Security Measures

Security measures are tasks, processes, roles and technologies in organizational, personnel and technical area. Their aim is to ensure cybersecurity during the life cycle of networks and information systems. The aim of security measures is to prevent cybersecurity incidents and minimize their impact on continuation of providing the service. The measures shall be taken in compliance with approved security documentation which shall be updated and meeting the current state.

Security measures are:

  • General – carried out in dependence to classification of information and category of networks and information systems and in accordance to security standards in cybersecurity area for all networks and information systems.
  • Sectorial – carried out on the basis of network and information system category specification of a main body in the scope of its competence and in accordance with security standards in cybersecurity area.

Information classification and network and information systems category are carried out on the basis of importance, function, purpose of information and information systems with regard to confidentiality, integrity, availability, quality of service and inspection activity.

Areas of the security measures are to be taken:

  • Organisations of information security
  • Management of assets, threats and risks
  • Personnel security
  • Management of support services, acquisitions, research and maintenance of information systems
  • Technical vulnerability of systems and devices
  • Security management of networks and information systems
  • Operation management
  •  Access management
  • Cryptography measures
  •  Solution of cybersecurity incidents
  • Monitoring, security testing and security auditing
  • Physical security and the security of environment
  • Management of process continuance

Security measures shall include:

  • Cybersecurity incidents detection
  • Cybersecurity incidents evidence
  • Procedures of solving and cybersecurity incidents solutions
  • Contact person determination for receiving and evidence of reports
  • Connection to communication system for reporting and cybersecurity incidents solutions and the central system of early warning
Date of the first publication , Last update