348 lines
52 KiB
Plaintext
348 lines
52 KiB
Plaintext
//
|
|
// Neo4j Graph Database Set-Up Script
|
|
//
|
|
// This file contains Cypher commands that, when run in a Neo4j graph database,
|
|
// will do the following:
|
|
//
|
|
// - create nodes representing the ISO/IEC 27000-series standard;
|
|
// - create nodes and relationships representing the organisations responsible
|
|
// for each standard in the series;
|
|
// - create nodes and relationships representing each of the sections and
|
|
// subsections of the standard considered relevant to classifying threat
|
|
// intelligence data;
|
|
// - create nodes and relationships representing each control detailed in
|
|
// the standard;
|
|
// - create nodes representing all top-level industrial classifications from the
|
|
// SIC 2020 standard;
|
|
// - create nodes representing the various organisational size classifications
|
|
// used by HM Government; and
|
|
// - create nodes and relationships representing incident probability and
|
|
// average cost values derived from the Cyber Security Breaches Survey 2020.
|
|
//
|
|
|
|
// Create nodes representing the ISO/IEC 27000-series standard.
|
|
// Create nodes and relationships representing the organisations responsible
|
|
// for each standard in the series.
|
|
|
|
CREATE (bsi:Organisation {name:'British Standards Institution', short_name:'BSI'}),
|
|
(iso:Organisation {name:'International Organization for Standardization', short_name:'ISO'}),
|
|
(iso)-[:ISSUES]->(iso27799:SecurityStandard {name:'Health informatics — Information security management in health using ISO/IEC 27002', short_name:'BS EN ISO 27799:2016', version:'2016', family:'ISO/IEC 27000-series'})<-[:ISSUES]-(bsi),
|
|
(iec:Organisation {name:'International Electrotechnical Commission', short_name:'IEC'}),
|
|
(bsi)-[:ISSUES]->(iso27000:SecurityStandard {name:'Information technology — Security techniques — Information security management systems — Overview and vocabulary', short_name:'BSI EN ISO/IEC 27000:2020', version:'2020', family:'ISO/IEC 27000-series'})<-[:ISSUES]-(iso),
|
|
(bsi)-[:ISSUES]->(iso27001:SecurityStandard {name:'Information technology — Security techniques — Information security management systems — Requirements', organisation:'BSI', short_name:'BS EN ISO/IEC 27001:2017', version:'2017', family:'ISO/IEC 27000-series'})<-[:ISSUES]-(iso),
|
|
(bsi)-[:ISSUES]->(:SecurityStandard {name:'Information technology — Security techniques — Code of practice for information security controls', organisation:'BSI', short_name:'BS EN ISO/IEC 27002:2017', version:'2017', family:'ISO/IEC 27000-series'})<-[:ISSUES]-(iso),
|
|
(bsi)-[:ISSUES]->(:SecurityStandard {name:'Information technology — Security techniques — Information security managment for inter-sector and inter-organizational communications', organisation:'BSI', short_name:'BS EN ISO/IEC 27010:2015', version:'2015', family:'ISO/IEC 27000-series'})<-[:ISSUES]-(iso),
|
|
(bsi)-[:ISSUES]->(:SecurityStandard {name:'Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services', organisation:'BSI', short_name:'BS EN ISO/IEC 27017:2015', version:'2015', family:'ISO/IEC 27000-series'})<-[:ISSUES]-(iso),
|
|
(bsi)-[:ISSUES]->(:SecurityStandard {name:'Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors', organisation:'BSI', short_name:'BS EN ISO/IEC 27018:2020', version:'2020', family:'ISO/IEC 27000-series'})<-[:ISSUES]-(iso),
|
|
(bsi)-[:ISSUES]->(iso29100:SecurityStandard {name:'Information technology — Security techniques — Privacy framework', organisation:'BSI', short_name:'BS EN ISO/IEC 29100:2020', version:'2020'})<-[:ISSUES]-(iso);
|
|
MATCH (s:SecurityStandard) WHERE NOT s.short_name='BS EN ISO 27799:2016'
|
|
MATCH (iec:Organisation {short_name:'IEC'})
|
|
CREATE (iec)-[:ISSUES]->(s);
|
|
|
|
// Create nodes and relationships representing each of the sections and
|
|
// subsections of the standard considered relevant to classifying threat
|
|
// intelligence data.
|
|
// Create nodes and relationships representing each control detailed in the
|
|
// standard.
|
|
|
|
MATCH (iso27001:SecurityStandard {short_name:'BS EN ISO/IEC 27001:2017'}),
|
|
(iso27010:SecurityStandard {short_name:'BS EN ISO/IEC 27010:2015'}),
|
|
(iso27017:SecurityStandard {short_name:'BS EN ISO/IEC 27017:2015'}),
|
|
(iso27018:SecurityStandard {short_name:'BS EN ISO/IEC 27018:2020'}),
|
|
(iso27799:SecurityStandard {short_name:'BS EN ISO 27799:2016'}),
|
|
(iso29100:SecurityStandard {short_name:'BS EN ISO/IEC 29100:2020'})
|
|
CREATE (s5:SecurityArea {number:'5', name:'Information security policies'})-[:SECTION_OF]->(iso27001),
|
|
(s7:SecurityArea {number:'7', name:'Human resources security'})-[:SECTION_OF]->(iso27001),
|
|
(s8:SecurityArea {number:'8', name:'Asset management'})-[:SECTION_OF]->(iso27001),
|
|
(s9:SecurityArea {number:'9', name:'Access control'})-[:SECTION_OF]->(iso27001),
|
|
(s10:SecurityArea {number:'10', name:'Cryptography'})-[:SECTION_OF]->(iso27001),
|
|
(s12:SecurityArea {number:'12', name:'Operations security'})-[:SECTION_OF]->(iso27001),
|
|
(s13:SecurityArea {number:'13', name:'Communications security'})-[:SECTION_OF]->(iso27001),
|
|
(s14:SecurityArea {number:'14', name:'System acquisition, development and maintenance'})-[:SECTION_OF]->(iso27001),
|
|
(s15:SecurityArea {number:'15', name:'Supplier relationships'})-[:SECTION_OF]->(iso27001),
|
|
(s16:SecurityArea {number:'16', name:'Information security incident management'})-[:SECTION_OF]->(iso27001),
|
|
(s17:SecurityArea {number:'17', name:'Information security aspects of business continuity management'})-[:SECTION_OF]->(iso27001),
|
|
(s18:SecurityArea {number:'18', name:'Compliance'})-[:SECTION_OF]->(iso27001),
|
|
(p11:SecurityArea {number:'11', name:'Information security'})-[:SECTION_OF]->(iso29100),
|
|
(s51:SecurityArea {number:'5.1', name:'Management direction for information security', objective:'To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations.'})-[:SUBSECTION_OF]->(s5),
|
|
(s72:SecurityArea {number:'7.2', name:'During employment', objective:'To ensure that employees and contractors are aware of and fulfil their information security responsibilities.'})-[:SUBSECTION_OF]->(s7),
|
|
(s81:SecurityArea {number:'8.1', name:'Responsibility for assets', objective:'To identify organizational assets and define appropriate protection responsibilities.'})-[:SUBSECTION_OF]->(s8),
|
|
(s82:SecurityArea {number:'8.2', name:'Information classification', objective:'To ensure that information receives an appropriate level of protection in accordance with its importance to the organisation.'})-[:SUBSECTION_OF]->(s8),
|
|
(iso27010)<-[:INTRODUCED_BY]-(s84:SecurityArea {number:'8.4', name:'Information exchanges protection', objective:'To ensure adequate protection of information exchanges within an information sharing community.'})-[:SUBSECTION_OF]->(s8),
|
|
(s91:SecurityArea {number:'9.1', name:'Business requirements of access control', objective:'To limit access to information and information processing facilities.'})-[:SUBSECTION_OF]->(s9),
|
|
(s92:SecurityArea {number:'9.2', name:'User access management', objective:'To ensure authorized user access and to prevent unauthorized access to systems and services.'})-[:SUBSECTION_OF]->(s9),
|
|
(s93:SecurityArea {number:'9.3', name:'User responsibilities', objective:'To make users accountable for safeguarding their authentication information.'})-[:SUBSECTION_OF]->(s9),
|
|
(s94:SecurityArea {number:'9.4', name:'System and application access control', objective:'To prevent unauthorized access to systems and applications.'})-[:SUBSECTION_OF]->(s9),
|
|
(s101:SecurityArea {number:'10.1', name:'Cryptographic controls', objective:'To ensure proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information.'})-[:SUBSECTION_OF]->(s10),
|
|
(s121:SecurityArea {number:'12.1', name:'Operational procedures and responsibilities', objective:'To ensure correct and secure operations of information processing facilities.'})-[:SUBSECTION_OF]->(s12),
|
|
(s123:SecurityArea {number:'12.3', name:'Backup', objective:'To protect against loss of data.'})-[:SUBSECTION_OF]->(s12),
|
|
(s124:SecurityArea {number:'12.4', name:'Logging and monitoring', objective:'To record events and generate evidence.'})-[:SUBSECTION_OF]->(s12),
|
|
(s126:SecurityArea {number:'12.6', name:'Technical vulnerability management', objective:'To prevent exploitation of technical vulnerabilities.'})-[:SUBSECTION_OF]->(s12),
|
|
(s127:SecurityArea {number:'12.7', name:'Information systems audit considerations', objective:'To minimise the impact of audit activities on operational systems.'})-[:SUBSECTION_OF]->(s12),
|
|
(s131:SecurityArea {number:'13.1', name:'Network security management', objective:'To ensure the protection of information in networks and its supporting information processing facilities.'})-[:SUBSECTION_OF]->(s13),
|
|
(s132:SecurityArea {number:'13.2', name:'Information transfer', objective:'To maintain the security of information transferred within an organization and with any external entity.'})-[:SUBSECTION_OF]->(s13),
|
|
(s141:SecurityArea {number:'14.1', name:'Security requirements of information systems', objective:'To ensure that information security is an integral part of information systems across the entire lifecycle. This also includes the requirements for information systems which provide services over public networks.'})-[:SUBSECTION_OF]->(s14),
|
|
(s142:SecurityArea {number:'14.2', name:'Security in development and support processes', objective:'To ensure that information security is designed and implemented within the development lifecycle of information systems.'})-[:SUBSECTION_OF]->(s14),
|
|
(s143:SecurityArea {number:'14.3', name:'Test data', objective:'To ensure the protection of data used for testing.'})-[:SUBSECTION_OF]->(s14),
|
|
(s151:SecurityArea {number:'15.1', name:'Information security in supplier relationships', objective:'To ensure protection of the organization\'s assets that is accessible by suppliers.'})-[:SUBSECTION_OF]->(s15),
|
|
(s152:SecurityArea {number:'15.2', name:'Supplier service delivery management', objective:'To maintain an agreed level of information security and service delivery in line with supplier agreements.'})-[:SUBSECTION_OF]->(s15),
|
|
(s161:SecurityArea {number:'16.1', name:'Management of information security incidents and improvements', objective:'To ensure a consistent and effective approach to the management of informations security incidents, including communication on security events and weaknesses.'})-[:SUBSECTION_OF]->(s16),
|
|
(s171:SecurityArea {number:'17.1', name:'Information security continuity', objective:'Information security continuity shall be embedded in the organization\'s business continuity management systems.'})-[:SUBSECTION_OF]->(s17),
|
|
(s172:SecurityArea {number:'17.2', name:'Redundancies', objective:'To ensure availability of information processing facilities.'})-[:SUBSECTION_OF]->(s17),
|
|
(s181:SecurityArea {number:'18.1', name:'Compliance with legal and contractual requirements', objective:'To avoid breaches of legal, statutory, regulatory or contractual obligations related to information security and of any security requirements.'})-[:SUBSECTION_OF]->(s18),
|
|
(s182:SecurityArea {number:'18.2', name:'Information security reviews', objective:'To ensure that information security is implemented and operated in accordance with the organizational policies and procedures.'})-[:SUBSECTION_OF]->(s18),
|
|
(s511:Control {number:'5.1.1', name:'Policies for information security', control:'An information sharing policy should define how the community members will work together to set security management policies and direction for the information sharing community. It should be made available to all employees involved in information sharing within the community. The policy may restrict its dissemination to other employees of community members. The information sharing policy should define the information marking and distribution rules used within the community.'})-[:CONTROL_UNDER]->(s51),
|
|
(s511)-[:EXTENDED_BY]->(iso27010),
|
|
(s722:Control {number:'7.2.2', name:'Information security awareness, education and training', control:'All employees of the organization and, where relevant, contractors shall receive appropriate awareness education and training and regular updates in organizational policies and procedures, as relevant for their job function.'})-[:CONTROL_UNDER]->(s72),
|
|
(s811:Control {number:'8.1.1', name:'Inventory of assets', control:'Information, other assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained. The cloud service customer\'s inventory of assets should account for information and associated assets stored in the cloud computing environment. The inventory of assets of the cloud service provider should explicitly identify: cloud service customer data; [and] cloud service derived data.'})-[:CONTROL_UNDER]->(s81),
|
|
(s811)-[:EXTENDED_BY]->(iso27017),
|
|
(s812:Control {number:'8.1.2', name:'Ownership of assets', control:'Assets maintained in the inventory shall be owned.'})-[:CONTROL_UNDER]->(s81),
|
|
(s813:Control {number:'8.1.3', name:'Acceptable use of assets', control:'Rules for the acceptable use of information and of assets associated with information and information processing facilities shall be identified, documented and implemented. Information provided by other members of an information sharing community is an asset and should be protected, used and disseminated in accordance with any rules set by the information sharing community or by the originator.'})-[:CONTROL_UNDER]->(s81),
|
|
(s813)-[:EXTENDED_BY]->(iso27010),
|
|
(s821:Control {number:'8.2.1', name:'Classification of information', control:'Information shall be classified in terms of legal requirements, value, credibility, priority, criticality and sensitivity to unauthorised disclosure or modification. See ISO 27799 for discussion of the flexibility needed to accommodate personal health information classification.'})-[:CONTROL_UNDER]->(s82),
|
|
(iso27799)<-[:EXTENDED_BY]-(s821)-[:EXTENDED_BY]->(iso27010),
|
|
(s822:Control {number:'8.2.2', name:'Labelling of information', control:'An appropriate set of procedures for information labelling shall be developed and implemented in accordance with the information classification scheme adopted by the organisation. The cloud service customer should label information and associated assets maintained in the cloud computing environment in accordance with the cloud service customer\'s adopted procedures for labelling. The cloud service provider should document and disclose any service functionality it provides allowing cloud service customers to classify and label their information and associated assets.'})-[:CONTROL_UNDER]->(s82),
|
|
(s822)-[:EXTENDED_BY]->(iso27017),
|
|
(s823:Control {number:'8.2.3', name:'Handling of assets', control:'Procedures for handling assets shall be developed and implemented in accordance with the information classification scheme adopted by the organisation.'})-[:CONTROL_UNDER]->(s82),
|
|
(s841:Control {number:'8.4.1', name:'Information dissemination', control:'Information dissemination within the receiving member should be limited, based on pre-defined dissemination markings defined by the community.'})-[:CONTROL_UNDER]->(s84),
|
|
(s842:Control {number:'8.4.2', name:'Information disclaimers', control:'Each information exchange should begin with a disclaimer, listing any special requirements to follow by the recipients in addition to the normal information markings.'})-[:CONTROL_UNDER]->(s84),
|
|
(s843:Control {number:'8.4.3', name:'Information credibility', control:'Each information exchange should indicate the originator\'s degree of confidence in the transmitted information\'s credibility and accuracy.'})-[:CONTROL_UNDER]->(s84),
|
|
(s844:Control {number:'8.4.4', name:'Information sensitivity reduction', control:'The originator of an information exchange should indicate if the sensitivity of the information supplied will reduce after some external event, or the passage of time.'})-[:CONTROL_UNDER]->(s84),
|
|
(s845:Control {number:'8.4.5', name:'Anonymous source protection', control:'A community member should remove any source identification information in any communication it originates or receives where anonymity is requested.'})-[:CONTROL_UNDER]->(s84),
|
|
(s846:Control {number:'8.4.6', name:'Anonymous recipient protection', control:'With the approval of the originator, members of a community should be able to receive communications without revealing their own identities.'})-[:CONTROL_UNDER]->(s84),
|
|
(s847:Control {number:'8.4.7', name:'Onwards release authority', control:'Unless it is marked for wider release, information should not be distributed beyond the information sharing community without formal approval from the originator.'})-[:CONTROL_UNDER]->(s84),
|
|
(s911:Control {number:'9.1.1', name:'Access control policy', control:'An access control policy shall be established, documented and reviewed based on business and information security requirements.'})-[:CONTROL_UNDER]->(s91),
|
|
(s912:Control {number:'9.1.2', name:'Access to networks and network services', control:'Users shall only be provided with access to the network and network services that they have been specifically authorized to use.'})-[:CONTROL_UNDER]->(s91),
|
|
(s921:Control {number:'9.2.1', name:'User registration and de-registration', control:'A formal user registration and de-registration process shall be implemented to enable assignment of access rights.'})-[:CONTROL_UNDER]->(s92),
|
|
(s922:Control {number:'9.2.2', name:'User access provisioning', control:'A formal user access provisioning process shall be implemented to assign or revoke access rights for all user types to all systems and services. The cloud service provider should provide functions for managing the access rights of the cloud service customer\'s cloud service users, and specifications for the use of these functions.'})-[:CONTROL_UNDER]->(s92),
|
|
(s922)-[:EXTENDED_BY]->(iso27017),
|
|
(s923:Control {number:'9.2.3', name:'Management of privileged access rights', control:'The allocation and use of privileged access rights shall be restricted and controlled.'})-[:CONTROL_UNDER]->(s92),
|
|
(s924:Control {number:'9.2.4', name:'Management of secret authentication information of users', control:'The allocation of secret authentication information shall be controlled through a formal management process...it should be noted that time pressures found in health delivery situations can make effective use of passwords difficult to employ. Many health organizations have considered the adoption of alternative authentication technologies to address this problem.'})-[:CONTROL_UNDER]->(s92),
|
|
(s924)-[:EXTENDED_BY]->(iso27799),
|
|
(s925:Control {number:'9.2.5', name:'Review of user access rights', control:'Asset owners shall review users\' access rights at regular intervals.'})-[:CONTROL_UNDER]->(s92),
|
|
(s926:Control {number:'9.2.6', name:'Removal or adjustment of access rights', control:'The access rights of all employees and external party users to information and information processing facilities shall be removed upon termination of their employment, contract or agreement, or adjusted upon change.'})-[:CONTROL_UNDER]->(s92),
|
|
(s931:Control {number:'9.3.1', name:'Use of secret authentication information', control:'Users shall be required to follow the organization\'s practices in the use of secret authentication information.'})-[:CONTROL_UNDER]->(s93),
|
|
(s941:Control {number:'9.4.1', name:'Information access restriction', control:'Access to information and application system functions shall be restricted in accordance with the access control policy. The cloud service customer should ensure that access to information in the cloud service can be restricted in accordance with its access control policy and that such restrictions are realized. The cloud service provider should provide access controls that allow the cloud service customer to restrict access to its cloud services, its cloud service functions and the cloud service customer data maintained in the service.'})-[:CONTROL_UNDER]->(s94),
|
|
(s941)-[:EXTENDED_BY]->(iso27017),
|
|
(s942:Control {number:'9.4.2', name:'Secure log-on procedures', control:'Where required by the access control policy, access to systems and applications shall be controlled by a secure log-in procedure.'})-[:CONTROL_UNDER]->(s94),
|
|
(s943:Control {number:'9.4.3', name:'Password management system', control:'Password management systems shall be interactive and shall ensure quality passwords.'})-[:CONTROL_UNDER]->(s94),
|
|
(s944:Control {number:'9.4.4', name:'Use of privileged utility programs', control:'The use of utility programs that might be capable of overriding system and application controls shall be restricted and tightly controlled.'})-[:CONTROL_UNDER]->(s94),
|
|
(s945:Control {number:'9.4.5', name:'Access control to program source code', control:'Access to program source code shall be restricted.'})-[:CONTROL_UNDER]->(s94),
|
|
(s1011:Control {number:'10.1.1', name:'Policy on the use of cryptographic controls', control:'A policy on the use of cryptographic controls for protection of information shall be developed and implemented. Cryptographic techniques can also be used to implement the dissemination rules of information sharing.'})-[:CONTROL_UNDER]->(s101),
|
|
(s1011)-[:EXTENDED_BY]->(iso27010),
|
|
(s1012:Control {number:'10.1.2', name:'Key management', control:'A policy on the use, protection and lifetime of cryptographic keys shall be developed and implemented through their whole lifecycle.'})-[:CONTROL_UNDER]->(s101),
|
|
(s1211:Control {number:'12.1.1', name:'Documented operating procedures', control:'Operating procedures shall be documented and made available to all users who need them.'})-[:CONTROL_UNDER]->(s121),
|
|
(s1212:Control {number:'12.1.2', name:'Change management', control:'Changes to the organization, business processes, information processing facilities and systems that affect information security shall be controlled. The cloud service provider should provide the cloud service customer with information regarding changes to the cloud service that could adversely affect the cloud service.'})-[:CONTROL_UNDER]->(s121),
|
|
(s1212)-[:EXTENDED_BY]->(iso27017),
|
|
(s1213:Control {number:'12.1.3', name:'Capacity management', control:'The use of resources shall be monitored, tuned and projections made of future capacity requirements to ensure the required system performance. The cloud service provider should monitor the total resource capacity to prevent information security incidents caused by resource shortages.'})-[:CONTROL_UNDER]->(s121),
|
|
(s1213)-[:EXTENDED_BY]->(iso27017),
|
|
(s1214:Control {number:'12.1.4', name:'Separation of development, testing and operational environments', control:'Development, testing, and operational environments shall be separated to reduce the risks of unauthorized access of changes to the operational environment. Where the use of PII for testing purposes cannot be avoided a risk assessment should be undertaken.'})-[:CONTROL_UNDER]->(s121),
|
|
(s1214)-[:EXTENDED_BY]->(iso27018),
|
|
(s1231:Control {number:'12.3.1', name:'Information backup', control:'Backup copies of information, software and system images shall be taken and tested regularly in accordance with an agreed backup policy. Information processing systems based on the cloud computing model introduce additional or alternative mechanisms to off-site backups for protecting against loss of data, ensuring continuity of data processing operations, and providing the ability to restore data processing operations after a disruptive event. PII-specific responsibilities in this respect can lie with the cloud service customer.'})-[:CONTROL_UNDER]->(s123),
|
|
(s1231)-[:EXTENDED_BY]->(iso27018),
|
|
(s1241:Control {number:'12.4.1', name:'Event logging', control:'Event logs recording user activities, exceptions, faults and information security events shall be produced, kept and regularly reviewed. When required by the information sharing community, members should log the internal dissemination of shared information. The cloud service provider should provide logging capabilities to the cloud service customer. Where possible, event logs should record whether or not PII has been changed as a result of an event and by whom.'})-[:CONTROL_UNDER]->(s124),
|
|
(s1241)-[:EXTENDED_BY]->(iso27010),
|
|
(s1241)-[:EXTENDED_BY]->(iso27017),
|
|
(s1241)-[:EXTENDED_BY]->(iso27018),
|
|
(s1242:Control {number:'12.4.2', name:'Protection of log information', control:'Logging facilities and log information shall be protected against tampering and authorized access. A procedure, preferably automatic, should be put in place to ensure that logged information is deleted within a specified and documented period.'})-[:CONTROL_UNDER]->(s124),
|
|
(s1242)-[:EXTENDED_BY]->(iso27018),
|
|
(s1243:Control {number:'12.4.3', name:'Administrator and operator logs', control:'System administrator and system operator activities shall be logged and the logs protected and regularly reviewed.'})-[:CONTROL_UNDER]->(s124),
|
|
(s1244:Control {number:'12.4.4', name:'Clock synchronisation', control:'The clocks of all relevant information processing systems within an organization or security domain shall be synchronised to a single reference time source. The cloud service provider should provide information to the cloud service customer regarding the clock used by the cloud service provider\'s systems, and information about how the cloud service customer can synchronize local clocks with the cloud service clock.'})-[:CONTROL_UNDER]->(s124),
|
|
(s1244)-[:EXTENDED_BY]->(iso27017),
|
|
(s1245:Control {number:'12.4.5', name:'Monitoring of Cloud Services', control:'The cloud service customer should have the capability to monitor specified aspects of the operation of the cloud services that the cloud service customer uses.'})-[:CONTROL_UNDER]->(s124),
|
|
(s1245)-[:EXTENDED_BY]->(iso27017),
|
|
(s1261:Control {number:'12.6.1', name:'Management of technical vulnerabilities', control:'Information about technical vulnerabilities or information systems being used shall be obtained in a timely fashion, the organization\'s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk. The cloud service provider should make available to the cloud service customer information about the management of technical vulnerabilities that can affect the cloud services provided.'})-[:CONTROL_UNDER]->(s126),
|
|
(s1261)-[:EXTENDED_BY]->(iso27017),
|
|
(s1271:Control {number:'12.7.1', name:'Information systems audit controls', control:'Audit requirements and activities involving verification of operational systems shall be carefully planned and agreed to minimise disruptions to business processes.'})-[:CONTROL_UNDER]->(s127),
|
|
(iso27010)<-[:INTRODUCED_BY]-(s1272:Control {number:'12.7.2', name:'Community audit rights', control:'Every information sharing community should specify the rights of members to audit the systems of other members and of any trusted service providers.'})-[:CONTROL_UNDER]->(s127),
|
|
(s1311:Control {number:'13.1.1', name:'Network controls', control:'Networks shall be managed and controlled to protect information in systems and applications.'})-[:CONTROL_UNDER]->(s131),
|
|
(s1312:Control {number:'13.1.2', name:'Security of network services', control:'Security mechanisms, service levels and management requirements of all network services shall be identified and included in network services agreements, whether these services are provided in-house or outsourced.'})-[:CONTROL_UNDER]->(s131),
|
|
(s1313:Control {number:'13.1.3', name:'Segregation in networks', control:'Groups of information services, users and information systems shall be segregated on networks. The cloud service provider should enforce segregation of network access for the following cases: segregation between tenants in a multi-tenant environment; [and] segregation between the cloud service provider\'s internal administration environment and the cloud service customer\'s cloud computing environment. Where appropriate, the cloud service provider should help the cloud service customer verify the segregation implemented by the cloud service provider.'})-[:CONTROL_UNDER]->(s131),
|
|
(s1313)-[:EXTENDED_BY]->(iso27017),
|
|
(s1321:Control {number:'13.2.1', name:'Information transfer policies and procedures', control:'Formal transfer policies, procedures and controls shall be in place to protect the transfer of information through the use of all types of communication facilities.'})-[:CONTROL_UNDER]->(s132),
|
|
(s1322:Control {number:'13.2.2', name:'Agreements on information transfer', control:'Agreements shall address the secure transfer of business information between the organization and external parties. All information sharing communities should define information transfer agreements, and should only permit members to join the community if such agreements are signed and accepted.'})-[:CONTROL_UNDER]->(s132),
|
|
(s1322)-[:EXTENDED_BY]->(iso27010),
|
|
(s1323:Control {number:'13.2.3', name:'Electronic messaging', control:'Information involved in electronic messaging shall be appropriately protected. All information sharing communities should define rules for the protection of information in transit, and only permit members to join the community if such rules are accepted and implemented by the prospective member. Any supporting entity should implement such rules internally. Information sharing communities should consider implementing alternative mechanisms for information sharing that do not rely on electronic messaging, and enabling members to specify that specific messages are distributed by such other routes'})-[:CONTROL_UNDER]->(s132),
|
|
(s1323)-[:EXTENDED_BY]->(iso27010),
|
|
(s1324:Control {number:'13.2.4', name:'Confidentiality or non-disclosure agreements', control:'Requirements for confidentiality or non-disclosure agreements reflecting the organization\'s needs for the protection of information shall be identified, regularly reviewed and documented.'})-[:CONTROL_UNDER]->(s132),
|
|
(s1411:Control {number:'14.1.1', name:'Information security requirements analysis and specification', control:'The information security related requirements shall be included in the requirements for new information systems or enhancements to existing information systems.'})-[:CONTROL_UNDER]->(s141),
|
|
(s1412:Control {number:'14.1.2', name:'Securing application services on public networks', control:'Information involved in application services passing over public networks shall be protected from fraudulent activity, contract dispute and unauthorized disclosure and modification.'})-[:CONTROL_UNDER]->(s141),
|
|
(s1413:Control {number:'14.1.3', name:'Protecting application services transactions', control:'Information involved in application service transactions shall be protected to prevent incomplete transmission, mis-routing, unauthorized message alteration, unauthorized disclosure, unauthorized message duplication or replay.'})-[:CONTROL_UNDER]->(s141),
|
|
(s1421:Control {number:'14.2.1', name:'Secure development policy', control:'Rules for the development of software and systems shall be established and applied to developments within the organization.'})-[:CONTROL_UNDER]->(s142),
|
|
(s1422:Control {number:'14.2.2', name:'System change control procedures', control:'Changes to systems within the development lifecycle shall be controlled by the use of formal change control procedures.'})-[:CONTROL_UNDER]->(s142),
|
|
(s1423:Control {number:'14.2.3', name:'Technical review of applications after operating platform changes', control:'When operating platforms are changed, business critical applications shall be reviewed and tested to ensure there is no adverse impact on organizational operations or security.'})-[:CONTROL_UNDER]->(s142),
|
|
(s1424:Control {number:'14.2.4', name:'Restrictions on changes to software packages', control:'Modifications to software packages shall be discouraged, limited to necessary changes and all changes shall be strictly controlled.'})-[:CONTROL_UNDER]->(s142),
|
|
(s1425:Control {number:'14.2.5', name:'Secure system engineering principles', control:'Principles for engineering secure systems shall be established, documented, maintained and applied to any information system implementation efforts.'})-[:CONTROL_UNDER]->(s142),
|
|
(s1426:Control {number:'14.2.6', name:'Secure development environment', control:'Organizations shall establish and appropriately protect secure development environments for system development and integration efforts that cover the entire system development lifecycle.'})-[:CONTROL_UNDER]->(s142),
|
|
(s1427:Control {number:'14.2.7', name:'Outsourced development', control:'The organization shall supervise and monitor the activity of outsources system development.'})-[:CONTROL_UNDER]->(s142),
|
|
(s1428:Control {number:'14.2.8', name:'System security testing', control:'Testing of security functionality shall be carried out during development.'})-[:CONTROL_UNDER]->(s142),
|
|
(s1429:Control {number:'14.2.9', name:'System acceptance testing', control:'Acceptance testing programs and related criteria shall be established for new information systems, upgrades and new versions.'})-[:CONTROL_UNDER]->(s142),
|
|
(s1431:Control {number:'14.3.1', name:'Protection of test data', control:'Test data shall be selected carefully, protected and controlled.'})-[:CONTROL_UNDER]->(s143),
|
|
(s1511:Control {number:'15.1.1', name:'Information security policy for supplier relationships', control:'Information security requirements for mitigating the risks associated with supplier\'s access to the organization\'s assets shall be agreed with the supplier and documented. The cloud service customer should include the cloud service provider as a type of supplier in its information security policy for supplier relationships.'})-[:CONTROL_UNDER]->(s151),
|
|
(s1511)-[:EXTENDED_BY]->(iso27017),
|
|
(s1512:Control {number:'15.1.2', name:'Addressing security within supplier agreements', control:'All relevant information security requirements shall be established and agreed with each supplier that may access, process, store, communicate, or provide IT infrastructure components for, the organization\'s information. All community members should be made aware of the identities of all third parties involved in the provision of community services, in case they have objections to particular parties being involved in the handling of information they provide.'})-[:CONTROL_UNDER]->(s151),
|
|
(s1512)-[:EXTENDED_BY]->(iso27010),
|
|
(s1513:Control {number:'15.1.3', name:'Information and communication technology supply chain', control:'Agreements with suppliers shall include requirements to address the information security risks associated with information and communications technology services and product the supply chain.'})-[:CONTROL_UNDER]->(s151),
|
|
(s1521:Control {number:'15.2.1', name:'Monitoring and review of supplier services', control:'Organizations shall regularly monitor, review and audit supplier service delivery.'})-[:CONTROL_UNDER]->(s152),
|
|
(s1611:Control {number:'16.1.1', name:'Responsibilities and procedures', control:'Management responsibilities and procedures shall be established to ensure a quick, effective and orderly response to information security incidents. An information security incident should trigger a review by the public cloud PII processor, as part of its information security management process, to determine if a data breach involving PII has taken place.'})-[:CONTROL_UNDER]->(s161),
|
|
(s1611)-[:EXTENDED_BY]->(iso27018),
|
|
(s1612:Control {number:'16.1.2', name:'Reporting information security incidents', control:'Information security events shall be reported through appropriate management channels as quickly as possible. Members of an information sharing community should consider whether detected events should be reported to other members of the community. The community should agree and publish guidance on the types of incident that will be of interest to other members. The cloud service provider should provide mechanisms for: the cloud service customer to report an information security event to the cloud service provider; the cloud service provider to report an information security event to a cloud service customer; [and] the cloud service customer to track the status of a reported information security event.'})-[:CONTROL_UNDER]->(s161),
|
|
(s1612)-[:EXTENDED_BY]->(iso27010),
|
|
(s1612)-[:EXTENDED_BY]->(iso27017),
|
|
(s1613:Control {number:'16.1.3', name:'Reporting information security weaknesses', control:'Employees and contractors using the organization\'s information systems and services shall be required to note and report any observed or suspected information security weaknesses in systems or services.'})-[:CONTROL_UNDER]->(s161),
|
|
(s1614:Control {number:'16.1.4', name:'Assessment of an decision on information security events', control:'Information security events shall be assessed and it shall be decided if they are to be classified as information security incidents.'})-[:CONTROL_UNDER]->(s161),
|
|
(s1615:Control {number:'16.1.5', name:'Response to information security incidents', control:'Information security incidents shall be responded to in accordance with the documented procedures.'})-[:CONTROL_UNDER]->(s161),
|
|
(s1616:Control {number:'16.1.6', name:'Learning from information security incidents', control:'Knowledge gained from analysing and resolving information security incidents shall be used to reduce the likelihood or impact of future incidents. Investigations based on information distributed by an information sharing community should be performed, to reduce the risks of similar incidents and develop a better understanding of the risks facing the community and any related significant information infrastructures.'})-[:CONTROL_UNDER]->(s161),
|
|
(s1616)-[:EXTENDED_BY]->(iso27010),
|
|
(s1617:Control {number:'16.1.7', name:'Collection of evidence', control:'The organization shall define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence.'})-[:CONTROL_UNDER]->(s161),
|
|
(s1618:Control {number:'16.1.8', name:'Early warning system', control:'An early warning system should be deployed within the information sharing community to effectively communicate priority information as soon as it is available.'})-[:CONTROL_UNDER]->(s161),
|
|
(s1711:Control {number:'17.1.1', name:'Planning information security continuity', control:'The organization shall determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster.'})-[:CONTROL_UNDER]->(s171),
|
|
(s1712:Control {number:'17.1.2', name:'Implementing information security continuity', control:'The organization shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation.'})-[:CONTROL_UNDER]->(s171),
|
|
(s1713:Control {number:'17.1.3', name:'Verify, review and evaluate information security continuity', control:'The organization shall verify the established and implemented information security continuity controls at regular intervals in order to ensure that they are valid and effective during adverse situations.'})-[:CONTROL_UNDER]->(s171),
|
|
(s1721:Control {number:'17.2.1', name:'Availability of information processing facilities', control:'Information processing facilities shall be implemented with redundancy sufficient to meet availability requirements.'})-[:CONTROL_UNDER]->(s172),
|
|
(s1811:Control {number:'18.1.1', name:'Identification of applicable legislation and contractual requirements', control:'All relevant legislative statutory, regulatory, contractual requirements and the organization\'s approach to meet these requirements shall be explicitly identified, documented and kept up to date for each information system and the organization. The information sharing community should take due account of any relevant agreements, laws and regulations relating to information sharing, such as anti-cartel legislation or regulations. This could prevent certain organizations joining the community, or place restrictions upon their representation.'})-[:CONTROL_UNDER]->(s181),
|
|
(s1811)-[:EXTENDED_BY]->(iso27010),
|
|
(s1812:Control {number:'18.1.2', name:'Intellectual property rights', control:'Appropriate procedures shall be implemented to ensure compliance with legislative, regulatory and contractual requirements related to intellectual property rights and use of proprietary software products. The cloud service provider should establish a process for responding to intellectual property rights complaints.'})-[:CONTROL_UNDER]->(s181),
|
|
(s1812)-[:EXTENDED_BY]->(iso27017),
|
|
(s1813:Control {number:'18.1.3', name:'Protection of records', control:'Records shall be protected from loss, destruction, falsification, unauthorized access and unauthorized release, in accordance with legislatory, regulatory, contractual and business requirements.'})-[:CONTROL_UNDER]->(s181),
|
|
(s1814:Control {number:'18.1.4', name:'Privacy and protection of personally identifiable information', control:'Privacy and protection of personally identifiable information shall be ensured as required in relevant legislation and regulation where applicable.'})-[:CONTROL_UNDER]->(s181),
|
|
(s1815:Control {number:'18.1.5', name:'Regulation of cryptographic controls', control:'Cryptographic controls shall be used in compliance with all relevant agreements, legislation and regulations.'})-[:CONTROL_UNDER]->(s181),
|
|
(iso27010)<-[:INTRODUCED_BY]-(s1816:Control {number:'18.1.6', name:'Liability to the information sharing community', control:'Liability issues and remediation should be clarified, understood and approved by all members of an information sharing community, to address situations in which information is intentionally or unintentionally disclosed.'})-[:CONTROL_UNDER]->(s181),
|
|
(s1821:Control {number:'18.2.1', name:'Independent review of information security', control:'The organization\'s approach to managing information security and its implementation (i.e. control objectives, controls, policies, processes and procedures for information security) shall be reviewed independently at planned intervals or when significant changes occur.'})-[:CONTROL_UNDER]->(s182),
|
|
(s1822:Control {number:'18.2.2', name:'Compliance with security policies and standards', control:'Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements.'})-[:CONTROL_UNDER]->(s182),
|
|
(s1823:Control {number:'18.2.3', name:'Technical compliance review', control:'Information systems shall be regularly reviewed for compliance with the organization\'s information security policies and standard.'})-[:CONTROL_UNDER]->(s182),
|
|
(p112:Control {number:'11.2', name:'Restriction on the creation of hardcopy material', control:'The creation of hardcopy material displaying PII should be restricted.'})-[:CONTROL_UNDER]->(p11),
|
|
(p116:Control {number:'11.6', name:'Encryption of PII transmitted over public data-transmission networks', control:'PII that is transmitted over public data-transmission networks should be encrypted prior to transmission.'})-[:CONTROL_UNDER]->(p11),
|
|
(p118:Control {number:'11.8', name:'Unique use of user ID', control:'If more than one individual has access to stored PII, then they should each have a distinct user ID for identification, authentication and authorization purposes.'})-[:CONTROL_UNDER]->(p11),
|
|
(p119:Control {number:'11.9', name:'Records of authorized users', control:'An up-to-date record of the users or profiles of users who have authorized access to the information system should be maintained.'})-[:CONTROL_UNDER]->(p11),
|
|
(p1110:Control {number:'11.10', name:'User ID management', control:'De-activated or expired user IDs should not be granted to other individuals.'})-[:CONTROL_UNDER]->(p11);
|
|
|
|
// Create nodes representing all top-level industrial classifications from the
|
|
// SIC standard.
|
|
|
|
CREATE (all:Industry {name:'All'}),
|
|
(:Industry {id:'A', name:'Agriculture, Forestry and Fishing'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'B', name:'Mining and quarrying'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'C', name:'Manufacturing'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'D', name:'Electricity, Gas, Steam and air conditioning'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'E', name:'Water supply, sewerage, waste management and remediation activities'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'F', name:'Construction'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'G', name:'Wholesale and retail trade; repair of motor vehicles and motorcycles'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'H', name:'Transport and storage'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'I', name:'Accommodation and food service activities'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'J', name:'Information and communication'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'K', name:'Financial and insurance activities'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'L', name:'Real estate activities'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'M', name:'Professional, scientific and technical activities'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'N', name:'Administrative and support service activities'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'O', name:'Public administration and defence; compulsory social security'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'P', name:'Education'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'Q', name:'Human health and social work activities'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'R', name:'Arts, entertainment and recreation'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'S', name:'Other service activities'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'T', name:'Activities of households as employers, undifferentiated goods and service producing activities of households for own use'})-[:SUBSET_OF]->(all),
|
|
(:Industry {id:'U', name:'Activities of extraterritorial organisations and bodies'})-[:SUBSET_OF]->(all);
|
|
|
|
// Create nodes representing the various organisational size classifications
|
|
// used my HM Government.
|
|
|
|
CREATE (all:Size {name:'All'}),
|
|
(:Size {name:'Micro'})-[:SUBSET_OF]->(all),
|
|
(:Size {name:'Small'})-[:SUBSET_OF]->(all),
|
|
(:Size {name:'Medium'})-[:SUBSET_OF]->(all),
|
|
(:Size {name:'Large'})-[:SUBSET_OF]->(all);
|
|
|
|
// Create nodes and relationships representing incident probability and average
|
|
// cost values derived from the 2020 _Cyber Security Breaches Survey_.
|
|
|
|
MATCH (allsize:Size {name:'All'}),
|
|
(micro:Size {name:'Micro'}),
|
|
(small:Size {name:'Small'}),
|
|
(medium:Size {name:'Medium'}),
|
|
(large:Size {name:'Large'}),
|
|
(allind:Industry {name:'All'}),
|
|
(infocoms:Industry {id:'J'}),
|
|
(profscitech:Industry {id:'M'}),
|
|
(admin:Industry {id:'N'}),
|
|
(realestate:Industry {id:'L'}),
|
|
(s72:SecurityArea {number:'7.2'}),
|
|
(c722:Control {number:'7.2.2'}),
|
|
(s81:SecurityArea {number:'8.1'}),
|
|
(s82:SecurityArea {number:'8.2'}),
|
|
(s92:SecurityArea {number:'9.2'}),
|
|
(s94:SecurityArea {number:'9.4'}),
|
|
(s121:SecurityArea {number:'12.1'}),
|
|
(s123:SecurityArea {number:'12.3'}),
|
|
(s124:SecurityArea {number:'12.4'}),
|
|
(s126:SecurityArea {number:'12.6'}),
|
|
(c1231:Control {number:'12.3.1'}),
|
|
(c1261:Control {number:'12.6.1'}),
|
|
(s131:SecurityArea {number:'13.1'}),
|
|
(s132:SecurityArea {number:'13.2'}),
|
|
(s141:SecurityArea {number:'14.1'}),
|
|
(s151:SecurityArea {number:'15.1'}),
|
|
(s172:SecurityArea {number:'17.2'}),
|
|
(s181:SecurityArea {number:'18.1'})
|
|
CREATE (csbs2020:DataSource {name:'Cyber Security Breaches Survey', date:'2020'}),
|
|
(i511:IncidentProbability {probability:46})-[:FROM]->(csbs2020),
|
|
(allsize)<-[:FOR_SIZE]-(i511)-[:FOR_INDUSTRY]->(allind),
|
|
(i512:IncidentProbability {probability:43})-[:FROM]->(csbs2020),
|
|
(i512)-[:FOR_SIZE]->(micro),
|
|
(i513:IncidentProbability {probability:62})-[:FROM]->(csbs2020),
|
|
(i513)-[:FOR_SIZE]->(small),
|
|
(i514:IncidentProbability {probability:68})-[:FROM]->(csbs2020),
|
|
(i514)-[:FOR_SIZE]->(medium),
|
|
(i515:IncidentProbability {probability:75})-[:FROM]->(csbs2020),
|
|
(i515)-[:FOR_SIZE]->(large),
|
|
(i516:IncidentProbability {probability:62})-[:FROM]->(csbs2020),
|
|
(i516)-[:FOR_INDUSTRY]->(infocoms),
|
|
(i517:IncidentProbability {probability:59})-[:FROM]->(csbs2020),
|
|
(i517)-[:FOR_INDUSTRY]->(profscitech),
|
|
(i518:IncidentProbability {probability:58})-[:FROM]->(csbs2020),
|
|
(realestate)<-[:FOR_INDUSTRY]-(i518)-[:FOR_INDUSTRY]->(admin),
|
|
(i521:IncidentProbability {probability:46.44, desc:'Fraudulent emails or being directed to fraudulent websites'})-[:FROM]->(csbs2020),
|
|
(s72)<-[:FOR_AREA]-(i521)-[:FOR_AREA]->(s121),
|
|
(s123)<-[:FOR_AREA]-(i521)-[:FOR_AREA]->(s126),
|
|
(i522:IncidentProbability {probability:14.04, desc:'Others impersonating organisation in emails or online'})-[:FROM]->(csbs2020),
|
|
(s72)<-[:FOR_AREA]-(i522)-[:FOR_AREA]->(s82),
|
|
(s121)<-[:FOR_AREA]-(i522)-[:FOR_AREA]->(s132),
|
|
(i523:IncidentProbability {probability:8.64, desc:'Viruses, spyware or malware'})-[:FROM]->(csbs2020),
|
|
(s72)<-[:FOR_AREA]-(i523)-[:FOR_AREA]->(s92),
|
|
(s94)<-[:FOR_AREA]-(i523)-[:FOR_AREA]->(s123),
|
|
(s126)<-[:FOR_AREA]-(i523)-[:FOR_AREA]->(s131),
|
|
(i523)-[:FOR_AREA]->(s172),
|
|
(i524:IncidentProbability {probability:4.86, desc:'Hacking or attempted hacking of online bank accounts'})-[:FROM]->(csbs2020),
|
|
(s72)<-[:FOR_AREA]-(i524)-[:FOR_AREA]->(s81),
|
|
(s92)<-[:FOR_AREA]-(i524)-[:FOR_AREA]->(s94),
|
|
(s121)<-[:FOR_AREA]-(i524)-[:FOR_AREA]->(s124),
|
|
(i524)-[:FOR_AREA]->(s181),
|
|
(i525:IncidentProbability {probability:4.31, desc:'Ransomware'})-[:FROM]->(csbs2020),
|
|
(s72)<-[:FOR_AREA]-(i525)-[:FOR_AREA]->(s92),
|
|
(s94)<-[:FOR_AREA]-(i525)-[:FOR_AREA]->(s123),
|
|
(i526:IncidentProbability {probability:3.24, desc:'Unauthorised use of computers, networks or servers by outsiders'})-[:FROM]->(csbs2020),
|
|
(s72)<-[:FOR_AREA]-(i526)-[:FOR_AREA]->(s92),
|
|
(s94)<-[:FOR_AREA]-(i526)-[:FOR_AREA]->(s124),
|
|
(s126)<-[:FOR_AREA]-(i526)-[:FOR_AREA]->(s141),
|
|
(s151)<-[:FOR_AREA]-(i526)-[:FOR_AREA]->(s181),
|
|
(i527:IncidentProbability {probability:1.62, desc:'Unauthorised use of computers, networks or servers by staff'})-[:FROM]->(csbs2020),
|
|
(s72)<-[:FOR_AREA]-(i527)-[:FOR_AREA]->(s92),
|
|
(s94)<-[:FOR_AREA]-(i527)-[:FOR_AREA]->(s123),
|
|
(i527)-[:FOR_AREA]->(s124),
|
|
(i54:IncidentBaseFrequencyProbabilities {probabilities:[0.23, 0.22, 0.21, 0.15, 0.08, 0.09], probabilities_labels:['Once per year', 'Less than one a month', 'Once a month', 'Once a week', 'Once a day', 'Several times a day']})-[:FROM]->(csbs2020);
|
|
|
|
MATCH (allsize:Size {name:'All'}),
|
|
(micro:Size {name:'Micro'}),
|
|
(small:Size {name:'Small'}),
|
|
(medium:Size {name:'Medium'}),
|
|
(large:Size {name:'Large'}),
|
|
(allind:Industry {name:'All'}),
|
|
(csbs2020:DataSource {name:'Cyber Security Breaches Survey'})
|
|
CREATE (i521:IncidentCostAverages {mean:3230, median: 274})-[:FROM]->(csbs2020),
|
|
(allsize)<-[:FOR_SIZE]-(i521)-[:FOR_INDUSTRY]->(allind),
|
|
(i522:IncidentCostAverages {mean:3110, median: 244})-[:FROM]->(csbs2020),
|
|
(micro)<-[:FOR_SIZE]-(i522)-[:FOR_SIZE]->(small),
|
|
(i522)-[:FOR_INDUSTRY]->(allind),
|
|
(i523:IncidentCostAverages {mean:5220, median:935})-[:FROM]->(csbs2020),
|
|
(medium)<-[:FOR_SIZE]-(i523)-[:FOR_SIZE]->(large),
|
|
(i523)-[:FOR_INDUSTRY]->(allind);
|