Cybersecurity
Meeting legal requirements and implementing appropriate security measures requires commitment and constant monitoring, but can effectively increase your organization’s resistance to cyber threats.
Cybersecurity focuses on protecting computer systems, networks, data and other digital devices against attacks, unauthorized access, damage and information theft. We currently live in a world dominated by digital technology. Therefore, cybersecurity is becoming increasingly important as many aspects of everyday life, business, public administration and critical infrastructure rely on information technologies.
Cybersecurity mainly involves:
Data security
Critical infrastructure protection
Ensuring
privacy
Protection against cybercrime
Cybersecurity also involves legal requirements
Common sense and ensuring security measures are a key element today, and legal requirements resulting from Polish regulations and those required by the EU complement the safety of our public organizations, state-owned enterprises, private companies and non-profit organizations.
The most important Polish legal acts include:
Regulation on the National Interoperability Framework of minimum requirements for public registers and exchange of information in electronic form and minimum requirements for ICT systems (KRI),
General Data Protection Regulation (GDPR-RODO),
Act on the national cybersecurity system (UKSC).
The Act on the national cybersecurity system results in a number of regulations, such as:
– Regulation on the list of essential services and the thresholds for the significance of the disruptive effect of an incident on the provision of essential services
– Regulation on the thresholds for classifying an incident as serious
– Regulation on organizational and technical conditions for entities providing cybersecurity services and internal organizational structures of key service operators responsible for cybersecurity
The EU has developed the CER and NIS2 directives, which complement each other’s requirements aimed at increasing the level of EU cybersecurity against all physical and digital threats.
There are also Directives on attacks on information systems or civil defense and patient rights in cross-border healthcare.
These legal acts impose obligations on Member States and entities operating in the digital space, requiring, among others: applying security measures, responding to incidents and international cooperation. All this aims to increase the EU’s resilience to cyber threats and protect the rights and security of citizens, companies and institutions in the digital age.
How to meet legal requirements regarding cybersecurity?
Meeting the requirements of EU cybersecurity directives requires a coordinated approach and the implementation of appropriate security measures.
All legal acts regarding cybersecurity have one main goal:
Increasing the level of security
This goal can be easily achieved by implementing an information and data security system in accordance with ISO/IEC 27001 and a business continuity system in accordance with ISO 22301.
Check how much a security certificate costs
Our Institute’s services in the field of cyber security
Security audit
We perform security audits in the field of physical and digital security. We have extensive experience in auditing public administration organizations and the private sector.
more
Safety training
We conduct cybersecurity training for public organizations and the commercial sector. Our courses cover broadly understood physical and digital security. During training, we are happy to share our experience and knowledge about threats (case studies) gained over many years.
Risk management
We provide comprehensive risk analysis and assessment services in accordance with ISO 31000 and related standards. Risk management is an element of all management systems, from quality to environment, OHS to safety. We conduct courses and training in risk management
ISO/IEC 27001 Certificate
ISO 22301 business continuity
We develop individual business continuity plans (BCP), procedures and instructions for ensuring business continuity in the event of threats causing problems and interruptions in the organization’s operation.
Personal data protection GDPR (RODO)
We carry out audits and implement the requirements resulting from the Personal Data Protection Act. We will develop and recommend individual solutions based on our many years of experience.
KRI audit (National Interoperability Framework)
We conduct audits and implement the requirements resulting from the Regulation on the National Interoperability Framework, minimum requirements for public registers and exchange of information in electronic form, and minimum requirements for ICT systems (KRI)
ISO 37001 certificate Anti-corruption
We make your organization perceived reliably and protect it against corruption. The standard specifies a number of methods and means to fend off against corruption, which are intended to prevent, detect and eliminate corruption threats to the organization. The Anti-Corruption Threat Prevention System can be implemented in any organization.
Cybersecurity diagnosis and training for local government units
We perform cybersecurity diagnoses in local government units (offices and medical facilities). We have extensive experience in this field. We train both management staff as well as administrative and line employees.
ISO 37301 compliance management
We adapt the compliance management system in any organization (Compliance Management System – CMS). We will prepare documentation, assess risks, determine the organizational context and conduct the necessary internal audits
ISO 27043 Management of incidents in investigations
We will implement the requirements and develop dedicated documents in accordance with the ISO/IEC 27043 standard, supplementing other standards and documents regulating the management of information security incidents. The ISO 27043 system applies to organizations that need to protect, analyze and present potential digital evidence.
ISO/IEC 30121 Risk management in computer forensics
By implementing the requirements of the ISO/IEC 30121 standard, we will develop a concept of preparing the organization for IT investigations before the risk occurs. The standard can be used regardless of the industry and size of the organization. It is applicable to small, medium and large organizations in the public, private and social sectors.
ISO/IEC 27018 Protection of personally identifiable information (PII)
A system for protecting personally identifiable information (PII) in public clouds according to ISO/IEC 27018, containing requirements and rules for data processing in the cloud, preventing unauthorized leaks of personal data and limiting redundant access. It can be used in organizations that process personal data in clouds, provide cloud services (cloud, data center), create software for cloud and network solutions, public and private entities, state administration units and non-profit organizations that provide services to other organizations. information processing services in the form of cloud computing, in accordance with the concluded contract for the provision of services. The system complements the requirements of the GDPR.
ISO/IEC 27799 Information security in health care
System according to ISO/IEC 27002 and ISO/IEC 27799 standards, containing guidelines for medical organizations and other entities processing personal data related to health. Protecting the confidentiality, integrity and availability of medical information requires specialized healthcare knowledge.
ISO/TR 19815 Archival and library collections
Environmental management in the area of cultural heritage is an important issue for Archives and Libraries. These institutions face the unique challenge of extending the life of these materials to enable access and use by current and future generations.
Integrated management system certificate
We implement and help in obtaining a certificate of an integrated management system or an extension of an existing quality, environmental, health and safety management system, etc.
Cybersecurity – Ready-made solutions
Audit checklists
Ready-made checklists helpful in conducting a security audit in your organization
Personnel certifications
Pass the exam and get the certificate of Auditor, Representative, Manager, Security Specialist
Online consultations
You have questions about your organization’s security system. Need help customizing your security documentation? Don’t overpay!
Safety documentation
Ready-made solutions: procedures, instructions and forms. Download and adapt to your organization
We share knowledge about cybersecurity on our Blog
Cybersecurity – How to meet the requirements of EU directives?
Cybersecurity – EU directives and legal requirements
What are the goals of cybersecurity?
Business Continuity Plan for IT Services or IT infrastructure
Destruction of data carriers in accordance with the requirements of ISO/IEC 21964
