top of page

NIS risk management service

Activities

  • With the help of interviews, we assess the security of the organization's IT system and facilities

  • According to ISO 27005, we develop the documentation methodology and regulations of risk management

  • We carry out the risk analysis

  • We develop an action plan to reduce possible risks 

    • We exclude risks that cannot be taken into account based on the operation of the organization, reducing the administrative burden

    • We look for the most optimal risk management method in terms of maintaining business operations

    • We make a proposal for the preparation of regulations

    • If possible, we recommend an administrative solution instead of costly additional investments

  • We document the results of risk management

  • We provide a regular review service

  • In case of possible damage to the system, we document the incident and support the documentation of the official notification

  • Fact-based decision making

  • Risk-based thinking

Activities

  • With the help of interviews, we assess the security of the organization's IT system and facilities

  • According to ISO 27005, we develop the documentation methodology and regulations of risk management

  • We carry out the risk analysis

  • We develop an action plan to reduce possible risks 

    • We exclude risks that cannot be taken into account based on the operation of the organization, reducing the administrative burden

    • We look for the most optimal risk management method in terms of maintaining business operations

    • We make a proposal for the preparation of regulations

    • If possible, we recommend an administrative solution instead of costly additional investments

  • We document the results of risk management

  • We provide a regular review service

  • In case of possible damage to the system, we document the incident and support the documentation of the official notification

  • Fact-based decision making

  • Risk-based thinking

Risk management risk analysis according to directive 2016/1148 and 270/2018. (XII. 20.) in accordance with government decree 

Full service for medium and large companies. With business and commercial thinking, we keep the company's functionality in focus so that it meets the documentation requirements in all respects.

The EU directive is implemented in Hungary by 270/2018. (XII. 20.) The legislator raised it to the legal level of the member states by government decree. The government decree obligates the following organizations to implement protection measures commensurate with the risks (compliant with ISO 27001, 27005, 31001 standards).

  • online marketplaces (ebay, vatera, jófogs, etc.) web stores regardless of whether they provide services to natural or legal persons or serve a reseller network

  • Hosting, infrastructure or cloud-based software provider

  • Search service provider

for medium or large companies, also 

  • the Ekertv. to intermediary service providers, including application service providers.


"Application provider: a natural or legal person or other organization without legal personality who, using an electronic communication network, provides access to some software or hardware, software application, and related services on a specific software or web interface for several users, in time in a limited or unlimited manner, in exchange for monthly or usage-based compensation or in free form" íAccordingly, the operators of the online store also."

nis2-felkeszites-tanacsadas
Risk assessment

The risk analysis is performed in accordance with industry standards (ISO 27001, 27005, 31001). Accordingly, it also covers the following.

  • for the security of network and information systems and facilities,

  • to manage security incidents and

  • to ensure business continuity.

Risk management

Based on the risk analysis, the organization must also implement security measures commensurate with the risks.

  • Development of necessary regulations

  • Information security policy

  • Definition and documentation of the risk acceptance criteria of the risk analysis methodology.

Business continuity

Based on the requirements of the regulation, the executive order of the regulation requires the preparation of a business continuity plan and an action plan applicable in the event of a disaster, based on a business impact analysis.

  • Business Impact Analysis (BIA)

  • Business continuity or service plan (BCP, Business Continuity Plan)

  • Disaster Recovery Plan (DRP)

Review and test

In accordance with the requirements of the regulation, every organization must review the established risk analysis annually and, in case of changes in risks, a new risk management plan must be developed. 

  • Annual review

  • Documentation update

  • BCP and DRP test

A NIS2 a korábbi EU 2016/1148 NIS irányelv továbbfejlesztett változata. Célja a kiberbiztonság stabilitásának növelése az illetékes hatóságok és az EU között.

 

Magyarországon több ezer közepes és nagyvállalat esik a NIS2 irányelv hatálya alá, az érintett szervezeteknél különös hangsúlyt kap majd a folyamatos hatósági ellenőrzés, és emellett független auditorok által végzett kockázat értékelés is kötelező.

 

Az uniós tagállamoknak intézkedéseket kell tenniük hálózataik és információs rendszereik kiberbiztonságának fokozása érdekében, nemzeti riasztórendszereket kell létrehozniuk , és a kiberbiztonság terén a NIS 2 értelmében együtt kell működniük más uniós tagállamokkal és uniós intézményekkel.

 

Az EU 2022/2555 irányelvének és a 2023. évi XXIII.  a kiberbiztonsági tanúsításról és a kiberbiztonsági felügyeletről szóló törvénynek megfelelő teljeskörű szolgáltatás közép és nagyvállalatok számára. Üzleti, kereskedelmi gondolkodással, a vállalat működőképességét tartjuk a fókuszban úgy, hogy közben mindenben megfeleljen a dokumentációs követelményeknek.

Activities

  • With the help of interviews, we assess the security of the organization's IT system and facilities

  • According to ISO 27005, we develop the documentation methodology and regulations of risk management

  • We carry out the risk analysis

  • We develop an action plan to reduce possible risks 

    • We exclude risks that cannot be taken into account based on the operation of the organization, reducing the administrative burden

    • We look for the most optimal risk management method in terms of maintaining business operations

    • We make a proposal for the preparation of regulations

    • If possible, we recommend an administrative solution instead of costly additional investments

  • We document the results of risk management

  • We provide a regular review service

  • In case of possible damage to the system, we document the incident and support the documentation of the official notification

  • Fact-based decision making

  • Risk-based thinking

Activities

  • With the help of interviews, we assess the security of the organization's IT system and facilities

  • According to ISO 27005, we develop the documentation methodology and regulations of risk management

  • We carry out the risk analysis

  • We develop an action plan to reduce possible risks 

    • We exclude risks that cannot be taken into account based on the operation of the organization, reducing the administrative burden

    • We look for the most optimal risk management method in terms of maintaining business operations

    • We make a proposal for the preparation of regulations

    • If possible, we recommend an administrative solution instead of costly additional investments

  • We document the results of risk management

  • We provide a regular review service

  • In case of possible damage to the system, we document the incident and support the documentation of the official notification

  • Fact-based decision making

  • Risk-based thinking

bottom of page