Slovakia (SK)

Current Status: The National Strategy for Information Safety of Slovakia was approved by the Slovak Government in August 2008 and deployed from April 2009.  

Strategic priorities:

  • Protection of human rights and freedoms in using National Information and Communication Infrastructure (NICI)
  • Building of awareness and competence in information security;
  • Creation of secure environment;
  • Improvement of effectiveness in information security management;
  • Insurance of sufficient protection of the state ICI and ICI supporting the state critical infrastructure;
  • National and international cooperation;
  • Enhancement of national competence.

Main goals:

  • Protection of national cyber space is a system operating conceptually, in a coordinated manner, efficiently, effectively, and on a legal basis.
  • Security awareness of all components of society is systematically increasing.
  • The private and academic sectors as well as civil society actively participate in the formulation and implementation of the policy of the Slovak Republic in the area of cyber security.
  • Efficient collaboration is provided for both at national and international levels.
  • The adopted measures are adequate and respect the protection of privacy and basic human rights and freedoms.

National Cyber Security Strategy

Year of adoption

The national cybersecurity strategy was approved in 2008 and deployed in 2009.

The central strategic document for cyber security is the National Strategy for Information Security of the Slovak Republic (NSIS) 2009–2013, enacted by Government Regulation No. 570/2008. The strategy was drafted by the Ministry of Finance of the Slovak Republic. The National Strategy for Information Safety of Slovakia was approved by the Slovak Government in August 2008 and deployed from April 2009.
Updates and revisions Cyber Security Concept of the Slovak Republic for 2015 - 2020
Implementation and monitoring

Cyber security at a national level belongs to the scope of powers of the relevant central state administration body, with competences and powers defined in general by the Competence Act and specifically by a special law (Cyber Security Act).

Strategy implementation consists in approving the NSIS document by the Slovak government, resolving the key tasks defined under the strategic priorities, and preparing a Slovak information security action plan for 2008-2013 and its approval by the government. Progress reports, including task assessments, will be submitted to the government on an annual basis, along with any proposals.

Main measures  related to businesses

There is no legislation or policy in place in the Slovak Republic that requires the establishment of a written information security plan.

Information practices for the Government of the Slovak Republic are set in the Act of 20 April 2006 on Information System of Public Administration and on Certain Amendments 2006 and the Act of 11 March 2004 on the Protection of Classified Information and on the Amendment and Supplementing of Certain Acts 2004.  

Specific legislation and regulation related to cybersecurity has been enacted through the following instruments:

- For banks: Law 483/2001 & Law 747/2004 –

- For public administration : Law 275/2006

- For telecommunication sector: Law 351/2011 –

- For Personal identifiable information: Law 122/2013

Operational capacities The key to the organisational structure for cyber security and cyber defence in Slovakia is the distinction made between the management and information security of classified and unclassified information. The former is dealt with by the National Security Authority (NSA); the latter is under the supervision of the Ministry of Finance. Mutual communication is facilitated by the Ministry of Finance’s Committee for Information Security, which has an advisory and coordinating role, preparing ‘strategic and technical materials on information security’.
Public-private partnerships

There are no defined public-private partnerships for cybersecurity

Sector-specific cyber-security plans The Slovak Republic does not have sector-specific joint public-private plans in place. Sector-specific security priorities and risk assessment have not been defined.
Risk assessment plan  
Progress measures  
Date of last WISER analysis September 2016

 

Current status: NIS Directive and national CERTs/CSIRTs


 
Computer security incident response teams (CSIRTs) The Computer Security Incident Response Team of Slovakia, CSIRT.SK, operates as an independent department of DataCentrum, an organisation financed from the budget of the Ministry of Finance. The CSIRT is headed by a Director and has three subordinate departments: the Technical Department responsible for monitoring and gathering information about cyber security threats and risks; the National Information and Communication Infrastructure (NICI) Department which deals with incident handling; an Education Department, which develops and implements education concepts for the security managers and ICT securitystaff of state and public institutions, and for the general public and cyber security professionals. Although the CSIRT.SK is the only registered CSIRT in Slovakia, a number of organisations are dedicated to monitoring the state of security in their particular network. Among them are: Sanet (Slovak academic Network, member of TERENA), ISACA Slovak Chapter, ITAS (IT Association of Slovakia), Sasib (Slovak Association for Information Security). Slovakia is also a part of the Central and Eastern European Networking Association (CEENet), whose primary mission is to ‘co-ordinate the international aspects of the academic, research and education networks in Central and Eastern Europe and in adjacent countries’, but their cooperation has evolved into computer network security. CSIRT.SK is accredited by Trusted Introducer, which gathers mostly European CERT/CSIRT teams and represents a platform for exchange of knowledge and experience in handling computer security incidents.
Best practices:

N.A.

Monitoring system

Not currently known.

Report an incident You can report a security incident by sending an e-mail to incident@csirt.gov.sk
https://www.csirt.gov.sk/incident-report-86c.html
Languages English/Slovak
Date of last WISER analysis September 2016

 

Contact us for more info