Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security

Homepage > Consulting > Information security, Cyber security and business continuity > Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security

Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security

What is cybersecurity?

As more and more organisations are now focusing on digital business, the amount of data generated and exchanged between organisations is growing rapidly and organisations have become the target of cyber attacks.

One of the safeguards against cyber attacks is the application of cyber security controls. Cyber security is a system of organisational and technical activities and measures that achieve the authenticity, confidentiality, integrity and accessibility of data, as well as of network and information systems in the cyber space or virtual space within which communication between network and information systems takes place and covers all network and information systems regardless of whether they are connected to the Internet

In July 2018, pursuant to the Cybersecurity Act of operators of essential services and Digital Service providers, the Government of the Republic of Croatia adopted the Regulation on Cybersecurity of operators of essential services and Digital Service providers (OG No. 68/2018).

The Regulation regulates measures to achieve a high level of cyber security for operators of essential services, how they are implemented, criteria for identifying incidents that have a significant impact on the provision of essential services, the content of notifications and other relevant issues for the notification of incidents.

Who has to comply with the Regulation?

Pursuant to the Cybersecurity Act and Regulation, operators of essential services and digital service providers are obliged to act in the following sectors:

Energy (electricity, oil, gas)

Transport

Banking

Financial market infrastructures

Health care

Supply and distribution of drinking water

Digital infrastructure

Business services for governmental bodies

What are the responsibilities of operators of essential services pursuant to the Regulation?

In order to fully comply with the requirements of cybersecurity legislation, the following activities should be carried out:

Analysis of the existing situation (AS–IS), i.e. the current status of compliance

Development of security management policy for key systems

Definition of objectives and strategic guidelines for maintaining business continuity

Designation of the person responsible for establishing and managing the security of critical systems

Definition of powers and responsibilities in relation to the security of key systems

Defining the risk management process of key systems that includes:

Development of a methodology for risk assessment and processing

Identification of equipment, persons and activities related to key systems

Carrying out a risk assessment of identified equipment, persons and activities

Carrying out risk processing and identification of risk mitigation measures in accordance with the ISO 27001 standard

Defining the physical and environmental security management process of key systems

Defining the process of ensuring security of supply, namely the availability of equipment and other resources necessary for the operation and maintenance of critical resources

Defining the contract relationship management process related to key resources

Definition of outsourcing management processes

Defining the process of controlling access to spaces and key systems

Definition of measures necessary for physical and logical separation of key systems

Defining the necessary safeguards for the protection of data processed, stored and transmitted in a key system

Definition of programme code protection measures

Definition of protection measures against disruption of availability of key systems

Defining the process of development and maintenance of key systems

Definition of project management processes

Defining the key system assembly asset management process

Defining change management processes

Definition of the configuration management process

Defining the continuity management process of key systems

Defining incident management processes

Definition of the reserve management process

Defining the process of preventive vulnerability checks of key systems

Defining the internal audit process

Conducting of training courses to raise awareness of cyber security

How can ZIH help you?

ZIH offers the following services in the following area:

Consulting services:

A snapshot of the current situation (AS–IS) and GAP analysis that determines the level of current compliance/non–compliance of your organization with the requirements of the Cybersecurity Act and Regulation, and on the basis thereof defines the proposal for necessary activities for full harmonisation
Implementation of the project to establish cybersecurity in your organization

Education in the following field:

You may also be interested in these services and trainings:

Education

Compliance management in the business system

Education

Training and certification of the Compliance Officer

Service

Privacy management (ISO 29100)

Service

Compliance management

Why ZIH?

ZIH has extensive experience in projects that include preparation of implementation off documentation and content management system, through identification and modelling of business processes and development of technical specification of the system.

Do you want a short presentation or offer?

Contact us

Fill out the form and our staff will contact you and arrange a visit or online meeting to find out how we can help you.

We want to share with you our experiences and the latest trends that can help you in your daily business.