Requirement

Cyber security management

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

Fulfill this requirement by completing the tasks below ->
Cyber security management
This requirement is part of the framework:  

Other requirements of the framework

No items found.
0
Cyber security management
No items found.
Risk management and leadership
Best practices
How to implement:
Cyber security management

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

Read below what concrete actions you can take to improve this ->
Risk management and leadership
Cyber security management
Frameworks that include requirements for this topic:
Nacionālās kiberdrošības likums (Latvia)
La loi NIS2 (Belgique)
Zakon o kibernetičkoj sigurnosti (Croatia)
NIST CSF 2.0
Kibernetinio Saugumo Įstatymas (Lithuania)
CIS 18 controls

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to
Cyber security management
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
Creation and maintenance of the information security plan report
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Creation and maintenance of the information security plan report

This task helps you comply with the following requirements

3: Vastuut tietoturvan sekä asiakastietojen asianmukaisen käsittelyn varmistamisessaTietoturvasuunnitelma
Information security policy -report publishing, informing and maintenance
Critical
High
Normal
Low
39
requirements
Risk management and leadership
Cyber security management

Information security policy -report publishing, informing and maintenance

This task helps you comply with the following requirements

Članak 29.a: UpravljanjeNIS2 Croatia
10 §: Johdon vastuuKyberturvallisuuslaki
9.2 §: Kyberturvallisuuden toimintaperiaatteetKyberturvallisuuslaki
1.1.1: Availability of information security policiesTISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécuritéNIS2 Belgium
30 § 5°: Analyse des risques et politique de sécurité de l'informationNIS2 Belgium
1.1.2: Identify the organisation’s structures and processes for security managementNSM ICT-SP
PR.AT-4: Senior executives understand their roles and responsibilities.CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.CyberFundamentals
14.5.1): Kibernetinio saugumo politika ir rizikos analizėsNIS2 Lithuania
Defining and documenting security objectives
Critical
High
Normal
Low
23
requirements
Risk management and leadership
Cyber security management

Defining and documenting security objectives

This task helps you comply with the following requirements

Članak 29.a: UpravljanjeNIS2 Croatia
10 §: Johdon vastuuKyberturvallisuuslaki
9.2 §: Kyberturvallisuuden toimintaperiaatteetKyberturvallisuuslaki
31 § 1°: Approbation des mesures de gestion des risques de cybersécuritéNIS2 Belgium
ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated.CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.CyberFundamentals
14.5.2): Aukščiausiosios vadovybės atsakomybėNIS2 Lithuania
ID.GV-1: Cybersecurity policyNIST
ID.BE-3: Organizational mission, objectives, and activitiesNIST
GV.OC-01: Cybersecurity risk management aligned with the organizational missionNIST 2.0
Executing and documenting internal audits
Critical
High
Normal
Low
33
requirements
Risk management and leadership
Cyber security management

Executing and documenting internal audits

This task helps you comply with the following requirements

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicimaNIS2 Croatia
Članak 35: Provedba samoprocjene kibernetičke sigurnostiNIS2 Croatia
9.1 §: Toimien vaikuttavuuden arviointiKyberturvallisuuslaki
1.5.1: Assessment of policies and requirementsTISAX
39: Conformité et auditsNIS2 Belgium
30 § 3.6°: L'efficacité des mesures de gestion des risquesNIS2 Belgium
3.2.1: Determine a strategy and guidelines for security monitoringNSM ICT-SP
ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood, and managed.CyberFundamentals
PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.CyberFundamentals
14.6.: Vadovybės atsakomybėNIS2 Lithuania
Creating and maintaining a statement of applicability
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Cyber security management

Creating and maintaining a statement of applicability

This task helps you comply with the following requirements

6.1: Information security risk managementISO 27001
7.5: Requirements for documented informationISO 27001
1.2.1: Scope of Information Security managementTISAX
Identification, documentation and management of other information security requirements
Critical
High
Normal
Low
18
requirements
Risk management and leadership
Cyber security management

Identification, documentation and management of other information security requirements

This task helps you comply with the following requirements

7.1.1: Compliance managementTISAX
30 § 2°: Évaluation des risques et mesures de gestionNIS2 Belgium
1.1.1: Identify the organisation’s strategy and prioritiesNSM ICT-SP
DE.DP-2: Detection activities comply with all applicable requirements.CyberFundamentals
ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood, and managed.CyberFundamentals
14.1.: Tinklų ir informacinių sistemų atitiktis.NIS2 Lithuania
14.5.13): Kitus taikomus kibernetinio saugumo reikalavimusNIS2 Lithuania
ID.GV-3: Legal and regulatory requirementsNIST
GV.OC-03: Legal, regulatory, and contractual cybersecurity requirementsNIST 2.0
2: Lainsäädäntö ja velvoitteetDigiturvan kokonaiskuvapalvelu
Internal audit procedure -report publishing and maintenance
Critical
High
Normal
Low
17
requirements
Risk management and leadership
Cyber security management

Internal audit procedure -report publishing and maintenance

This task helps you comply with the following requirements

ID.GV-3: Legal and regulatory requirementsNIST
14.6.: Vadovybės atsakomybėNIS2 Lithuania
7.5: Requirements for documented informationISO 27001
9.2: Internal auditISO 27001
CC1.5: Accountability for responsibilitiesSOC 2
Article 5: Governance and organisationDORA
1.5.1: Assessment of policies and requirementsTISAX
GV.OC-03: Legal, regulatory, and contractual cybersecurity requirementsNIST 2.0
PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.CyberFundamentals
39: Conformité et auditsNIS2 Belgium
ISMS description and maintenance
Critical
High
Normal
Low
28
requirements
Risk management and leadership
Cyber security management

ISMS description and maintenance

This task helps you comply with the following requirements

2.1: Tietoturvallisuusvastuiden määrittelyTiHL tietoturvavaatimukset
2.3: Tietoturvallisuus tiedonhallintamallissaTiHL tietoturvavaatimukset
1.2.1: Scope of Information Security managementTISAX
PR.AT-5: Physical security and cybersecurity personnel understand their roles and responsibilities.CyberFundamentals
PR.AT-5: Physical and cybersecurity personnelNIST
T-02: TURVALLISUUSTYÖN TEHTÄVIEN JA VASTUIDEN MÄÄRITTÄMINENKatakri 2020
15.2: Establish and Maintain a Service Provider Management PolicyCIS 18
7: Digiturvan osa-alueiden järjestelmällinen kehittäminenDigiturvan kokonaiskuvapalvelu
HAL-09: DokumentointiJulkri
HAL-07: Seuranta ja valvontaJulkri
Defining the frameworks that serve as the basis of the management system
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Defining the frameworks that serve as the basis of the management system

This task helps you comply with the following requirements

CC3.1: Sufficient specifying of objectivesSOC 2
Appointment of a Chief Information Security Officer (Greece)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Appointment of a Chief Information Security Officer (Greece)

This task helps you comply with the following requirements

No items found.
Review reporting of simplified ICT risk management framework
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Review reporting of simplified ICT risk management framework

This task helps you comply with the following requirements

Article 41: Format and content of the report on the review of the simplified ICT risk management frameworkDORA simplified RMF
ICT project management procedure
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

ICT project management procedure

This task helps you comply with the following requirements

Article 38: ICT project and change managementDORA simplified RMF
Auditing of risk management framework
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Auditing of risk management framework

This task helps you comply with the following requirements

Article 28: Governance and organizationDORA simplified RMF
Creation and maintenance of governance and control framework
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Creation and maintenance of governance and control framework

This task helps you comply with the following requirements

Article 28: Governance and organizationDORA simplified RMF
Notification of a significant incident with cross-border and cross-sectoral impact
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Notification of a significant incident with cross-border and cross-sectoral impact

This task helps you comply with the following requirements

Članak 40: Obavještavanje o značajnom incidentu s prekograničnim i međusektorskim učinkomNIS2 Croatia
Conducting an external audit
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Conducting an external audit

This task helps you comply with the following requirements

Članak 34: Provedba revizije kibernetičke sigurnostiNIS2 Croatia
Notifying the administrative body of incidents
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Notifying the administrative body of incidents

This task helps you comply with the following requirements

No items found.
Appointment of a Cyber Security Officer (Lithuania)
Critical
High
Normal
Low
4
requirements
Risk management and leadership
Cyber security management

Appointment of a Cyber Security Officer (Lithuania)

This task helps you comply with the following requirements

15.3.: Kibernetinio saugumo vaidmenys ir atsakomybėNIS2 Lithuania
15.4.: Kibernetinio saugumo valdymo užsakymasNIS2 Lithuania
15.5.: Kibernetinio saugumo vadovas ir saugos įgaliotinis reikalavimaiNIS2 Lithuania
15.2.: Paskirti saugos įgaliotinįNIS2 Lithuania
Appointment of a Chief Information Security Officer (Lithuania)
Critical
High
Normal
Low
4
requirements
Risk management and leadership
Cyber security management

Appointment of a Chief Information Security Officer (Lithuania)

This task helps you comply with the following requirements

15.3.: Kibernetinio saugumo vaidmenys ir atsakomybėNIS2 Lithuania
15.4.: Kibernetinio saugumo valdymo užsakymasNIS2 Lithuania
15.5.: Kibernetinio saugumo vadovas ir saugos įgaliotinis reikalavimaiNIS2 Lithuania
15.1.: Paskirti kibernetinio saugumo vadovąNIS2 Lithuania
Cybersecurity auditing (Lithuania)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Cybersecurity auditing (Lithuania)

This task helps you comply with the following requirements

14.8.: Kibernetinio saugumo auditaiNIS2 Lithuania
Technical cyber security measures (Lithuania)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Technical cyber security measures (Lithuania)

This task helps you comply with the following requirements

16.4.: Esminiai subjektai sudary sąlygas Nacionaliniam kibernetinio saugumo centrui technines kibernetinio saugumo priemonesNIS2 Lithuania
Usage of data centers (Lithuania)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Usage of data centers (Lithuania)

This task helps you comply with the following requirements

38.1.: Duomenų centrų naudojimas saugaus tinklo naudotojamsNIS2 Lithuania
Usage of the Secure Network (Lithuania)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Usage of the Secure Network (Lithuania)

This task helps you comply with the following requirements

37.1.: Saugus institucijų tinklas (Valstybės ir savivaldybių institucijos ir įstaigos, valstybės valdomos įmonės ir viešosios įstaigos)NIS2 Lithuania
Cyber Security Information System usage (Lithuania)
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Cyber security management

Cyber Security Information System usage (Lithuania)

This task helps you comply with the following requirements

19.1.: Kibernetinio saugumo informacinė sistemaNIS2 Lithuania
19.3.: Kibernetinio saugumo informacinės sistemos naudojimasNIS2 Lithuania
19.4.: Dalijimosi informacija susitarimaiNIS2 Lithuania
Providing the security managers information to a competent authority
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Cyber security management

Providing the security managers information to a competent authority

This task helps you comply with the following requirements

25.(2): Paziņojums par kiberdrošības vadītāja iecelšanuNIS2 Latvia
25.(3): Kiberdrošības pārvaldnieka atbilstībaNIS2 Latvia
25.(4): Paziņojums par izmaiņāmNIS2 Latvia
Appointment, tasks and position of a Cyber security manager
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Appointment, tasks and position of a Cyber security manager

This task helps you comply with the following requirements

25.(5): kiberdrošības pārvaldnieka pienākumiNIS2 Latvia
25.(1): Kiberdrošības pārvaldībuNIS2 Latvia
Assessment of conformity (Belgium)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Assessment of conformity (Belgium)

This task helps you comply with the following requirements

39: Conformité et auditsNIS2 Belgium
Documentation of organization's dependencies on external resources
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Documentation of organization's dependencies on external resources

This task helps you comply with the following requirements

GV.OC-05: Organizational dependencies on outcomes and servicesNIST 2.0
Strategic directions of risk response options
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Strategic directions of risk response options

This task helps you comply with the following requirements

GV.RM-04: Strategic direction of risk response optionsNIST 2.0
Identify the organisation's strategy and priorities
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Identify the organisation's strategy and priorities

This task helps you comply with the following requirements

1.1.1: Identify the organisation’s strategy and prioritiesNSM ICT-SP
Implementing a crisis response strategy
Critical
High
Normal
Low
5
requirements
Risk management and leadership
Cyber security management

Implementing a crisis response strategy

This task helps you comply with the following requirements

RC.CO-2: Reputation is repaired after an incident.CyberFundamentals
4.3.5: Co-ordinate and communicate with internal and external stakeholders while managing the incidentNSM ICT-SP
4.3.2: Determine whether the incident is under control and take the necessary reactive measuresNSM ICT-SP
30 § 1°: Gestion des risques et maîtrise des incidentsNIS2 Belgium
30 § 3.3°: La continuité et la gestion des crisesNIS2 Belgium
Recognizing and listing sensitive work fields and jobs
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Recognizing and listing sensitive work fields and jobs

This task helps you comply with the following requirements

2.1.1: Competence of employeesTISAX
Description of cyber security structure
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Description of cyber security structure

This task helps you comply with the following requirements

1.2.2: Information Security ResponsibilitiesTISAX
Monitoring and analysing effectiveness of digital operational resilience strategy
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Monitoring and analysing effectiveness of digital operational resilience strategy

This task helps you comply with the following requirements

Article 13: Learning and evolvingDORA
Learning from testing operational resilience
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Cyber security management

Learning from testing operational resilience

This task helps you comply with the following requirements

Article 13: Learning and evolvingDORA
RC.IM-1: Recovery plans incorporate lessons learned.CyberFundamentals
ID.IM-02: Improvements from security tests and exercisesNIST 2.0
Adequate security principles of the organisation in terms of classified information
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Adequate security principles of the organisation in terms of classified information

This task helps you comply with the following requirements

T-01: JOHDON TUKI, OHJAUS JA VASTUU – TURVALLISUUSPERIAATTEETKatakri 2020
Defining security roles and responsibilities
Critical
High
Normal
Low
33
requirements
Risk management and leadership
Cyber security management

Defining security roles and responsibilities

This task helps you comply with the following requirements

T02: Turvallisuustyön tehtävien ja vastuiden määrittäminenKatakri
24. Responsibility of the controllerGDPR
6.1.1: Information security roles and responsibilitiesISO 27001
ID.AM-6: Cybersecurity roles and responsibilitiesNIST
ID.GV-2: Cybersecurity role coordinationNIST
PR.AT-2: Privileged usersNIST
PR.AT-5: Physical and cybersecurity personnelNIST
DE.DP-1: Roles and responsibilitiesNIST
14.6.: Vadovybės atsakomybėNIS2 Lithuania
HAL-02: Tehtävät ja vastuutJulkri
Amount, competence and adequacy of key cyber security personnel
Critical
High
Normal
Low
23
requirements
Risk management and leadership
Cyber security management

Amount, competence and adequacy of key cyber security personnel

This task helps you comply with the following requirements

T03: Turvallisuustyön resurssitKatakri
32. Security of processingGDPR
37. Designation of the data protection officerGDPR
6.1.1: Information security roles and responsibilitiesISO 27001
ID.GV-2: Cybersecurity role coordinationNIST
PR.AT-2: Privileged usersNIST
14.6.: Vadovybės atsakomybėNIS2 Lithuania
HAL-03: ResurssitJulkri
5.2: Information security roles and responsibilitiesISO 27001
5.3: Organizational roles and responsibilitiesISO 27001
Management commitment to cyber security management and management system
Critical
High
Normal
Low
28
requirements
Risk management and leadership
Cyber security management

Management commitment to cyber security management and management system

This task helps you comply with the following requirements

Članak 29.a: UpravljanjeNIS2 Croatia
1.1.1: Availability of information security policiesTISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécuritéNIS2 Belgium
PR.AT-4: Senior executives understand their roles and responsibilities.CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.CyberFundamentals
14.5.2): Aukščiausiosios vadovybės atsakomybėNIS2 Lithuania
Article 5: Governance and organisationDORA
ID.GV-1: Cybersecurity policyNIST
PR.AT-4: Senior executivesNIST
T-01: JOHDON TUKI, OHJAUS JA VASTUU – TURVALLISUUSPERIAATTEETKatakri 2020
Incident management resourcing and monitoring
Critical
High
Normal
Low
12
requirements
Risk management and leadership
Cyber security management

Incident management resourcing and monitoring

This task helps you comply with the following requirements

24. Responsibility of the controllerGDPR
7.2.1: Management responsibilitiesISO 27001
16.1.1: Responsibilities and proceduresISO 27001
5.24: Information security incident management planning and preparationISO 27001
Article 17: ICT-related incident management processDORA
2.7: Varautuminen häiriötilanteisiinTiHL tietoturvavaatimukset
1.6.1: Reporting of security eventsTISAX
3.3.1: Create a plan for analysing data from security monitoringNSM ICT-SP
1.3.3: Identify roles and responsibilities linked especially to ICT securityNSM ICT-SP
2.1.10: Review the service provider’s security when outsourcingNSM ICT-SP
General security competence and awareness of personnel
Critical
High
Normal
Low
25
requirements
Risk management and leadership
Cyber security management

General security competence and awareness of personnel

This task helps you comply with the following requirements

Članak 29.b: OsposobljavanjaNIS2 Croatia
10 §: Johdon vastuuKyberturvallisuuslaki
2.1.3: Staff trainingTISAX
2.1.1: Competence of employeesTISAX
31 § 2°: Formation des cadres supérieurs à la cybersécuritéNIS2 Belgium
PR.AT-5: Physical security and cybersecurity personnel understand their roles and responsibilities.CyberFundamentals
PR.AT-1: All users are informed and trained.CyberFundamentals
14.6.: Vadovybės atsakomybėNIS2 Lithuania
PR.AT-1: AwarenessNIST
PR.AT-01: Awareness and training of personnelNIST 2.0
Defining and documenting cyber security metrics
Critical
High
Normal
Low
16
requirements
Risk management and leadership
Cyber security management

Defining and documenting cyber security metrics

This task helps you comply with the following requirements

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicimaNIS2 Croatia
4.1: Tietojärjestelmien tietoturvallisuusTiHL tietoturvavaatimukset
9.1 §: Toimien vaikuttavuuden arviointiKyberturvallisuuslaki
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuusTiHL
30 § 3.6°: L'efficacité des mesures de gestion des risquesNIS2 Belgium
14.5.7): Kibernetinio saugumo reikalavimų veiksmingumuiNIS2 Lithuania
GV.OV-03: Organizational cybersecurity risk management performanceNIST 2.0
11: Digiturvan mittarien määrittäminenDigiturvan kokonaiskuvapalvelu
HAL-07: Seuranta ja valvontaJulkri
21.2.f: Assessing effectiveness of security measuresNIS2
Implementation and documentation of management reviews
Critical
High
Normal
Low
26
requirements
Risk management and leadership
Cyber security management

Implementation and documentation of management reviews

This task helps you comply with the following requirements

Članak 29.a: UpravljanjeNIS2 Croatia
Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicimaNIS2 Croatia
10 §: Johdon vastuuKyberturvallisuuslaki
1.2.1: Scope of Information Security managementTISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécuritéNIS2 Belgium
30 § 3.6°: L'efficacité des mesures de gestion des risquesNIS2 Belgium
ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood, and managed.CyberFundamentals
14.6.: Vadovybės atsakomybėNIS2 Lithuania
14.5.7): Kibernetinio saugumo reikalavimų veiksmingumuiNIS2 Lithuania
ID.GV-3: Legal and regulatory requirementsNIST
Communication plan for information security management system
Critical
High
Normal
Low
16
requirements
Risk management and leadership
Cyber security management

Communication plan for information security management system

This task helps you comply with the following requirements

Članak 29.a: UpravljanjeNIS2 Croatia
31 § 1°: Approbation des mesures de gestion des risques de cybersécuritéNIS2 Belgium
2.10.1: Include security in the organisation’s change management processNSM ICT-SP
RC.CO-2: Reputation is repaired after an incident.CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.CyberFundamentals
14.5.2): Aukščiausiosios vadovybės atsakomybėNIS2 Lithuania
Article 14: CommunicationDORA
RC.CO-2: ReputationNIST
20.1: Top management commitmentNIS2
CC2.3: Communication with external partiesSOC 2
Continuous improvement and documentation
Critical
High
Normal
Low
15
requirements
Risk management and leadership
Cyber security management

Continuous improvement and documentation

This task helps you comply with the following requirements

1.5.2: External review of ISMSTISAX
30 § 6°: Non-conformités et mesures correctivesNIS2 Belgium
PR.IP-7: Protection processes are improved.CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.CyberFundamentals
PR.IP-7: Protection processesNIST
ID.IM-03: Improvements from operational processes, procedures, and activitiesNIST 2.0
ID.IM-01: Improvements from evaluationsNIST 2.0
45.(3): Neatbilstības un koriģējošās darbībasNIS2 Latvia
Article 36: ICT security testingDORA simplified RMF
21.4: Non-conformities and corrective actionsNIS2
Archiving and retaining outdated security documentation
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Archiving and retaining outdated security documentation

This task helps you comply with the following requirements

A.10.2: Retention period for administrative security policies and guidelinesISO 27018
Segregation of information security related duties
Critical
High
Normal
Low
9
requirements
Risk management and leadership
Cyber security management

Segregation of information security related duties

This task helps you comply with the following requirements

6.1.2: Segregation of dutiesISO 27001
ID.RA-3: Threat identificationNIST
PR.AC-4: Access permissions and authorizationsNIST
PR.DS-5: Data leak protectionNIST
HAL-02.1: Tehtävät ja vastuut - tehtävien eriyttäminenJulkri
5.3: Segregation of dutiesISO 27001
1.1.2: Identify the organisation’s structures and processes for security managementNSM ICT-SP
PR.AA-05: Principles of least privilege and separation of dutiesNIST 2.0
ID.RA-03: Internal and external threats to the organizationNIST 2.0
Security roles, responsibilities, and objectives derived from the organization's goals
Critical
High
Normal
Low
5
requirements
Risk management and leadership
Cyber security management

Security roles, responsibilities, and objectives derived from the organization's goals

This task helps you comply with the following requirements

ID.BE-3: Organizational mission, objectives, and activitiesNIST
69: Digiturvan huomiointi osana kokonaisuuttaDigiturvan kokonaiskuvapalvelu
ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated.CyberFundamentals
GV.RR-02: Roles and responsibilities in cybersecurity risk managementNIST 2.0
GV.OC-01: Cybersecurity risk management aligned with the organizational missionNIST 2.0
Kasautumisvaikutuksen huomiointi suojattavien kohteiden luokittelussa
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Kasautumisvaikutuksen huomiointi suojattavien kohteiden luokittelussa

This task helps you comply with the following requirements

HAL-04.3: Suojattavat kohteet - kasautumisvaikutusJulkri
2.4: Luokittelu ja turvallisuusluokitteluTiHL tietoturvavaatimukset
Identifying and documenting dependencies between assets
Critical
High
Normal
Low
4
requirements
Risk management and leadership
Cyber security management

Identifying and documenting dependencies between assets

This task helps you comply with the following requirements

HAL-04.5: Suojattavat kohteet - riippuvuudetJulkri
Article 8: IdentificationDORA
4.1.2: Perform a business impact analysisNSM ICT-SP
1.1.5: Identify the organisation’s deliverables, information systems and supporting ICT functionsNSM ICT-SP
Muiden tietoturvavaatimusten seuranta
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Muiden tietoturvavaatimusten seuranta

This task helps you comply with the following requirements

HAL-05: VaatimuksetJulkri
HAL-05.1: Vaatimukset - seurantaJulkri
Tietoturvallisuuteen liittyvän dokumentaation ajantasaisuus
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Tietoturvallisuuteen liittyvän dokumentaation ajantasaisuus

This task helps you comply with the following requirements

HAL-09.1: Dokumentointi - ajantasaisuusJulkri
Luettelo turvaluokiteltuja asiakirjoja käsittelevistä henkilöistä valtionhallinnossa
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Luettelo turvaluokiteltuja asiakirjoja käsittelevistä henkilöistä valtionhallinnossa

This task helps you comply with the following requirements

HAL-14.1: Käyttö- ja käsittelyoikeudet - ajantasainen luettelo - TL IIIJulkri
Varautumista ohjaavan lainsäädännön tunnistaminen ja dokumentointi
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Varautumista ohjaavan lainsäädännön tunnistaminen ja dokumentointi

This task helps you comply with the following requirements

VAR-01: Varautumista ohjaava lainsäädäntöJulkri
Maintaining chosen theme-specific policy documents
Critical
High
Normal
Low
10
requirements
Risk management and leadership
Cyber security management

Maintaining chosen theme-specific policy documents

This task helps you comply with the following requirements

9.2 §: Kyberturvallisuuden toimintaperiaatteetKyberturvallisuuslaki
1.1.1: Availability of information security policiesTISAX
1.5.1: Assessment of policies and requirementsTISAX
Article 29: Information security policy and measuresDORA simplified RMF
CC5.3: Establishment of policiesSOC 2
5.1.1: Policies for information securityISO 27001
6.1: Yleiset tietoturvakäytännötTietoturvasuunnitelma
7.5: Requirements for documented informationISO 27001
5.1: Policies for information securityISO 27001
Determination and adequacy of the cyber security budget
Critical
High
Normal
Low
7
requirements
Risk management and leadership
Cyber security management

Determination and adequacy of the cyber security budget

This task helps you comply with the following requirements

Članak 29.a: UpravljanjeNIS2 Croatia
10 §: Johdon vastuuKyberturvallisuuslaki
Article 5: Governance and organisationDORA
5: Riittävä digiturvallisuuden budjettiDigiturvan kokonaiskuvapalvelu
20.1: Top management commitmentNIS2
Internal communication about the organization's risk situation
Critical
High
Normal
Low
6
requirements
Risk management and leadership
Cyber security management

Internal communication about the organization's risk situation

This task helps you comply with the following requirements

16: Organisaationlaajuinen viestintä riskitilanteestaDigiturvan kokonaiskuvapalvelu
DE.DP-4: Event detection information is communicated.CyberFundamentals
RC.CO-2: Reputation is repaired after an incident.CyberFundamentals
4.1.5: Determine which communication channels to use in the event of an incidentNSM ICT-SP
GV.RM-05: Communication lines for cybersecurity risks across the organizationNIST 2.0
27 § 1°: Volontaire échanger des informations pertinentes en matière de cybersécuritéNIS2 Belgium
Adequacy of digital security resourcing
Critical
High
Normal
Low
5
requirements
Risk management and leadership
Cyber security management

Adequacy of digital security resourcing

This task helps you comply with the following requirements

14.5.2): Aukščiausiosios vadovybės atsakomybėNIS2 Lithuania
70: Riittävät resurssit digiturvan kehittämiseenDigiturvan kokonaiskuvapalvelu
1.2.2: Information Security ResponsibilitiesTISAX
GV.RR-03: Adequate resources for cybersecurity risk strategy and policiesNIST 2.0
31 § 1°: Approbation des mesures de gestion des risques de cybersécuritéNIS2 Belgium
Preparation for information campaign against the organization
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Preparation for information campaign against the organization

This task helps you comply with the following requirements

76: Varautuminen informaatiovaikuttamiseenDigiturvan kokonaiskuvapalvelu
Supervision carried out by the board of the organization
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Supervision carried out by the board of the organization

This task helps you comply with the following requirements

CC1.2: Board of directors oversightSOC 2
Data collection and processing
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Data collection and processing

This task helps you comply with the following requirements

CC2.1: Quality information to support internal controlsSOC 2
3.1: Establish and Maintain a Data Management ProcessCIS 18
Defining the units of your organization
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Defining the units of your organization

This task helps you comply with the following requirements

CC1.3: Established responsibilitiesSOC 2
Consideration of external goals when setting information security objectives
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Consideration of external goals when setting information security objectives

This task helps you comply with the following requirements

CC3.1: Sufficient specifying of objectivesSOC 2
Recognizing the technology needed to accomplish the cybersecurity goals
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Cyber security management

Recognizing the technology needed to accomplish the cybersecurity goals

This task helps you comply with the following requirements

CC5.2: Control activities for achievement of objectivesSOC 2
3.3.1: Create a plan for analysing data from security monitoringNSM ICT-SP
A strategy for cyber security architecture
Critical
High
Normal
Low
7
requirements
Risk management and leadership
Cyber security management

A strategy for cyber security architecture

This task helps you comply with the following requirements

ARCHITECTURE-1: Establish and Maintain Cybersecurity Architecture Strategy and ProgramC2M2
ARCHITECTURE-3: Implement IT and OT Asset Security as an Element of the Cybersecurity ArchitectureC2M2
ARCHITECTURE-4: Implement Software Security as an Element of the Cybersecurity ArchitectureC2M2
ARCHITECTURE-2: Implement Network Protections as an Element of the Cybersecurity ArchitectureC2M2
ARCHITECTURE-5: Implement Data Security as an Element of the Cybersecurity ArchitectureC2M2
14.1.: Tinklų ir informacinių sistemų atitiktis.NIS2 Lithuania
30.(1): Infromācijas sistēmas atbilstošā infrastruktūrā vai datu centrosNIS2 Latvia
Strategy for cyber security program
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Strategy for cyber security program

This task helps you comply with the following requirements

PROGRAM-1: Establish Cybersecurity Program StrategyC2M2
Establishing and maintaining a cyber security program
Critical
High
Normal
Low
requirements
Risk management and leadership
Cyber security management

Establishing and maintaining a cyber security program

This task helps you comply with the following requirements

PROGRAM-2: Establish and Maintain Cybersecurity ProgramC2M2
Ensuring record integrity related to security requirements
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Ensuring record integrity related to security requirements

This task helps you comply with the following requirements

7.1.1: Compliance managementTISAX
Procedure for classification of projects
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Procedure for classification of projects

This task helps you comply with the following requirements

1.2.3: Information Security requirements in projectsTISAX
Data protection certifications
Critical
High
Normal
Low
7
requirements
Risk management and leadership
Cyber security management

Data protection certifications

This task helps you comply with the following requirements

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicimaNIS2 Croatia
9.2 §: Kyberturvallisuuden toimintaperiaatteetKyberturvallisuuslaki
9.1 §: Toimien vaikuttavuuden arviointiKyberturvallisuuslaki
21.2.f: Assessing effectiveness of security measuresNIS2
18.2.2: Compliance with security policies and standardsISO 27001
Evaluating the efficiency of internal audits
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Evaluating the efficiency of internal audits

This task helps you comply with the following requirements

Article 5: Governance and organisationDORA
Priority classification of an organization's information assets
Critical
High
Normal
Low
7
requirements
Risk management and leadership
Cyber security management

Priority classification of an organization's information assets

This task helps you comply with the following requirements

ID.AM-5: Resource prioritizationNIST
HAL-04.2: Suojattavat kohteet - luokitteluJulkri
CC3.2: Identification of risks related to objectivesSOC 2
2.4: Luokittelu ja turvallisuusluokitteluTiHL tietoturvavaatimukset
ID.AM-5: Resources are prioritized based on their classification, criticality, and business value.CyberFundamentals
ID.AM-05: Prioritizing criteria for assetsNIST 2.0
3.7: Establish and Maintain a Data Classification SchemeCIS 18
Considering the possibility of fraud in risk assessment
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Cyber security management

Considering the possibility of fraud in risk assessment

This task helps you comply with the following requirements

CC3.3: Potential of fraud is consideredSOC 2
Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement
Cyber security management
of the framework  
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
No other tasks found.
Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security