Security Objectives

The security objectives module is a self-assessment tool used to evaluate security objectives and provide evidence of the security measures in place.

In this chapter, you will learn which functionalities are available for a Regulator Admin to configure the system, enabling SERIMA users to use this functionality on the platform.

Domains

Click the Domains link to go to the Select Domain to change screen. On this screen, you can check what kind of domains have been set up. You can add new domains either by clicking the Add link in the Security Objectives section on the left, or by using the Add Domain button in the top right-hand corner.

Select Domain to change

The domains are displayed in a table with the following columns: Position, Label, and Creator. You can delete or export selected domains by using the Actions dropdown menu and choosing the relevant option. You can also use the Import and Export buttons in the top right-hand corner of the screen.

You can view existing domains by clicking the corresponding number in the Position column. In the View Domain screen, you can see the Position and Label of the selected domain and review its history, if available.

View Domain

Email templates

Click the Email templates link to go to the Select Email template to change screen. On this screen, you can check what kind of email templates have been set up. You can add new email templates either by clicking the Add link in the Security Objectives section on the left or by using the Add Email template button in the top right-hand corner.

Select Email template to change

The email templates are displayed in a table with the following columns: Name, Subject, Content, and Creator. You can delete or export selected email templates by using the Actions dropdown menu and choosing the relevant option.

You can view existing email templates by clicking the relevant name of the template in the Name column. In the Change Email template screen, you can see the details of the email template: its Name, Subject, and Content.

Change Email template

When creating a new email template, you can Save, Save and add another, Delete, and **review*/ the template’s history, if available.

Maturity levels

Click the Maturity levels link to go to the Select Maturity level to change screen. On this screen, you can check what kind of maturity levels have been set up. You can add new maturity levels either by clicking the Add link in the Security Objectives section on the left or by using the Add Maturity Level button in the top right-hand corner.

Select Maturity level to change

The maturity levels are displayed in a table with the following columns: Level, Label, and Creator. You can delete or export selected maturity levels by using the Actions dropdown menu and choosing the relevant option. You can also use the Import and Export buttons in the top right-hand corner of the screen.

You can view existing maturity levels by clicking the corresponding number in the Level column. In the View Maturity level screen, you can see the Level and Label of the selected maturity level and review its history, if available.

View Maturity level

When creating a new maturity level, you can Save, Save and add another, or Save and continue editing the selected maturity level.

Add Maturity level

Security Measures

Click the Security Measures link to go to the Select Security Measure to change screen. On this screen, you can check what kind of security measures have been set up. You can add new security measures either by clicking the Add link in the Security Objectives section on the left or by using the Add Security Measure button in the top right-hand corner.

The security measures are displayed in a table with the following columns: Security Objective, Position, Description, and Creator. You can delete or export selected security measures by using the Actions dropdown menu and choosing the relevant option. You can also use the Import and Export buttons in the top right-hand corner of the screen.

Select Security Measure to change

You can view existing security measures by clicking the corresponding link in the Security Objective column. In the View Security Measure screen, you can see the form number and description of the Security objective, the Maturity Level, and the Position, where the measure is assigned to:

View Security Measure

On the Security Objectives forms, you can set the Maturity Levels and their corresponding Security Measures. For example, on the first form (named NIS_D_SO01), you configure the following security objectives with positions ranging from 0 to 5:

Select Security Measure to change

These security measures appear on the user interface (in the Security Objectives module) on the first form with the corresponding maturity levels and descriptions (circled in red):

Select Security Measure to change

As a Regulator Admin, you can create as many security objectives and security measures as needed. The SERIMA platform provides the flexibility to design workflows and their content according to your needs.

Security Objectives

Click the Security Objectives link to go to the Select Security Objective to change screen. On this screen, you can check what kind of security objectives have been set up. You can add new security objectives either by clicking the Add link in the Security Objectives section on the left or by using the Add Security Objective button in the top right-hand corner.

The security objectives are displayed in a table with the following columns: Unique Code, Objective, Description, Domain, and Creator. You can delete or export selected security objectives by using the Action dropdown menu and choosing the relevant option. You can also use the Import and Export buttons in the top right-hand corner of the screen.

View Security Objective

When a user creates a Security Objective entry, they must complete a series of questions spread across multiple forms. The first form requires the name of the evaluation framework, followed by the question identifier, which consists of NIS, the abbreviation SO (Security Objectives), and a two-digit question number (for example, 01).

Combined, this results in an identifier such as NIS_D_SO01. Beneath that, you can read the description of the objective (highlighted in yellow in the screenshot below).

View Security Objective

The same information can be seen in the Select Security Objective to change screen if you log in as a Regulator Admin:

Select Security Objective to change

You, as a Regulator Admin, can build as many questions as needed to set up your security objective questionnaire in the SERIMA system.

Standards

Click the Standards link to go to the Select Standard to change screen. On this screen, you can check what kind of standards have been set up. You can add new standards either by clicking the Add link in the Security Objectives section on the left or by using the Add Standard button in the top right-hand corner.

The standards are displayed in a table with the following columns: Label, Description, and Regulator. You can delete or export selected standards by using the Action dropdown menu and choosing the relevant option. You can also use the Import and Export buttons in the top right-hand corner of the screen.

Select Standard to change

You can view existing standards by clicking the corresponding link in the Label column. On the View Standard screen, the standard’s details are displayed, with general information shown at the top and the associated security objectives listed at the bottom.

View Standard