Security of information, Information and Communication Technologies and DM

Plamen Koynov
Head of Security of information, Information and Communication Technologies and DM Division
 
Contact Information:
Address: Sofia 1038, 2, "P. Volov" Str.
Telephone: +359 2 9857 744
 

The “Security of information, Information and Communication Technologies and DM” Division (SIICT&DM) shall perform the following activities:

1. perform a leading role in developing and implementing Information Security Policy, procedures and plans, as monitor the harmonization with current legislation, existing international standards and generally accepted good practices;

2. develop, provide and monitor the implementation of procedures for management of work and changes to all means of information processing by establishing and allocating responsibilities and obligations;

3. participate in developing, provide and monitor the implementation of a system of preventives in order to prevent and detect the introduction of malware and unauthorized portable software onto the organization's information resources;

4. participate in developing, provide and monitor the implementation of procedures for reservation of the systems and preparation, management and storage of regulated periodical backups;

5. participate in developing, provide and monitor the implementation of a system of preventives and additional mechanisms for secure network management within the organization concerning data flow, business applications, monitoring and safety;

6. participate in developing, provide and monitor the implementation of procedures for management, handling, storage and protection of documents, information media, input/output data and system documentation, as taking into account all threats of unauthorized disclosure, modification and/or destruction;

7. participate in developing, provide and monitor the implementation of a system of methods and techniques for monitoring the information systems and the actions taken on them, in order to control the effectiveness of implemented control mechanisms;

8. propose and monitor the implementation of procedures for defining and controlling the rights and privileges of access to information systems, application and network services owned by the organization;

9. provide and monitor the implementation of procedures and a system of security tools that regulate access to all operating systems, applied software and information within the organization;

10. provide and monitor the implementation of preventives and additional mechanisms for the use of laptops and remote tools;

11. participate and analyze the requirements and specifications for security of information systems;

12. participate in projects, propose and analyze a system of control mechanisms to ensure the proper operation of applied systems, based on security requirements and risk assessment;

13. participate in developing, provide and analyze the use of cryptographic control mechanisms and the management of cryptographic techniques and keys;

14. develop, provide and monitor the implementation of reporting procedures and event response procedures related to information security;

15. develop, provide and monitor the implementation of procedures for the effective treatment of events and weaknesses related to information security by establishing and allocating responsibilities and obligations;

16. participate in developing, provide, analyze, and monitor the implementation of maintenance activities and/or recovery activities for all means of information processing in disasters, emergencies and unforeseen situations and to ensure the availability of information after an interruption or critical business process malfunction;

17. initiate/provide administrative and financial actions needed in order to ensure the planning, operation, monitoring and continuous improvement of information security;

18. initiate a need for qualification of staff performing activities on functioning of the security elements;

19. provide consultations and methodological guide on all issues related to security management of other structures within the NSI;

20. initiate extraordinary meetings of the bodies designated for information security;

21. initiate proposals for amendments to internal security regulations;

22. participate in defining the scope of information security concerning the characteristics of the organization's activities, its location, assets and technologies;

23. participate in preparation, discussion and adoption of the Information Security Policy and its objectives;

24. participate in discussion and adoption of the classification of assets and their owners;

25. participate in defining and adopting of risk assessment methodology;

26. participate in discussion and adoption of the risk assessment reports, Plan on risk treatment and residual risks;

27. participate in developing, discussion and adoption of feasibility declaration;

28. participate in discussion and adoption of all information security procedures;

29. participate in discussion and adoption of roles and responsibilities on information security;

30. get acquainted with the results of the external audits carried out, as well as perform internal audits of the management system on information security.

31. monitor for the observance of the requirements of the Law on protection of classified information;

32. develop a plan for protection of classified information by organizational, physical and technical means;

33. organize security and the checkpoint regime at the premises of the Head Office of the NSI;

34. create conditions for implementing the activities of the specialized administration during crises;

35. keep registries for classified information;

36. organize the defence and mobilization training;

37. administer, maintain and operate the database of Information System for products with special purpose or with possible dual-use;

38. perform other activities arising from regulations related to classified information.