Kibernetinio saugumo reikalavimai apima šiuos elementus: kitus atskiriems sektoriams arba atskiroms kibernetinio saugumo subjektų grupėms taikomus kibernetinio saugumo reikalavimus, nustatytus atsižvelgiant į identifikuotas atskirų sektorių kibernetinio saugumo rizikas
Compliance with required laws, regulations, standards, and contractual obligations can be as challenging as dealing with an ever-changing threat environment and new forms of cyber-attacks.
The organization shall document the information security requirements and the organisation's operating model for meeting them.
It is important to note that a large part of the requirements (e.g. laws, standards) are evolving entities. It is recommended to define a review interval for the documentation to describe the frequency at which changes in the requirements should at least be checked.
The organization's own place and role in the critical infrastructure is defined and communicated to the necessary parties.
It is important to recognize whether society is more broadly dependent on the services produced by the organization. Such criticality of the operation can increase the risks of, for example, hybrid and information influence and emphasizes the need to be prepared for them.
The organization shall actively maintain contacts with stakeholders relevant to the organization's operations and other relevant actors related to the organization's operations and security.
The goal is especially to:
After risk treatment, the organization assesses the remaining level of residual risk per risk.
Regarding the residual risk, clear decisions are made by the risk owner to either close the risk or return the risk to the processing queue.