Requirement

Cyber security management

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

Fulfill this requirement by completing the tasks below ->
Cyber security management
This requirement is part of the framework:  

Other requirements of the framework

No items found.
0
Cyber security management
No items found.
Risk management and leadership
Best practices
How to implement:
Cyber security management
This policy on
Cyber security management
provides a set concrete tasks you can complete to secure this topic. Follow these best practices to ensure compliance and strengthen your overall security posture.
Read below what concrete actions you can take to improve this ->
Risk management and leadership
Cyber security management
Frameworks that include requirements for this topic:
Lov om digital sikkerhet (Norge)
Cybersicherheitsverordnung (Schweiz)
Sikkerhetsloven (Norge)
Säkerhetsskyddslagen (Sverige)
Cybersikkerhedsloven (Danmark)
CER Directive

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to
Cyber security management
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
Creation and maintenance of the information security plan report
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Creation and maintenance of the information security plan report

This task helps you comply with the following requirements

3: Vastuut tietoturvan sekä asiakastietojen asianmukaisen käsittelyn varmistamisessaTietoturvasuunnitelma
Information security policy -report publishing, informing and maintenance
Critical
High
Normal
Low
59
requirements
Risk management and leadership
Cyber security management

Information security policy -report publishing, informing and maintenance

This task helps you comply with the following requirements

Članak 29.a: UpravljanjeNIS2 Croatia
10 §: Johdon vastuuKyberturvallisuuslaki
9.2 §: Kyberturvallisuuden toimintaperiaatteetKyberturvallisuuslaki
1.1.1: Availability of information security policiesTISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécuritéNIS2 Belgium
30 § 5°: Analyse des risques et politique de sécurité de l'informationNIS2 Belgium
1.1.2: Identify the organisation’s structures and processes for security managementNSM ICT-SP
PR.AT-4: Senior executives understand their roles and responsibilities.CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.CyberFundamentals
14.5.1): Kibernetinio saugumo politika ir rizikos analizėsNIS2 Lithuania
Defining and documenting security objectives
Critical
High
Normal
Low
41
requirements
Risk management and leadership
Cyber security management

Defining and documenting security objectives

This task helps you comply with the following requirements

Članak 29.a: UpravljanjeNIS2 Croatia
10 §: Johdon vastuuKyberturvallisuuslaki
9.2 §: Kyberturvallisuuden toimintaperiaatteetKyberturvallisuuslaki
31 § 1°: Approbation des mesures de gestion des risques de cybersécuritéNIS2 Belgium
ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated.CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.CyberFundamentals
14.5.2): Aukščiausiosios vadovybės atsakomybėNIS2 Lithuania
ID.GV-1: Cybersecurity policyNIST
ID.BE-3: Organizational mission, objectives, and activitiesNIST
GV.OC-01: Cybersecurity risk management aligned with the organizational missionNIST 2.0
Executing and documenting internal audits
Critical
High
Normal
Low
52
requirements
Risk management and leadership
Cyber security management

Executing and documenting internal audits

This task helps you comply with the following requirements

9.2: Internal auditISO 9001
Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicimaNIS2 Croatia
Članak 35: Provedba samoprocjene kibernetičke sigurnostiNIS2 Croatia
9.1 §: Toimien vaikuttavuuden arviointiKyberturvallisuuslaki
1.5.1: Assessment of policies and requirementsTISAX
39: Conformité et auditsNIS2 Belgium
30 § 3.6°: L'efficacité des mesures de gestion des risquesNIS2 Belgium
3.2.1: Determine a strategy and guidelines for security monitoringNSM ICT-SP
ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood, and managed.CyberFundamentals
PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.CyberFundamentals
Creating and maintaining a statement of applicability
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Cyber security management

Creating and maintaining a statement of applicability

This task helps you comply with the following requirements

6.1: Information security risk managementISO 27001
7.5: Requirements for documented informationISO 27001
1.2.1: Scope of Information Security managementTISAX
Identification, documentation and management of other information security requirements
Critical
High
Normal
Low
24
requirements
Risk management and leadership
Cyber security management

Identification, documentation and management of other information security requirements

This task helps you comply with the following requirements

7.1.1: Compliance managementTISAX
30 § 2°: Évaluation des risques et mesures de gestionNIS2 Belgium
1.1.1: Identify the organisation’s strategy and prioritiesNSM ICT-SP
DE.DP-2: Detection activities comply with all applicable requirements.CyberFundamentals
ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood, and managed.CyberFundamentals
14.1.: Tinklų ir informacinių sistemų atitiktis.NIS2 Lithuania
14.5.13): Kitus taikomus kibernetinio saugumo reikalavimusNIS2 Lithuania
ID.GV-3: Legal and regulatory requirementsNIST
GV.OC-03: Legal, regulatory, and contractual cybersecurity requirementsNIST 2.0
2: Lainsäädäntö ja velvoitteetDigiturvan kokonaiskuvapalvelu
Internal audit procedure -report publishing and maintenance
Critical
High
Normal
Low
23
requirements
Risk management and leadership
Cyber security management

Internal audit procedure -report publishing and maintenance

This task helps you comply with the following requirements

ID.GV-3: Legal and regulatory requirementsNIST
14.6.: Vadovybės atsakomybėNIS2 Lithuania
7.5: Requirements for documented informationISO 27001
9.2: Internal auditISO 27001
CC1.5: Accountability for responsibilitiesSOC 2
Article 5: Governance and organisationDORA
9.2: Internal auditISO 9001
1.5.1: Assessment of policies and requirementsTISAX
GV.OC-03: Legal, regulatory, and contractual cybersecurity requirementsNIST 2.0
PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.CyberFundamentals
ISMS description and maintenance
Critical
High
Normal
Low
36
requirements
Risk management and leadership
Cyber security management

ISMS description and maintenance

This task helps you comply with the following requirements

2.1: Tietoturvallisuusvastuiden määrittelyTiHL tietoturvavaatimukset
2.3: Tietoturvallisuus tiedonhallintamallissaTiHL tietoturvavaatimukset
1.2.1: Scope of Information Security managementTISAX
PR.AT-5: Physical security and cybersecurity personnel understand their roles and responsibilities.CyberFundamentals
PR.AT-5: Physical and cybersecurity personnelNIST
T-02: DEFINING THE TASKS AND RESPONSIBILITIES OF THE SECURITY MANAGEMENTKatakri 2020
15.2: Establish and Maintain a Service Provider Management PolicyCIS 18
7: Digiturvan osa-alueiden järjestelmällinen kehittäminenDigiturvan kokonaiskuvapalvelu
HAL-09: DokumentointiJulkri
HAL-07: Seuranta ja valvontaJulkri
Defining the frameworks that serve as the basis of the management system
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Defining the frameworks that serve as the basis of the management system

This task helps you comply with the following requirements

CC3.1: Sufficient specifying of objectivesSOC 2
Regular review of the cyber security risk documentation
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Regular review of the cyber security risk documentation

This task helps you comply with the following requirements

Article 13.7: Documenting cybersecurityCRA
Documentation of risk assessment
Critical
High
Normal
Low
5
requirements
Risk management and leadership
Cyber security management

Documentation of risk assessment

This task helps you comply with the following requirements

Article 13.3: Documenting risk assessmentCRA
11.7: Listei de active și riscuriNIS2 Romania
12.2: Risk assessment measuresCER
§ 4-4: Krav til dokumentasjonSikkerhetsloven
Provision of product information to the market surveillance authority
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Provision of product information to the market surveillance authority

This task helps you comply with the following requirements

Article 13.22: ConformityCRA
Single point of contact for reporting vulnerabilities
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Single point of contact for reporting vulnerabilities

This task helps you comply with the following requirements

Article 13.17: Single point of contactCRA
Maintaining a coordinated vulnerability disclosure policy and reporting procedure
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Maintaining a coordinated vulnerability disclosure policy and reporting procedure

This task helps you comply with the following requirements

Vuln.5: Coordinated vulnerability disclosureCRA
Cybersecurity requirements related to the use of AI
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Cybersecurity requirements related to the use of AI

This task helps you comply with the following requirements

Article 12.1: High risk AICRA
Integration of change management procedures
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Integration of change management procedures

This task helps you comply with the following requirements

No items found.
Disciplinary process for non-conformance
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Disciplinary process for non-conformance

This task helps you comply with the following requirements

No items found.
Cyber security policy and procedure compliance requirements
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Cyber security policy and procedure compliance requirements

This task helps you comply with the following requirements

No items found.
Security related policies and procedures for all assets
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Cyber security management

Security related policies and procedures for all assets

This task helps you comply with the following requirements

Art. 13.2.1: Mesures permanentes de sécurité intérieureLoi infrastructures critiques
Defining triggers for evaluating the information security management system
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Defining triggers for evaluating the information security management system

This task helps you comply with the following requirements

No items found.
Review of information security management system best practices
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Review of information security management system best practices

This task helps you comply with the following requirements

§ 6.1: SikkerhetsstyringssystemNIS2 NO
Defining system auditing roles and responsibilities
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Defining system auditing roles and responsibilities

This task helps you comply with the following requirements

No items found.
Reviewing security policies and procedures
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Reviewing security policies and procedures

This task helps you comply with the following requirements

No items found.
Conducting business impact analysis
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Conducting business impact analysis

This task helps you comply with the following requirements

No items found.
Creating and maintaining an asset management policy
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Creating and maintaining an asset management policy

This task helps you comply with the following requirements

No items found.
Creating and maintaining physical and environmental security policy
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Creating and maintaining physical and environmental security policy

This task helps you comply with the following requirements

No items found.
Creating and maintaining report on the review of the ICT risk management framework
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Creating and maintaining report on the review of the ICT risk management framework

This task helps you comply with the following requirements

No items found.
Develop and maintain an ICT project management policy
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Develop and maintain an ICT project management policy

This task helps you comply with the following requirements

No items found.
Requirements for creating policies
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Requirements for creating policies

This task helps you comply with the following requirements

No items found.
Establishing risk profile
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Establishing risk profile

This task helps you comply with the following requirements

No items found.
Safeguards to protect PHI
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Safeguards to protect PHI

This task helps you comply with the following requirements

No items found.
Security officer appointment and responsibilities (HIPAA)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Security officer appointment and responsibilities (HIPAA)

This task helps you comply with the following requirements

No items found.
Evaluating compliance with HIPAA requirements
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Evaluating compliance with HIPAA requirements

This task helps you comply with the following requirements

No items found.
Establishing and maintaining the comprehensive ePHI security program
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Establishing and maintaining the comprehensive ePHI security program

This task helps you comply with the following requirements

No items found.
Protection from retaliation and intimidation
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Protection from retaliation and intimidation

This task helps you comply with the following requirements

No items found.
Protecting HIPAA rights from being waived
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Protecting HIPAA rights from being waived

This task helps you comply with the following requirements

No items found.
Implementation of policies and procedures
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Implementation of policies and procedures

This task helps you comply with the following requirements

No items found.
Policies and procedures for HIPAA compliance
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Policies and procedures for HIPAA compliance

This task helps you comply with the following requirements

No items found.
Appointing a qualified cybersecurity auditor (Malta)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Appointing a qualified cybersecurity auditor (Malta)

This task helps you comply with the following requirements

14.1: Appointment and approval of a qualified auditor for the verification of cybersecurity measuresNIS2 Malta
Designation of the information security officer (Spain)
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Cyber security management

Designation of the information security officer (Spain)

This task helps you comply with the following requirements

Artículo 16.2: Comunicación de la designación del responsableNIS2 Spain
Artículo 16.1: Designación del responsable de la seguridad de la informaciónNIS2 Spain
Artículo 16.4: Cualificaciones y posición organizativaNIS2 Spain
Statement of applied security measures (Spain)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Statement of applied security measures (Spain)

This task helps you comply with the following requirements

Artículo 15.5: Declaración de aplicabilidad de sistemasNIS2 Spain
Cybersecurity compliance requirements for essential and important entities (Spain)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Cybersecurity compliance requirements for essential and important entities (Spain)

This task helps you comply with the following requirements

Artículo 15.4: Demostración y certificación de cumplimientoNIS2 Spain
Adoption and implementation of security measures
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Adoption and implementation of security measures

This task helps you comply with the following requirements

Art. 13.3.4: Identification, sélection et priorisation des mesures de sécurité intérieureLoi infrastructures critiques
§ 4-3.(1-2): Plikt til å gjennomføre sikkerhetstiltakSikkerhetsloven
Risk-based selection of security measures
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Risk-based selection of security measures

This task helps you comply with the following requirements

Art. 13.3.4: Identification, sélection et priorisation des mesures de sécurité intérieureLoi infrastructures critiques
§ 4-3.(1-2): Plikt til å gjennomføre sikkerhetstiltakSikkerhetsloven
Security Plan development and implementation
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Security Plan development and implementation

This task helps you comply with the following requirements

Art. 13.4: Période de mise en œuvre des mesures de sécuritéLoi infrastructures critiques
Security contact point for critical infrastructure
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Security contact point for critical infrastructure

This task helps you comply with the following requirements

Art. 12.1-3: Point de contact pour la sécuritéLoi infrastructures critiques
13.3: Designated personnelCER
Development and maintenance of the Operator Security Plan (O.S.P.) (Belgium)
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Development and maintenance of the Operator Security Plan (O.S.P.) (Belgium)

This task helps you comply with the following requirements

Art. 13.1: Plan de sécurité de l'opérateurLoi infrastructures critiques
Art. 13.6: Organisation des exercices et mise à jour de l'P.S.E.Loi infrastructures critiques
Advance notification of planned cybersecurity audits
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Advance notification of planned cybersecurity audits

This task helps you comply with the following requirements

33.5: Ankündigung geplanter PrüfungenNIS2 Austria
Self-declaration submission (Austria)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Self-declaration submission (Austria)

This task helps you comply with the following requirements

33.1: SelbstdeklarationNIS2 Austria
Proof Obligations for Operators of Critical Infrastructure (Germany)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Proof Obligations for Operators of Critical Infrastructure (Germany)

This task helps you comply with the following requirements

39.1: Nachweispflichten für Betreiber kritischer AnlagenNIS2 Germany
Annual cybersecurity maturity self-assessment and reporting
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Annual cybersecurity maturity self-assessment and reporting

This task helps you comply with the following requirements

12.4: Transmiterea autoevaluării anuale a maturității ciberneticeNIS2 Romania
Appointment of a Cyber Security Officer (Romania)
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Appointment of a Cyber Security Officer (Romania)

This task helps you comply with the following requirements

14.3: Alocarea resurselor și desemnarea responsabililor de securitateNIS2 Romania
14.4: Cerințe pentru responsabilul cu securitateaNIS2 Romania
Registration for official communication systems
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Registration for official communication systems

This task helps you comply with the following requirements

Art. 9: RegistrierungCSV
Process for clarifying reporting obligations (Switzerland)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Process for clarifying reporting obligations (Switzerland)

This task helps you comply with the following requirements

Art. 13: Einreichung von Unterlagen zur Abklärung der MeldepflichtCSV
Cooperation with supervisory authorities
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Cooperation with supervisory authorities

This task helps you comply with the following requirements

§ 4-5.2: Varsling av tilsynsmyndighetenSikkerhetsloven
§ 14: Opplysningsplikt og tilgang til lokaler og utstyrNIS2 NO
Ensure the integrity of critical national information
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Ensure the integrity of critical national information

This task helps you comply with the following requirements

§ 5-2: Beskyttelse av skjermingsverdig informasjonSikkerhetsloven
§ 6-2: Beskyttelse av skjermingsverdige informasjonssystemerSikkerhetsloven
Notifying authorities of high-risk procurements
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Notifying authorities of high-risk procurements

This task helps you comply with the following requirements

§ 9-4.2: Varsling til departementetSikkerhetsloven
Notify termination of security-sensitive activity
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Notify termination of security-sensitive activity

This task helps you comply with the following requirements

§ 2.6: Anmälningsplikt SSL
Notify start of security-sensitive activity
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Notify start of security-sensitive activity

This task helps you comply with the following requirements

§ 2.6: Anmälningsplikt SSL
Appointment and role of the Security Protection Manager
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Appointment and role of the Security Protection Manager

This task helps you comply with the following requirements

§ 2.7: SäkerhetsskyddschefSSL
Appointment of a Chief Information Security Officer (Greece)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Appointment of a Chief Information Security Officer (Greece)

This task helps you comply with the following requirements

15.5.α: Υπεύθυνος ασφάλειας πληροφοριώνNIS2 Greece
Review reporting of simplified ICT risk management framework
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Review reporting of simplified ICT risk management framework

This task helps you comply with the following requirements

Article 41: Format and content of the report on the review of the simplified ICT risk management frameworkDORA simplified RMF
ICT project management procedure
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

ICT project management procedure

This task helps you comply with the following requirements

Article 38: ICT project and change managementDORA simplified RMF
Auditing of risk management framework
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Auditing of risk management framework

This task helps you comply with the following requirements

Article 28: Governance and organizationDORA simplified RMF
Creation and maintenance of governance and control framework
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Creation and maintenance of governance and control framework

This task helps you comply with the following requirements

Article 28: Governance and organizationDORA simplified RMF
Notification of a significant incident with cross-border and cross-sectoral impact
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Notification of a significant incident with cross-border and cross-sectoral impact

This task helps you comply with the following requirements

Članak 40: Obavještavanje o značajnom incidentu s prekograničnim i međusektorskim učinkomNIS2 Croatia
15.3: Informații privind impactul transfrontalier al incidentelorNIS2 Romania
Conducting an external audit
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Conducting an external audit

This task helps you comply with the following requirements

Članak 34: Provedba revizije kibernetičke sigurnostiNIS2 Croatia
11.5: Auditului de securitateNIS2 Romania
Notifying the administrative body of incidents
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Notifying the administrative body of incidents

This task helps you comply with the following requirements

Art. 23.3: ComunicazioneNIS2 Italy
Appointment of a Cyber Security Officer (Lithuania)
Critical
High
Normal
Low
4
requirements
Risk management and leadership
Cyber security management

Appointment of a Cyber Security Officer (Lithuania)

This task helps you comply with the following requirements

15.3.: Kibernetinio saugumo vaidmenys ir atsakomybėNIS2 Lithuania
15.4.: Kibernetinio saugumo valdymo užsakymasNIS2 Lithuania
15.5.: Kibernetinio saugumo vadovas ir saugos įgaliotinis reikalavimaiNIS2 Lithuania
15.2.: Paskirti saugos įgaliotinįNIS2 Lithuania
Appointment of a Chief Information Security Officer (Lithuania)
Critical
High
Normal
Low
4
requirements
Risk management and leadership
Cyber security management

Appointment of a Chief Information Security Officer (Lithuania)

This task helps you comply with the following requirements

15.3.: Kibernetinio saugumo vaidmenys ir atsakomybėNIS2 Lithuania
15.4.: Kibernetinio saugumo valdymo užsakymasNIS2 Lithuania
15.5.: Kibernetinio saugumo vadovas ir saugos įgaliotinis reikalavimaiNIS2 Lithuania
15.1.: Paskirti kibernetinio saugumo vadovąNIS2 Lithuania
Cybersecurity auditing (Lithuania)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Cybersecurity auditing (Lithuania)

This task helps you comply with the following requirements

14.8.: Kibernetinio saugumo auditaiNIS2 Lithuania
Technical cyber security measures (Lithuania)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Technical cyber security measures (Lithuania)

This task helps you comply with the following requirements

16.4.: Esminiai subjektai sudary sąlygas Nacionaliniam kibernetinio saugumo centrui technines kibernetinio saugumo priemonesNIS2 Lithuania
Usage of data centers (Lithuania)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Usage of data centers (Lithuania)

This task helps you comply with the following requirements

38.1.: Duomenų centrų naudojimas saugaus tinklo naudotojamsNIS2 Lithuania
Usage of the Secure Network (Lithuania)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Usage of the Secure Network (Lithuania)

This task helps you comply with the following requirements

37.1.: Saugus institucijų tinklas (Valstybės ir savivaldybių institucijos ir įstaigos, valstybės valdomos įmonės ir viešosios įstaigos)NIS2 Lithuania
Cyber Security Information System usage (Lithuania)
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Cyber security management

Cyber Security Information System usage (Lithuania)

This task helps you comply with the following requirements

19.1.: Kibernetinio saugumo informacinė sistemaNIS2 Lithuania
19.3.: Kibernetinio saugumo informacinės sistemos naudojimasNIS2 Lithuania
19.4.: Dalijimosi informacija susitarimaiNIS2 Lithuania
Providing the security managers information to a competent authority
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Cyber security management

Providing the security managers information to a competent authority

This task helps you comply with the following requirements

25.(2): Paziņojums par kiberdrošības vadītāja iecelšanuNIS2 Latvia
25.(3): Kiberdrošības pārvaldnieka atbilstībaNIS2 Latvia
25.(4): Paziņojums par izmaiņāmNIS2 Latvia
Appointment, tasks and position of a Cyber security manager
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Appointment, tasks and position of a Cyber security manager

This task helps you comply with the following requirements

25.(5): kiberdrošības pārvaldnieka pienākumiNIS2 Latvia
25.(1): Kiberdrošības pārvaldībuNIS2 Latvia
Assessment of conformity (Belgium)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Assessment of conformity (Belgium)

This task helps you comply with the following requirements

39: Conformité et auditsNIS2 Belgium
Documentation of organization's dependencies on external resources
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Cyber security management

Documentation of organization's dependencies on external resources

This task helps you comply with the following requirements

GV.OC-05: Organizational dependencies on outcomes and servicesNIST 2.0
§ 4-2: Vurdering av risikoSikkerhetsloven
§ 7: RisikovurderingNIS2 NO
Strategic directions of risk response options
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Strategic directions of risk response options

This task helps you comply with the following requirements

GV.RM-04: Strategic direction of risk response optionsNIST 2.0
Identify the organisation's strategy and priorities
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Identify the organisation's strategy and priorities

This task helps you comply with the following requirements

1.1.1: Identify the organisation’s strategy and prioritiesNSM ICT-SP
Implementing a crisis response strategy
Critical
High
Normal
Low
22
requirements
Risk management and leadership
Cyber security management

Implementing a crisis response strategy

This task helps you comply with the following requirements

RC.CO-2: Reputation is repaired after an incident.CyberFundamentals
4.3.5: Co-ordinate and communicate with internal and external stakeholders while managing the incidentNSM ICT-SP
4.3.2: Determine whether the incident is under control and take the necessary reactive measuresNSM ICT-SP
30 § 1°: Gestion des risques et maîtrise des incidentsNIS2 Belgium
30 § 3.3°: La continuité et la gestion des crisesNIS2 Belgium
19.2.c: Business continuity and backupsNIS2 Malta
23.3.c: Bedrijfscontinuïteit en reservekopieënNIS2 Netherlands
3.1.2: KontinuitetshanteringNIS2 Sweden
Artículo 15.2.c: Continuidad de actividades y gestión de crisisNIS2 Spain
32.1 & 32.3: Pflichten für risikobasierte CybersicherheitsmaßnahmenNIS2 Austria
Recognizing and listing sensitive work fields and jobs
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Recognizing and listing sensitive work fields and jobs

This task helps you comply with the following requirements

2.1.1: Competence of employeesTISAX
Description of cyber security structure
Critical
High
Normal
Low
4
requirements
Risk management and leadership
Cyber security management

Description of cyber security structure

This task helps you comply with the following requirements

1.2.2: Information Security ResponsibilitiesTISAX
14.3: Alocarea resurselor și desemnarea responsabililor de securitateNIS2 Romania
§ 9: Organisatoriske sikkerhetstiltakNIS2 NO
Monitoring and analysing effectiveness of digital operational resilience strategy
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Monitoring and analysing effectiveness of digital operational resilience strategy

This task helps you comply with the following requirements

Article 13: Learning and evolvingDORA
Learning from testing operational resilience
Critical
High
Normal
Low
5
requirements
Risk management and leadership
Cyber security management

Learning from testing operational resilience

This task helps you comply with the following requirements

Article 13: Learning and evolvingDORA
RC.IM-1: Recovery plans incorporate lessons learned.CyberFundamentals
ID.IM-02: Improvements from security tests and exercisesNIST 2.0
Art. 13.6: Organisation des exercices et mise à jour de l'P.S.E.Loi infrastructures critiques
13.1.d: Recovering from incidentsCER
Adequate security principles of the organisation in terms of classified information
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Adequate security principles of the organisation in terms of classified information

This task helps you comply with the following requirements

T-01: SUPPORT FROM THE MANAGEMENT, GUIDANCE, RESPONSIBILITIES – SECURITY PRINCIPLESKatakri 2020
§ 2.4: PersonalsäkerhetsskyddsåtgärderSSL
Defining security roles and responsibilities
Critical
High
Normal
Low
45
requirements
Risk management and leadership
Cyber security management

Defining security roles and responsibilities

This task helps you comply with the following requirements

T02: Turvallisuustyön tehtävien ja vastuiden määrittäminenKatakri
24. Responsibility of the controllerGDPR
6.1.1: Information security roles and responsibilitiesISO 27001
ID.AM-6: Cybersecurity roles and responsibilitiesNIST
ID.GV-2: Cybersecurity role coordinationNIST
PR.AT-2: Privileged usersNIST
PR.AT-5: Physical and cybersecurity personnelNIST
DE.DP-1: Roles and responsibilitiesNIST
14.6.: Vadovybės atsakomybėNIS2 Lithuania
HAL-02: Tehtävät ja vastuutJulkri
Amount, competence and adequacy of key cyber security personnel
Critical
High
Normal
Low
37
requirements
Risk management and leadership
Cyber security management

Amount, competence and adequacy of key cyber security personnel

This task helps you comply with the following requirements

T03: Turvallisuustyön resurssitKatakri
32. Security of processingGDPR
37. Designation of the data protection officerGDPR
6.1.1: Information security roles and responsibilitiesISO 27001
ID.GV-2: Cybersecurity role coordinationNIST
PR.AT-2: Privileged usersNIST
14.6.: Vadovybės atsakomybėNIS2 Lithuania
HAL-03: ResurssitJulkri
5.2: Information security roles and responsibilitiesISO 27001
5.3: Organizational roles and responsibilitiesISO 27001
Management commitment to cyber security management and management system
Critical
High
Normal
Low
49
requirements
Risk management and leadership
Cyber security management

Management commitment to cyber security management and management system

This task helps you comply with the following requirements

Članak 29.a: UpravljanjeNIS2 Croatia
1.1.1: Availability of information security policiesTISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécuritéNIS2 Belgium
PR.AT-4: Senior executives understand their roles and responsibilities.CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.CyberFundamentals
14.5.2): Aukščiausiosios vadovybės atsakomybėNIS2 Lithuania
Article 5: Governance and organisationDORA
ID.GV-1: Cybersecurity policyNIST
PR.AT-4: Senior executivesNIST
T-01: SUPPORT FROM THE MANAGEMENT, GUIDANCE, RESPONSIBILITIES – SECURITY PRINCIPLESKatakri 2020
Incident management resourcing and monitoring
Critical
High
Normal
Low
19
requirements
Risk management and leadership
Cyber security management

Incident management resourcing and monitoring

This task helps you comply with the following requirements

24. Responsibility of the controllerGDPR
7.2.1: Management responsibilitiesISO 27001
16.1.1: Responsibilities and proceduresISO 27001
5.24: Information security incident management planning and preparationISO 27001
Article 17: ICT-related incident management processDORA
2.7: Varautuminen häiriötilanteisiinTiHL tietoturvavaatimukset
1.6.1: Reporting of security eventsTISAX
3.3.1: Create a plan for analysing data from security monitoringNSM ICT-SP
1.3.3: Identify roles and responsibilities linked especially to ICT securityNSM ICT-SP
2.1.10: Review the service provider’s security when outsourcingNSM ICT-SP
General security competence and awareness of personnel
Critical
High
Normal
Low
42
requirements
Risk management and leadership
Cyber security management

General security competence and awareness of personnel

This task helps you comply with the following requirements

Članak 29.b: OsposobljavanjaNIS2 Croatia
10 §: Johdon vastuuKyberturvallisuuslaki
2.1.3: Staff trainingTISAX
2.1.1: Competence of employeesTISAX
31 § 2°: Formation des cadres supérieurs à la cybersécuritéNIS2 Belgium
PR.AT-5: Physical security and cybersecurity personnel understand their roles and responsibilities.CyberFundamentals
PR.AT-1: All users are informed and trained.CyberFundamentals
14.6.: Vadovybės atsakomybėNIS2 Lithuania
PR.AT-1: AwarenessNIST
PR.AT-01: Awareness and training of personnelNIST 2.0
Defining and documenting cyber security metrics
Critical
High
Normal
Low
29
requirements
Risk management and leadership
Cyber security management

Defining and documenting cyber security metrics

This task helps you comply with the following requirements

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicimaNIS2 Croatia
4.1: Tietojärjestelmien tietoturvallisuusTiHL tietoturvavaatimukset
9.1 §: Toimien vaikuttavuuden arviointiKyberturvallisuuslaki
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuusTiHL
30 § 3.6°: L'efficacité des mesures de gestion des risquesNIS2 Belgium
14.5.7): Kibernetinio saugumo reikalavimų veiksmingumuiNIS2 Lithuania
GV.OV-03: Organizational cybersecurity risk management performanceNIST 2.0
Art. 24.2.f: Valutare l'efficacia delle misure di gestione del rischio di sicurezza informaticaNIS2 Italy
11: Digiturvan mittarien määrittäminenDigiturvan kokonaiskuvapalvelu
HAL-07: Seuranta ja valvontaJulkri
Implementation and documentation of management reviews
Critical
High
Normal
Low
54
requirements
Risk management and leadership
Cyber security management

Implementation and documentation of management reviews

This task helps you comply with the following requirements

9.3: Management reviewISO 9001
Članak 29.a: UpravljanjeNIS2 Croatia
Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicimaNIS2 Croatia
10 §: Johdon vastuuKyberturvallisuuslaki
1.2.1: Scope of Information Security managementTISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécuritéNIS2 Belgium
30 § 3.6°: L'efficacité des mesures de gestion des risquesNIS2 Belgium
ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood, and managed.CyberFundamentals
14.6.: Vadovybės atsakomybėNIS2 Lithuania
14.5.7): Kibernetinio saugumo reikalavimų veiksmingumuiNIS2 Lithuania
Communication plan for information security management system
Critical
High
Normal
Low
32
requirements
Risk management and leadership
Cyber security management

Communication plan for information security management system

This task helps you comply with the following requirements

Članak 29.a: UpravljanjeNIS2 Croatia
31 § 1°: Approbation des mesures de gestion des risques de cybersécuritéNIS2 Belgium
2.10.1: Include security in the organisation’s change management processNSM ICT-SP
RC.CO-2: Reputation is repaired after an incident.CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.CyberFundamentals
14.5.2): Aukščiausiosios vadovybės atsakomybėNIS2 Lithuania
Article 14: CommunicationDORA
RC.CO-2: ReputationNIST
Art. 23.1: Approvano le modalita' di implementazioneNIS2 Italy
20.1: Top management commitmentNIS2
Continuous improvement and documentation
Critical
High
Normal
Low
28
requirements
Risk management and leadership
Cyber security management

Continuous improvement and documentation

This task helps you comply with the following requirements

1.5.2: External review of ISMSTISAX
30 § 6°: Non-conformités et mesures correctivesNIS2 Belgium
PR.IP-7: Protection processes are improved.CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.CyberFundamentals
PR.IP-7: Protection processesNIST
ID.IM-03: Improvements from operational processes, procedures, and activitiesNIST 2.0
ID.IM-01: Improvements from evaluationsNIST 2.0
45.(3): Neatbilstības un koriģējošās darbībasNIS2 Latvia
Article 36: ICT security testingDORA simplified RMF
Art 24.4: Non conformità e azioni correttiveNIS2 Italy
Archiving and retaining outdated security documentation
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Archiving and retaining outdated security documentation

This task helps you comply with the following requirements

A.10.2: Retention period for administrative security policies and guidelinesISO 27018
Segregation of information security related duties
Critical
High
Normal
Low
10
requirements
Risk management and leadership
Cyber security management

Segregation of information security related duties

This task helps you comply with the following requirements

6.1.2: Segregation of dutiesISO 27001
ID.RA-3: Threat identificationNIST
PR.AC-4: Access permissions and authorizationsNIST
PR.DS-5: Data leak protectionNIST
HAL-02.1: Tehtävät ja vastuut - tehtävien eriyttäminenJulkri
5.3: Segregation of dutiesISO 27001
1.1.2: Identify the organisation’s structures and processes for security managementNSM ICT-SP
PR.AA-05: Principles of least privilege and separation of dutiesNIST 2.0
ID.RA-03: Internal and external threats to the organizationNIST 2.0
Security roles, responsibilities, and objectives derived from the organization's goals
Critical
High
Normal
Low
5
requirements
Risk management and leadership
Cyber security management

Security roles, responsibilities, and objectives derived from the organization's goals

This task helps you comply with the following requirements

ID.BE-3: Organizational mission, objectives, and activitiesNIST
69: Digiturvan huomiointi osana kokonaisuuttaDigiturvan kokonaiskuvapalvelu
ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated.CyberFundamentals
GV.RR-02: Roles and responsibilities in cybersecurity risk managementNIST 2.0
GV.OC-01: Cybersecurity risk management aligned with the organizational missionNIST 2.0
Kasautumisvaikutuksen huomiointi suojattavien kohteiden luokittelussa
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Kasautumisvaikutuksen huomiointi suojattavien kohteiden luokittelussa

This task helps you comply with the following requirements

HAL-04.3: Suojattavat kohteet - kasautumisvaikutusJulkri
2.4: Luokittelu ja turvallisuusluokitteluTiHL tietoturvavaatimukset
Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement
Cyber security management
of the framework  
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
No other tasks found.
Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security