Cybersecurity management audit is essential

The law and the Cybersecurity Ordinance have raised the question for many companies whether their level of security is not only of a high quality but also compliant with the law. If you are unsure, then the best solution is to have experts check the current status or do your assessment of the status with the help of the intuitive wizard in cysensic.

The purpose of the audit is to determine the current state of the company’s safety management system setup. This status is compared with the Cybersecurity Act (Act No. 181/2014 Coll.) and the Cybersecurity Decree (Decree No. 82/2018 Coll.) in terms of fulfilling the legislative requirements with an emphasis on a reasonable scope of solutions and best practices. Based on the findings, corrective steps are then proposed to the customer to remedy them.

The project takes place in two main phases. The first phase analyses the current state of cyber security management in the organization. The analysis of the current state includes in particular:

  • assessing the integration and position of the organisational unit responsible for cyber security
  • management within the organisation,
  • assessing the correct allocation of security roles,
  • the extent and level of detail of management documentation,
  • review and description of relevant procedural documentation,
  • the scope and content of relevant measures applied,
  • description of external limiting factors.

The first phase also includes an assessment of the security requirements for suppliers who supply or operate the organization’s key technical assets. The implementation of the first phase is carried out through the active study of relevant background documentation in the field of cyber security, and subsequently through workshops with the management of organizational units, at least ICT and security, or their designated staff.

In the second phase, the output reports (a report describing the current status and gap analysis, especially about the legislation represented by the requirements of the Cybersecurity Decree. Subsequently, recommendations for further action are made.

Comments are closed.