In today’s ever-evolving threat landscape, the need for identifying and recommending appropriate cyber countermeasures is more astute than ever. SENTINEL, following a risk-based approach, whereby the level of risk is evaluated for both the organisation and its individual processing activities, selects specific organisational and technical measures and, leveraging SENTINEL's advanced rule-based engine, recommends them both globally (at the organisation level) and for specific processing activities as part of the policy for cybersecurity and for the protection of personal data.
The measures are selected from an extensive albeit not exhaustive listing, labelled the "SENTINEL Global classification of OTMs", stored in SENTINEL's "Common repository". Also, keep in mind that 'measures' may be translated as representing a) organisational and technical measures, b) best practices, c) cybersecurity functions or d) personal data protection or GDPR compliance functions.
In SENTINEL, wishing to simplify the user experience, avoid complicated formal policy and procedures and make usage approachable, understandable, affordable and practical for SMEs, we have adopted best which existing CS and PDP procedures and standards have to offer. The SENTINEL Global classification of OTMs, which currently holds a total of 172 OTMs in all categories, therefore follows a) the hierarchy of the ISO/IEC 27001:2013 standard (ISO/IEC, 2013) and b) ENISA’s risk-based approach to protecting personal data (ENISA, 2016; ENISA, 2017b). Finally, all organisational and technical measures are grouped i) by category and ii) by associated risk level (low/medium/high).
SENTINEL's OTM categories are: