With the increasing dependence on information and communication technologies, there was also a need for a systematic solution to their protection in the form of Act No. 69/2018 Coll. on Cybersecurity and Act No. 179/2020 Coll. on Public Administration Information Technologies.
Our process solutions offer comprehensive and efficient procedures to ensure compliance with legislative requirements.
Our security consultant team will evaluate the current level of compliance against the requirements of the legislation in question through personal consultations and questionnaire investigations. The assessment report shall include a detailed description of the findings, together with a proposal for technical, procedural and documentation measures to ensure compliance.
As part of the governance setup project, we will prepare comprehensive documentation for you and set up processes according to the requirements of Act No. 69/2018 Coll. on Cybersecurity and Decree No. 362/2018 Coll., which establishes the content of security measures.
Networks/IT categorization
The assets that make up the networks and IT will be arranged in a hierarchical structure, from the information itself, the information systems that process the data and information, to the specific technologies and components that ensure the functioning of these information systems.
Classification of information
We identify all types of information in your organization and evaluate it for confidentiality, availability, and integrity.
Risk analysis
For each type of asset identified, we will map potential threats and vulnerabilities. In accordance with the current methodology, we will develop a catalogue of risks with a numerical assessment and create a catalogue of remedial measures for mitigation with prioritisation.
Safety documentation and guidelines
We will prepare for you definitions of cybersecurity management principles in security policy and security strategy documents, which form the basis of the organization’s management documentation, and in the next step we will implement the implementation security documentation in the form of guidelines.
Certified cybersecurity auditors will carry out an audit for you according to § 29 of Act No. 69/2018 on Cybersecurity. Verification of the effectiveness of the security measures taken and the fulfilment of the requirements relating to the security of the network and information systems of the operator of the essential service.
Testing users in the form of simulated phishing campaigns is one of the most effective preventive measures against cyberattacks and helps to significantly increase the level of security awareness. According to your requirements, we will create and implement phishing campaigns aimed at individual groups of employees. The campaign also includes a final report containing a detailed assessment with recommendations to strengthen safety.
PROTECTION OF CLASSIFIED INFORMATION
Advice and service in the field of protection of classified information according to Act no. 215/2004 Coll. on the protection of classified information and on the amendment of certain acts:
- Supply (so-called TEMPEST-RATED components) of equipment with protection against unwanted electro-magnetic radiation according to NATO SDIP-27 Level A, B or C standards,
- Designing security project and supporting documents for the application for certification of technical means,
- Designing request documents for assessing the level of protection of classified information against unwanted electromagnetic radiation,
- Application of recommended system resources and security settings, training.