In cyber security, EZÚ offers a comprehensive product divided into three levels.
Characterised by a purely system approach and is sort of a stepping stone towards the truly thorough cyber security reached in Levels 2 and 3. This level focuses on the implementation and control of the fundamental processes needed to create basic cyber security (risk management, threat and vulnerability management, preparation and implementation of security measures, continuous improvement and internal audits). Once the successful fulfilment of the requirements set out by the regulations is verified, the Essential Certificate of Cybersecurityis awarded. The system approach consists of applicable international standards and legislation of the Czech Republic relating to the following:
- Act No. 181/2014 Coll. (Cyber Security Act) and Decree no. 82/2018 Sb. (Cyber Security Decree)
- ČSN ISO/IEC 27001, Information Technology – Security Technology – Information Security Management Systems – Requirements
- ČSN ISO/IEC 20000 Information Technology – Service Management – Part 1: Service Management System Requirements
Mandatory legislation applicable to public administration:
- Act No. 365/2000 Coll., on Public Administration Information Systems
- Government Resolution no. 624/2001
Characterised by a transition from a purely system approach to an approach that also includes the security of software, networks and repositories, supply chains and security tests. The system approach is extended to ensure greater cyber security. If all requirements are met, the Enhanced Certificate of Cybersecurity is granted.
Builds on the previous level and represents the deepest view of cyber security. This view includes specific security components and looks in more detail at software security and security tests. The focus on hardware and firmware security is a new aspect. This ensures the highest possible level of cyber security. The entire effort is topped off with the acquisition of the Top-Level Certificate of Cybersecurity.