We were trained on cyber security
Like any IT company, we are constantly monitoring new trends and educating ourselves. Currently, we have been trained in cyber security according to Act No. 226/2022 Coll. and Decree No. 82/2018 Coll. on basic concepts supplemented by practical examples. The training was also conducted in preparation for our company's implementation of ISO principles, namely ISO 27000.
_w1693q90.webp "We were trained on cyber security")
The training was conducted by the Director of the Regulation Department of the National Office for Cyber and Information Security Ing. Adam Kučínský.
The aim of the seminar was to provide a comprehensive overview of the current and especially upcoming legislation related to cybersecurity, namely the new EU directive on cybersecurity (the so-called NIS2 Directive). This new European Directive was published in the Official Journal of the EU on 27 December 2022 and the deadline for its implementation into the Czech legal system is now 21 months. The seminar focused on the anticipated impact of the directive on the Czech legal system and on public and private organisations.
Content of the seminar in points:
1) Cybersecurity Act and related regulations according to the current state
- Who is affected by the current regulation - determining decrees (Decree on Important Information Systems, Decree on Operators of Essential Services, Government Decree on Critical Infrastructure) .
- What the cyber security regulation requires - Decree No. 82/2018 Coll. on cyber security.
2) Control of compliance with the requirements of the Cybersecurity Act
- How the inspection is carried out, how to prepare for it and what are the common problems.
3) Regulation of the use of cloud computing in public administration and its implications for the provision of cloud services
- Provision of cloud services is regulated in public administration - what does the regulation require and how does it work?
4) The NIS2 Directive and how it will translate into the Cybersecurity Act
- What the NIS2 Directive requires, who it affects and what it changes.
- Timeframe for adoption of the Directive and legislative changes at national level.
- Expected impacts on individual sectors and services.
The training was very useful and can be recommended. The information we gained from the training will help us a lot with the practical implementation of security measures in our company's information systems, both internal and those we develop for our clients.
At the same time, the training made us aware of the differences between the previously valid ZoKB or VoKB and the new NIS2 directive.