Head of Security of information, Information and Communication Technologies and DM Division
The Security of information, Information and Communication Technologies and DM Division (SIICT&DM) shall perform the following activities:
1. perform a leading role in developing and implementing Information Security Policy, procedures and plans, as monitor the harmonization with current legislation, existing international standards and generally accepted good practices;
2. develop, propose and monitor the implementation of procedures for management of work and changes to all means of information processing by establishing and allocating responsibilities and obligations;
3. participate in the development, propose and monitor the implementation of a system of safeguards and additional mechanisms for the secure management of networks in the organization, in terms of data flow, business applications, monitoring and safety;
4. participates in the development, proposes and monitors the implementation of procedures for the management, handling, storage and protection of classified and sensitive information and documentation, taking into account all threats of unauthorized disclosure, modification and/or destruction;
5. participate in the development, propose and monitor the implementation of a system of methods and techniques for monitoring information systems and the actions performed on them in order to control the effectiveness of the implemented control mechanisms;
6. participate in and analyze information systems security requirements and specifications;
7. participate in projects, propose and analyze a system of control mechanisms to ensure the correct operation of application systems, based on security requirements and risk assessment;
8. develop, propose and monitor the implementation of procedures for reporting and responding to events related to information security;
9. develop, propose and monitor the implementation of procedures for the effective treatment of events and weaknesses related to information security, establishing and allocating responsibilities and obligations for this purpose;
10. participate in the development, propose, analyze and monitor the implementation of activities to maintain and/or restore all means of information processing, in the event of disasters, accidents and unforeseen situations and to ensure the availability of information after interruption or malfunction of a critical business process;
11. initiate/propose administrative and financial actions necessary to ensure the planning, action, monitoring and continuous improvement of information security;
12. initiate the need for qualification of staff performing activities on the functioning of security elements;
13. provide consultations and methodological guidance on all issues related to security management of other structures in NSI;
14. initiate extraordinary meetings of the bodies designated for information security;
15. initiate proposals for amendments to internal security regulations;
16. participate in determining the scope of information security in relation to the characteristics of the organization's activity, its location, assets and technologies;
17. participate in the preparation, discussion and adoption of information security policy and objectives;
18. participate in the discussion and adoption of the classification of assets and their owners;
19. participate in the determination and adoption of the risk assessment methodology;
20. participate in the discussion and acceptance of the risk assessment reports, risk treatment plan and residual risks;
21. participate in the development, discussion and adoption of the applicability declaration;
22. participate in the discussion and adoption of all information security procedures;
23. participate in the discussion and acceptance of roles and responsibilities for information security;
24. get acquainted himself with the results of the external audits performed, as well as perform internal audits of the information security management system;
25. monitor compliance with the requirements of the Classified Information Protection Act
26. develop a plan for the protection of classified information through organizational, physical and technical means;
27. organize and is responsible for the access and security regime in the administrative buildings of the NSI Head Office (low and high body);
28. create conditions for carrying out the activities of the specialized administration in crisis conditions;
29. keep registries for classified information;
30. organize the defense-mobilization preparation;
31. administer, maintain and operate the database of the access control and working time systems;
32. carry out other activities resulting from the enactments related to classified information.