Ing. Miroslav Fryšar is the Chairman of the Board of Directors of F.S.C. BEZPEČNOSTNÍ PORADENSTVÍ, a.s., which is the largest consultancy firm in the Czech Republic in the field of the protection of persons, property, information, and security management services. He is also the President of the Czech Association of Security Managers, which brings together the security managers of companies and institutions from the private and public sectors in the Czech Republic.technology.
The current era is full of dynamic changes and new security risks. How do you respond to this, and what can you offer your clients?
We realise that we have to take security risks much more seriously than in the past. Therefore, we need to update the security risk analyses we have already carried out. Subsequently, we must ask ourselves whether our existing security measures would withstand these risks. In many cases, security measures will not only need to be supplemented but also increased. Protecting information on identified security weaknesses and followup security measures is also an important requirement. System measures and information specification, e.g. access passwords or codes should be protected in a special regime. Another problem is that the suppliers of security measures are companies without security assurance certification. This applies not only to physical protection but also to cyber security. We primarily offer our clients security risk consultation and analysis, security audits and penetration tests, technical security additions or renewal projects, updates to security documentation and internal guidelines, the contractor provisioning of security positions, BCM and supply chain security implementations, and defensive technical inspections against the deployment of eavesdropping technology. A fundamental principle of our work is the independence of recommendations and outputs from security contractors.
The new requirements in cyber security have a current impact not only on companies in the defence industry. Can you define these requirements?
In general terms, there is only one requirement– “to secure information and communication systems against cyber-attacks”. The fundamental change is primarily the extension of the scope of the legislation to a much larger number of obliged entities. They will not be asked to comply with the obligations, but instead have to sign up themselves to fulfil them. It is necessary to carry out an analysis comparing the measures taken so far with the requirements of the new legislation and to prepare a Cybersecurity Measures Implementation Plan, including the preparation of cybersecurity documentation, the introduction of a risk assessment and management system, processes and security management, ensuring the security of the information system – applications, software, hardware and other IT equipment, the selection of IT service providers, the provision of training for employees in the field of information security, the introduction of records and reporting and incidents, ensuring business continuity in the event of an accident and the process of the continuous improvement of the system and cybersecurity measures. The plan should include a budget for the implementation of each measure. Subsequently, these measures need to be implemented.
If you contact FSC SAFETY ADVISORY, a.s. in order to solve the two problems mentioned above or other security issues, we will be happy to provide you with our professional services that we have been providing for more than 20 years.
Thank you for the interview.
