AT-05 Contacts With Security Groups And Associations

Awareness and Training

Low Moderate High

Description

The organization establishes and maintains contacts with special interest groups, specialized forums, professional associations, news groups, and/or peer groups of security professionals in similar organizations to stay up to date with the latest recommended security practices, techniques, and technologies and to share the latest security-related information including threats, vulnerabilities, and incidents.

Supplemental Guidance

To facilitate ongoing security education and training for organizational personnel in an environment of rapid technology changes and dynamic threats, the organization establishes and institutionalizes contacts with selected groups and associations within the security community. The groups and associations selected are in keeping with the organization’s mission requirements. Information sharing activities regarding threats, vulnerabilities, and incidents related to information systems are consistent with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Enhancements

(0) None.

Compliance Mappings

ISO 42001:2023

A.3.3

ANSSI

Hygiene.1Hygiene.4

FINMA Circular 2023/1

IV.B.a(48)IV.B.b(52)IV.B.c(53)

OSFI B-13

B-13.1.1B-13.3.3

EU GDPR

Art.39(1)(b)

EU DORA

Art.13(6)Art.45(1)

LGPD + BCB 4893

BCB.Art.4

SAMA CSF

1.6

CBE CSF

GOV-4

CBN CSF

Part8

BoM CTRM

3.85.3

IOSCO Cyber Resilience

PROT-4SA-1SA-2

FFIEC IS

I.A

EBA ICT Guidelines

3.4.7

SEBI CSCRF

CAPACITYPR.AT

CMMC 2.0

Lloyd's Minimum Standards

MS8.13

ISO 17799 (legacy)

6.1.7

COBIT 4.1 (legacy)

None.