Difference between revisions of "Cross-cutting Criteria"

From CIPedia
Jump to navigation Jump to search
(Netherlands)
(2 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
=== European Definitions ===
 
=== European Definitions ===
 
==== [[EU|Council Directive 2008/114/EC]] ====
 
==== [[EU|Council Directive 2008/114/EC]] ====
<big>Cross-cutting criteria may refer to <ref> [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>:
+
Cross-cutting criteria may refer to <ref> [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>:
 
# casualties criterion (assessed in terms of the potential number of fatalities or injuries);  
 
# casualties criterion (assessed in terms of the potential number of fatalities or injuries);  
 
# economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects);  
 
# economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects);  
 
# public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services).  
 
# public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services).  
</big><br />
+
<br />
  
 
=== National Definitions ===
 
=== National Definitions ===
Line 30: Line 30:
 
# Identify the organization’s key core business processes and their dependency on assets owned and managed by the organization (e.g., power plant, refinery, general ledger, etc.);
 
# Identify the organization’s key core business processes and their dependency on assets owned and managed by the organization (e.g., power plant, refinery, general ledger, etc.);
 
# Use impact severity table to determine an impact score for the loss/non-functioning of each key asset; and
 
# Use impact severity table to determine an impact score for the loss/non-functioning of each key asset; and
# Classify all assets as critical when the criticality score is greater than twenty (20) according to the impact criteria table in <ref name=Qatar>[http://www.motc.gov.qa/sites/default/files/national_cyber_security_strategy.pdf QATAR National Cyber Security Strategy (May 2014)]</ref> <ref name=Q2>[http://www.ictqatar.qa/ar/cyber-security/national-cyber-security-strategy الاستراتيجية الوطنية للأمن السيبراني QATAR NCSS - Arabic version (May 2014)]</ref>.   
+
# Classify all assets as critical when the criticality score is greater than twenty (20) according to the impact criteria table in <ref name=Qatar>[http://www.motc.gov.qa/sites/default/files/national_cyber_security_strategy.pdf QATAR National Cyber Security Strategy (May 2014)]</ref> <ref name=Q2>[http://www.ictqatar.qa/ar/cyber-security/national-cyber-security-strategy الاستراتيجية الوطنية للأمن السيبراني QATAR National Cyber Security Strategy - Arabic version (May 2014)]</ref>.   
 
<br />
 
<br />
  
Line 43: Line 43:
 
[[Category:Consequence]]
 
[[Category:Consequence]]
 
{{#set:defined by=EU|defined by=Luxembourg|defined by=Netherlands|defined by=Qatar}}
 
{{#set:defined by=EU|defined by=Luxembourg|defined by=Netherlands|defined by=Qatar}}
 +
{{#set: Showmainpage=Yes}}

Revision as of 23:35, 28 June 2019

Definitions

European Definitions

Council Directive 2008/114/EC

Cross-cutting criteria may refer to [1]:

  1. casualties criterion (assessed in terms of the potential number of fatalities or injuries);
  2. economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects);
  3. public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services).


National Definitions

Luxembourg

Critères intersectoriels:
- le nombre de victimes (nombre potentiel de morts ou de blessés);
- l'incidence économique (ampleur des pertes économiques et/ou de la dégradation de produits ou de services, y compris l'incidence potentielle sur l'environnement);
- l'incidence sur la population (incidence sur la confiance de la population, souffrances physiques et perturbation de la vie quotidienne, y compris disparition de services essentiels). [2]

Equals: the Council Directive 2008/114/EC criteria definition

Netherlands

Since April 2015, The Netherlands recognises [3] two categories in criticality of critical infrastructure:
Category A: at least impact on one of the following four impact categories:

  1. economic impact: > 50.000 million euro costs and damages, or 5.0% decrease in real income
  2. physical impact: > 10.000 deaths, severely injured or chronically ill
  3. social-psychological impact: > 1 million persons are emotionally affected or experience serious societal survivability problems (fear, anger, disturbance)
  4. cascade impact: this disruption causes failure of minimal two other (critical) sectors

Category B: at least impact on one of the following three impact categories:

  1. economic impact: > 5.000 million euro costs and damages, or 1.0% decrease in real income
  2. physical impact: > 1.000 deaths, severely injured or chronically ill
  3. social-psychological impact: > 100.000 persons are emotionally affected or experience serious societal survivability problems


Qatar

Criteria for being critical are:

  1. Identify the organization’s key core business processes and their dependency on assets owned and managed by the organization (e.g., power plant, refinery, general ledger, etc.);
  2. Use impact severity table to determine an impact score for the loss/non-functioning of each key asset; and
  3. Classify all assets as critical when the criticality score is greater than twenty (20) according to the impact criteria table in [4] [5].


See also


Notes