Security Monitoring of Electronic Information Systems of Central and Local Government Agencies
Section 14 of Act L
- monitoring classification and security level assignment, and making decisions according to the findings
- monitoring compliance with the legal requirements applicable to the classification of electronic information systems and the security levels of the organisations
- ordering the elimination of security deficiencies detected during the inspection or acquired in any other way, and evaluating efficiency of it
- conducting risk assessment based on the available information
- investigating all the security incident reports received
- making proposals for the sectoral designation authority defined in the Act on the identification, designation and protection of vital systems and facilities, which performs protective regulation for vital systems and facilities, to designate a national vital system element
- cooperating with the electronic administration supervisory authority defined in the Act on the general rules for the official procedures and services of public administration with regard to monitoring the accomplishment of security requirements applicable to regulated electronic administration service providers
- liaison with the national security services in the field of electronic information security
- maintaining contact with the incident management teams defined in subsections (1)-(4) of section 19
- checking compliance with the applicable information security requirements in the design phase of development projects financed by central or EU funds
- participating in the National Cyber Security Coordination Council’s information-technology, network-security, information-sharing and incident-handling working groups
Section 16 of Act L
Further Power of the Authorities
- shall check the relevant organisations’ compliance with the statutorily defined security requirements and the related procedural rules
- shall request the documents required to prove compliance with the requirements and review the documentation submitted according to Section 12 b)
- shall check security classification and the assignment of security level, check the protective measures, order measures to eliminate the defects revealed and check the implementation of such measures
- in the design phase of development projects financed by central or EU funds shall check compliance with the applicable information security requirements
- shall organise domestic information security, vital information infrastructure protection and cyber protection exercises
- upon request shall represent Hungary at international information security, vital information infrastructure protection and cyber protection exercises
- shall exercise the right to comment on the Government Incident Management Centre’s proposal on the rules to be followed in the case of cross-sectoral security incidents and responsibilities.
The Authority shall record and manage
Section 15 of Act L
- the data required for identifying the organisation
- the designation of the organisation’s electronic information systems, the security class of the electronic information systems and the organisation’s security level, and the technical details of the electronic information systems specified in a separate law
- the personal identification data, telephone and fax number, e-mail address and qualification defined in subsection (8) of Section 13 of the organisation’s person in charge of electronic information system security
- the organisation’s information security regulation
- security incident reports
The documents used in some of the authority’s procedures
- Application forms declared in Section 10/B of Government Decree 187 of 2015
- the employment or assignment contract of the person responsible for the security of the electronic information system of the organisation Subsection (3) of Section 11 of Government Decree 187 of 2015
- Certificate of Criminal Report subsection (8) of section 13 of Act L
- tender documents according to the development projects financed by central or EU funds
- Information-transfer policies submitted by the Supervision of the Electronic Administration ( subsection (5) of section 152 of Government Decree of 451 of 2016)
- Contracts according to section 11 of Act. L (1) k)-l) and (3)
- Action plans according to subsection (5) of section 8, subsection (7) of section 10 of Act L, and point e. of section 20 of Government Decree of 187 of 2015
- Reports on vulnerability test according to subsection (6) of section 18 of Act L
- Further documents according to subsection of (1) b) of section 16 of Act L.