> 2 Normative references <br \/> 3 Terms and definitions <br \/> 3.1 General terms  <\/td>\n<\/tr>\n<tr>\n<td><b>10<b><\/td>\n<td>3.2 Terms related to organization  <\/td>\n<\/tr>\n<tr>\n<td><b>11<b><\/td>\n<td>3.3 Terms related to sectoral approach to cybersecurity  <\/td>\n<\/tr>\n<tr>\n<td><b>12<b><\/td>\n<td>3.4 Terms related to risk  <\/td>\n<\/tr>\n<tr>\n<td><b>14<b><\/td>\n<td>4 Abbreviations <br \/> 5 Sectoral Cybersecurity Assessment <br \/> 5.1 Application of the sectoral cybersecurity assessment methodology  <\/td>\n<\/tr>\n<tr>\n<td><b>16<b><\/td>\n<td>5.2 Principles and new capacities  <\/td>\n<\/tr>\n<tr>\n<td><b>19<b><\/td>\n<td>6 Sectoral representation of risk <br \/> 6.1 Sectoral ICT systems <br \/> 6.1.1 Sectoral ICT system components and their relationships <br \/> 6.1.2 Multi-layered architecture of sectoral ICT system  <\/td>\n<\/tr>\n<tr>\n<td><b>21<b><\/td>\n<td>6.1.3 Risk \u2013based definitions of cybersecurity and assurance requirements in sectoral systems  <\/td>\n<\/tr>\n<tr>\n<td><b>22<b><\/td>\n<td>6.1.4 Sectoral ICT system architecture relevance for risk assessment  <\/td>\n<\/tr>\n<tr>\n<td><b>23<b><\/td>\n<td>6.1.5 Cybersecurity certification of sectoral ICT systems  <\/td>\n<\/tr>\n<tr>\n<td><b>24<b><\/td>\n<td>6.2 Consistent sectoral risk assessment  <\/td>\n<\/tr>\n<tr>\n<td><b>25<b><\/td>\n<td>6.3 Performing sectoral risk assessment <br \/> 6.3.1 General  <\/td>\n<\/tr>\n<tr>\n<td><b>26<b><\/td>\n<td>6.3.2 Choosing an approach <br \/> 6.3.3 Identifying business processes, objectives and requirements <br \/> 6.3.4 Identifying primary and supporting assets  <\/td>\n<\/tr>\n<tr>\n<td><b>27<b><\/td>\n<td>6.3.5 Defining risk scenarios <br \/> 6.3.6 Assessment of consequences in risk scenarios  <\/td>\n<\/tr>\n<tr>\n<td><b>28<b><\/td>\n<td>6.3.7 Assessment of likelihood in risk scenarios  <\/td>\n<\/tr>\n<tr>\n<td><b>29<b><\/td>\n<td>6.3.8 Adding the attacker perspective: assessment of attack potential  <\/td>\n<\/tr>\n<tr>\n<td><b>30<b><\/td>\n<td>6.3.9 Risk re-assessment for supporting assets <br \/> 7 Normalized representation of risk, cybersecurity and assurance <br \/> 7.1 Risk assessment results: meta-risk classes  <\/td>\n<\/tr>\n<tr>\n<td><b>31<b><\/td>\n<td>7.2 Risk-based definition of common security levels and selection of controls <br \/> 7.2.1 General <br \/> 7.2.2 Introducing Common Security Levels\u00a0(CSL)  <\/td>\n<\/tr>\n<tr>\n<td><b>32<b><\/td>\n<td>7.2.3 Applying Meta-risk Classes and Common Security Levels\u00a0for sectoral risk treatment <br \/> 7.2.4 Attack Potential as criterion for selecting the CSL of controls <br \/> 7.3 Consistent implementation of assurance <br \/> 7.3.1 Introduction  <\/td>\n<\/tr>\n<tr>\n<td><b>33<b><\/td>\n<td>7.3.2 Definition of a common assurance reference concept based on ISO\/IEC\u00a015408  <\/td>\n<\/tr>\n<tr>\n<td><b>34<b><\/td>\n<td>7.3.3 Applying CTI concept of attack potential to CAR <br \/> 8 Mapping cybersecurity and assurance requirements to scheme\u2019s representation  <\/td>\n<\/tr>\n<tr>\n<td><b>35<b><\/td>\n<td>Annex\u00a0A (informative)Examples of normalized scales in sectoral risk assessment <br \/> A.1 Qualitative approach for assessment of consequences  <\/td>\n<\/tr>\n<tr>\n<td><b>36<b><\/td>\n<td>A.2 Qualitative approach to likelihood assessment <br \/> A.3 Qualitative approach to risk estimation  <\/td>\n<\/tr>\n<tr>\n<td><b>37<b><\/td>\n<td>A.4 Qualitative approach to risk mitigation  <\/td>\n<\/tr>\n<tr>\n<td><b>38<b><\/td>\n<td>A.5 Addressing meta-risk classes by Common Assurance Reference classification  <\/td>\n<\/tr>\n<tr>\n<td><b>39<b><\/td>\n<td>Annex\u00a0B (informative)CTI fundamentals <br \/> B.1 General  <\/td>\n<\/tr>\n<tr>\n<td><b>40<b><\/td>\n<td>B.2 Attacker types  <\/td>\n<\/tr>\n<tr>\n<td><b>41<b><\/td>\n<td>B.3 Characteristics of attackers  <\/td>\n<\/tr>\n<tr>\n<td><b>45<b><\/td>\n<td>B.4 Criteria for attack potential qualitative estimation <br \/> B.4.1 Characteristics: Opportunity <br \/> B.4.1.1 Area: System Access\/Knowledge  <\/td>\n<\/tr>\n<tr>\n<td><b>47<b><\/td>\n<td>B.4.1.2 Area: Vulnerabilities  <\/td>\n<\/tr>\n<tr>\n<td><b>49<b><\/td>\n<td>B.4.2 Characteristics: Means <br \/> B.4.2.1 Area: Capabilities and Resources  <\/td>\n<\/tr>\n<tr>\n<td><b>51<b><\/td>\n<td>B.4.2.2 Area: Skills  <\/td>\n<\/tr>\n<tr>\n<td><b>53<b><\/td>\n<td>B.4.3 Characteristic: Motives <br \/> B.4.3.1 Area: Valuation  <\/td>\n<\/tr>\n<tr>\n<td><b>54<b><\/td>\n<td>B.4.3.2 Area: Goals  <\/td>\n<\/tr>\n<tr>\n<td><b>56<b><\/td>\n<td>B.5 Estimating Attack potential using CTI approach <br \/> B.5.1 General <br \/> B.5.2 Characteristics: Opportunity  <\/td>\n<\/tr>\n<tr>\n<td><b>57<b><\/td>\n<td>B.5.3 Characteristics: Means <br \/> B.5.4 Characteristics: Motives  <\/td>\n<\/tr>\n<tr>\n<td><b>58<b><\/td>\n<td>B.5.5 Calculation of attack potential level (APL) <br \/> B.5.6 Finding equivalence between CTI and ISO\/IEC\u00a018045 for the attack potential estimation  <\/td>\n<\/tr>\n<tr>\n<td><b>61<b><\/td>\n<td>Annex\u00a0C (informative)Application of Common Security Level approach &#8211; examples <br \/> C.1 General <br \/> C.2 Example use case: Mobile device-based authentication system  <\/td>\n<\/tr>\n<tr>\n<td><b>63<b><\/td>\n<td>C.3 Example use case: Protection against cloned devices and cheating vendors  <\/td>\n<\/tr>\n<tr>\n<td><b>65<b><\/td>\n<td>Annex\u00a0D (informative)Example of assurance level mapping  <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p><b>BS EN 18037 Guidelines on a sectoral cybersecurity assessment<\/b><\/p>\n<table class=\"shortdes-table\" style=\"width: 100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td>Published By<\/td>\n<td>Publication Date<\/td>\n<td>Number of Pages<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/pdfstandards.shop\/product-category\/publishers\/bsi\/\"><b>BSI<\/b><\/a><\/td>\n<td>2023<\/td>\n<td>66<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":446892,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2641],"product_tag":[],"class_list":{"0":"post-446881","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-bsi","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/446881","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/446892"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=446881"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=446881"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=446881"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}