FSMA and Centre for Cyber Security Publish Guidance for the Management of Cybersecurity Risks
14/10/2019

Just in time for Cyber Security Month: the FSMA has published, in collaboration with the Centre for Cyber Security Belgium, a document on the basic principles for the management of cybersecurity risks. This communication serves as guidance for businesses on the better management of the ever-increasing cybersecurity risks (in a preventive as well as in a reactive manner). The identified principles are fourfold: governance, inventory of resources and risk-analysis, implementation and evaluation of the measures.

A first principle applies on the level of governance (security strategies and support). The FSMA advises all companies to adopt a Cyber Incident Response Plan that identifies the measures necessary to prevent cybersecurity breaches and to respond adequately in the case of an incident. To be effective, such a plan needs to ensure that there is fluent communication between the parties in question: the competent (judicial) authorities, the Cyber Incident Response Teams, the clients, etc. The FSMA stresses the importance of the necessary awareness within the entire company on the issue of cybersecurity and insists on the need to train employees in dealing with cybersecurity incidents, and to provide a clear and quick communication mechanism between all different entities within the cooperation, etc.

Secondly, the FSMA highlights what it considers to be one the most important steps for companies: make inventories of the critical operations in their infrastructure and their supporting information assets (which have to be secured in order to keep the operations stable and secure). This risk-management must be based upon the proportionality principle: the risks that the profile of the company presents must be assessed in order to determine the measures needed.

Thirdly, the FSMA and the Centre for Cyber Security describe the concrete application of these measures in order to protect, detect, react and correct the problems that are the result of cybersecurity incidents. They specifically recommend the appointment of a person responsible within the company to deal with breaches. Also, if there is a contract between the company and an IT service provider, the obligation of the IT service provider to report breaches of their client- and company records needs to be set out in the contract. The company also needs to have in place a formal process to assess whether the security measures implemented by the IT service provider are sufficient. Large companies are advised to deploy a SIEM-solution (Security Information and Event Management). This method analyses the use of the tools and systems within the company in order to detect irregular activity and to predict where security issues may arise in the future in order to proactively react to it.

Lastly, the FSMA and the Center for Cyber Security Belgium stress the importance of regular evaluation. The goal is a continuous improvement cycle: the annual review of risk analyses and control measures in the light of the incidents that occurred during the past year. In any case, they require an evaluation of the effectiveness of the security measures at least once every two years.

Next to the four identified principles, the communication finishes with further specifications: a help guide for SME’s by the Center for Cyber Security Belgium, the importance of the sharing of information regarding cybersecurity (which is obligatory under the Act of 7 April 2019 implementing the NIS Directive in certain cases).

The communication can be very useful for businesses in their quest for compliance with the obligations imposed by the legislator regarding cybersecurity and for the purpose of the security of their network and information systems in general. In any case, it is a good read in the light of Cyber Security Month.

Read the full communication here: https://www.fsma.be/nl/news/fsma-vraagt-aandacht-voor-het-beheer-van-cybersecurityrisicos / https://www.fsma.be/fr/cyber-securite.

Voir aussi : Lydian ( Ms. Olivia Santantonio ,  Mr. Bastiaan Bruyndonckx )

Ms. Olivia Santantonio Ms. Olivia Santantonio
Counsel
olivia.santantonio@lydian.be
Mr. Bastiaan Bruyndonckx Mr. Bastiaan Bruyndonckx
Partner
bastiaan.bruyndonckx@lydian.be

Click here to see the ad(s)

Derniers articles de Ms. Olivia Santantonio

Enforcement of IP rights at the EU borders
16/09/2020

In the new Commission Implementing Regulation 2020/1209 of 13 August 2020, the Commission makes the detention of an EORI n...

Read more

One step further in the Digital Reform: The EU Commission has just published a Q&A on the impleme...
16/07/2020

The first wave of EU legislation regarding the internet emerged twenty years ago. Now the Commission has started the revis...

Read more

Connected Vehicles and GDPR ‚Äď A Status Update after the Public Consultation
14/05/2020

Many vehicles that were launched in the last few years contain sensors, cameras, a GPS and other data capturing technologi...

Read more

Always look on the bright side of life‚ÄĚ: Which remuneration is due to the artists when playing ...
18/04/2020

In these difficult times, where live music performance and events are postponed or cancelled, the economic situation of ar...

Read more

Derniers articles de Mr. Bastiaan Bruyndonckx

One step further in the Digital Reform: The EU Commission has just published a Q&A on the impleme...
16/07/2020

The first wave of EU legislation regarding the internet emerged twenty years ago. Now the Commission has started the revis...

Read more

Connected Vehicles and GDPR ‚Äď A Status Update after the Public Consultation
14/05/2020

Many vehicles that were launched in the last few years contain sensors, cameras, a GPS and other data capturing technologi...

Read more

Net neutrality: are ‚Äėzero-rated‚Äô bundles prohibited traffic management measures under regulat...
23/04/2020

Regulation 2015/2120 laying down measures concerning open internet access (the Regulation), that entered into force in Apr...

Read more

Published: Belgian Act of 7 April 2019 transposing the NIS Directive
14/05/2019

As announced in our previous ezine, on 12 November 2018, the Belgian government submitted a Draft Act establishing a ...

Read more

LexGO Network