With the growth of digital threats (which is not new), many entities have been increasing their level of maturity with regard to Cybersecurity. Find out which entities are required to communicate a (Cyber) Security Officer to the CNCS and what their roles are.
Cybersecurity consists of a set of measures and actions necessary to prevent, monitor, detect, analyze and correct networks and information systems in the face of the threats to which they are exposed. The objective is to maintain a desired state of security and guarantee confidentiality, integrity, availability and non-repudiation of information.
In Portugal, the National Cybersecurity Center (CNCS) develops its mission with the aim of contributing to a free, reliable and safe use of cyberspace of national interest. The CNCS acts as an operational coordinator and national authority on cybersecurity with State entities, operators of national critical infrastructures, operators of essential services and digital service providers.
Decree-Law No. 65/2021 and the Person Responsible for (Cyber) Security
Entities within the scope of application of Decree-Law no. 65/2021, of July 30, have the obligations to designate a person responsible for (Cyber)Security (article 5 of Decree-Law no. 65/2021, July 30th).
The (Cyber) Security Officer, designated by the entities, is responsible for management of all the measures adopted in terms of security requirements and incident notification, under the terms of the Cyberspace Security Legal Regime and Decree-Law No. 65/2021, of July 30th. In addition to ensuring the conformity According to the law, the (Cyber) Security Officer must:
- Define the Information Security Strategy
- Ensure the implementation of Security Policies
- Implement risk management strategies
- Implement incident management processes
- Ensure the implementation of good practices in the area of (Cyber) Security
- Provide awareness-raising actions
In addition, the (Cyber) Security Officer must also prepare and sign the following documents:
- Asset lists (hardware and software)
- Security Plan;
- Annual (Cyber)Security Report
The designation of the security responsible must be communicated to the CNCS in accordance with what is defined in Decree-Law no. 65/2021. In hierarchical terms, it is recommended that the Head of (Cyber) Security reports to top management.
 Security Officer?){kind=link}