Harmonized Standards for essential cybersecurity requirements for security information and event management (SIEM) systems;<br/>
**TEST TEST TEST TEST**
Release #<br/>
</div>
@@ -228,6 +228,8 @@ For the purposes of the present document, the following terms apply:
**Cloud:**
Data centre or collection of data centres operated entirely by a third party which rents out space and time on their equipment, as well as providing services for managing infrastructure from outside networks.
**Data Processing:** Data processing covers a wide array of activities performed, including by automated means, on data or any set of data. It includes but is not limited to: collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, reporting, alignment, restriction, erasure, or destruction.
**Extract, Transform, and Load**: Typical data collection process, that describes how the system ingests information.
**Data processing**: Any operation or set of operations which is performed on data or on sets of data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or other means of making them available, alignment or combination, restriction, erasure or destruction. [i.3, Article 2 (7)]
@@ -425,18 +427,29 @@ The overall risk related to each use case should be considered as a result of co
- ISO-1 SIEM system has shared resources with other isolated tenants
- ISO-2 SIEM system shares resources and is installed on a shared tenant
#### 4.5.1.5 Remote Data Processing Solutions
>NOTE: Remote data processing effects the risks associated with a product in ways that cannot be covered entirely by risk factors focused on the physical product. These intrinsic risks of the Remote Data Processing Solution are the result of its remote nature and must be considered as distinct risk factors.
#### 4.5.1.5 Complexity of Remote Data Processing Solutions
**\[CRDPS]**: The complexity of the RDPS is an aggregate of the degree of control the manufacturer has over the RDPS, and the number of parties with access to the RDPS.
- CRDPS-0 Product performs no remote data processing.
- CRDPS-1 Product uses remote data processing solutions under the manufacturer’s sole administrative control.
- CRDPS-2 Product uses remote data processing solutions where parties other than the manufacturer have administrative control.
#### 4.5.1.5 Value of Data or Function of Remote Data Processing Solutions
**\[DRDPS]**: The nature and treatment of data transferred by the RDPS compounds the risk associated with RDPS, as do the functions that RDPS provides. Where data transferred is public, non-essential to user activity, or otherwise of little use or value, the impact of the RDPS's failure or breach is not substantial. Likewise, when the function of the RDPS is not essential to the continued use of the product risk is also low.
- DRDPS-1 Data transferred by and functions provided by RPDS are neither confidential or essential.
- DRDPS-2 Data transferred by RPDS or functions provided by RPDS are confidential or essential.
- DRDPS-3 RPDS transfers the confidential data of or provides essential functions to multiple parties.
**\[RDPS]**: The product transfers data necessary to one of its functions to a remote system that processes the data in any manner.
- RDPS-0 Product performs no remote data processing.
- RDPS-1 Product uses remote data processing solutions under the manufacturer’s sole administrative control.
- RDPS-2 Product uses remote data processing solutions where parties other than the manufacturer have a administrative control.
#### 4.5.1.7 Impact of Remote Data Processing Solution Compromise
> <mark>Alternate Format</mark>:
**\[RDPS]**: The volume and type of data transferred to the product's Remote Data Processing Solutions. product transfers data necessary to one of its functions and processes it remotely.
> - RDPS-0 Product transfers low confidentality data only to RPDS.
> - RDPS-1 Product transfers high confidentality data or data critical to its essential functions to RPDS.
> - RDPS-2 Product transfers high confidentality data or data critical to its essential functions to RPDS that where multiple parties other than manufdacturer and customer have administrative control.
**\[IRDPS]**: The overall potential impact from the compromise of the remote Data Processing Solution.
- IRDPS-1 Compromise of RPDS threatens harm to only a small number of customers and end users. The failure of the RPDS does not threaten essential, infrastructural or life sustaining services.
- IRDPS-2 Compromise of the RPDS threatens harm a significant number of customers and end users. The failure of the RPDS does not threaten essential, infrastructural or life sustaining services.
- IRDPS-3 RPDS The failure of the RPDS may threaten essential, infrastructural or life sustaining products and services.
> <mark>A Final Consideration</mark>: Do these Risk Factors cover the risk associated with the network activity all major activities of the SIEM system?
