Cybersecurity is not just a new marketing tool or bureaucratic nonsense of the European Union. Cybersecurity is, above all, measures to ensure the security of your information assets. Just as we know the CISO from the commercial sphere, the role of the Cybersecurity Manager is also important. And it is not just a legislative obligation. Above all, it is an opportunity for a responsible company to have a true expert managing the company’s cybersecurity in the right way. Don’t you know such a person? This is no obstacle – the law allows you to outsource the cybersecurity manager. So entrust your cybersecurity to the expert that is MKB. Not just because you have to, but because it’s the right way to meet the requirements of the legislation for the area .
Act on Cyber Security and its Decree No. 362/2018 Coll. provides for the following position of the ICB in the organisation:
- Submitting proposals and communicating KB information directly to the statutory body;
- Ensuring the application of security measures;
- Independence from operations management and IT service development.
Although the knowledge requirements for a cybersecurity manager are to be set out in the now defunct Cybersecurity Act Decree, the role in question is neither new nor exceptional. And, as you rightly assume, the absence of a decree is no excuse for not having your KB manager yet.
The absence of knowledge standards also does not mean that it is not possible to find an overview and a better idea of the status and roles of the FCB today. In the commercial sphere, for example, the role of the cybersecurity manager is usually referred to as the CISO (Chief Information Security Officer), which is already a more graspable term and with which there is more extensive experience.
The role of the CISO, or alternatively the FCB, is primarily to ensure the protection of the organisation’s information assets by implementing and managing information and cyber security processes.
Through the MKB role, you are not only fulfilling a legislative obligation, but at the same time you are gaining a true expert in the field of information and cyber security, whose role is mainly:
- Manage information and cyber security in your organisation in the correct and legally required way;
- Manage the organization’s information assets (called IT Asset Management);
- Provide vulnerability assessments;
- Ensure the implementation of technical and organisational measures;
- Provide processes for detecting, resolving and preventing cyber security incidents;
- Manage compliance management processes in the field of information and cyber security.
Fulfilling the list of these and other tasks in the given sphere undoubtedly requires competences of a considerable scope, which are rather exceptional not only on the Slovak but also on the European market. The consequence is the much-mentioned shortage of experts in the field of information and cyber security, which will not be solved any time soon.
At the same time, it is clear that securing this capability ‘from own resources and means’, i.e. through an in-house person, could be a very costly solution. Last but not least, it is a solution in which you have no guarantee that someone else will not be able to ‘hire’ this person.
So what is the solution? Outsourcing
Fortunately, the Cybersecurity Act does not prohibit the outsourcing of the cybersecurity manager role. Therefore, it is possible and, given the shortage of experts in this security role, at the same time highly recommended. And what exactly does a cybersecurity manager bring to the table? First and foremost, the fulfilment of your legislative obligation, but there are many more benefits. If you think of cybersecurity as a list of specific mandatory requirements, a cybersecurity manager is a clear answer to the question of how to meet the legislative requirements so that compliance can be established as part of the cybersecurity audit that awaits every operator of an essential service.
