Dashboard

Live
Total Incidents
0
Critical/High
0
Compliance Rate
0%
Pending NIS2
0
Active Alerts
0

No active alerts

Recent Incidents
ID Title Severity Status

SoC

Operational overview for security, compliance, suppliers, and monitored assets.

Open Incidents
0
Compliance Rate
0%
Scanner Health
Unknown
Suppliers Tracked
0
Priority Watchlist

Loading operational watchlist...

Coverage Snapshot

Loading coverage snapshot...

Recent Scanner Activity

Loading scanner activity...

Incident Management

Incident ID Title Severity Status Detected Actions

Compliance Controls

Filter controls, open a control, update status/evidence, and save to refresh compliance KPIs.

Overall Compliance
0%
Controls by Framework
Control Implementation Status
Showing 0 controls
Control ID Name Framework Status Actions

Control Dossier

Loading control dossier...
Task Completion
0%
Open Tasks
0
Blocked / Overdue
0 / 0
Evidence Links
0
Overview
Canonical Objective / Scope
Tasks
Progress Updates
Evidence Links
AI Guidance

Guidance will appear after the dossier loads.

Audit History

No audit history loaded.

Supplier Risk Management

Track supplier questionnaires, evidence links, residual risk, and review cadence per entity.

Suppliers Tracked
0
High / Critical
0
Pending Reviews
0
Open Risk Logs
0
Supplier Register
Name Category Criticality Risk Assessments Open Risks Actions
Questionnaire Template

Loading questionnaire template...

Open Supplier Risks

Loading risk highlights...

Supplier Details

Update the supplier profile, assessments, risks, and evidence records from this page.
Profile
Assessments

Loading assessments...

Risk Logs

Loading risk logs...

Documents

Loading documents...

Entities

Create, edit, and assign users across the entity hierarchy without overloading the active entity selector.

Hierarchy

Loading entity hierarchy...

Entity Details
Select an entity to review or edit it.

Loading entity details...

Entity Members
Assign existing users from the active entity roster to the selected entity.
Assign a new user to this entity or update an existing membership.
Email Role Status Primary Actions

Role-Based Access Control

Users
Creating users without explicit entity scope
Email Role Status Actions
Access Matrix

Threat Intelligence Sharing

Shared Threats
Sharing Agreements
Partner Status Actions
NG-SOC Status

Integrated Scanner

Embedded view of the technical scanner service routed securely through the portal proxy.

Open in New Tab
Scanner status: not checked.

AI Security Center

Governed visibility for AI agents, security tools, provider APIs, policies, telemetry, and CISO workflow actions.

How to use this page
Start with the action board. If a provider is not configured, add its API key in the deployment environment. If a finding is open, convert it to a compliance task when it is a control gap, or to an incident when it may affect operations. The assistant uses these records as context, but stored telemetry keeps only redacted previews and hashes.
Agentic Risk Score
0
Open Findings
0
Provider Health Issues
0
Telemetry Errors 24h
0
API Integrations Status
Optional providers
Provider Status Last Run Findings Last Error
Daily CISO Action Board
Managed Agents
Name Provider Risk Sensitivity
Tools and APIs
Name Type Provider Risk
Agent to Tool and Data Risk Graph
Policy Record
Active Policies
AI Security Findings
Actions are audited and require matching RBAC permissions.
Prompt-Injection Simulation

NIS2 SME Compliance Toolkit

Practical templates and tools for NIS2 Directive compliance. Source: paolocarner/nis2-sme-toolkit

πŸš€ Getting Started: 1️⃣ Read the Executive Briefing β†’ 2️⃣ Complete the Gap Assessment β†’ 3️⃣ Review the Incident Response Playbook β†’ 4️⃣ Customize the Information Security Policy
NIS2 Gap Assessment & Crosswalk Tool
Excel Workbook β€’ 7 Tabs

Interactive workbook for assessing compliance readiness and planning implementation.

  • NIS2 Requirements: All 21 Article 21(2) controls with baseline vs. enhanced implementations
  • Gap Assessment: Interactive scoring (0-3 maturity scale) with automatic severity calculation
  • GDPR Crosswalk: 11 overlap areas showing ~55% efficiency opportunity
  • ISO 27001 Crosswalk: 12 control mappings showing ~75% alignment
  • Priority & Roadmap: 12-month phased plan (213 person-days estimated)
  • Compliance Dashboard: Executive summary with roll-up metrics
Download Gap Assessment (Excel)
NIS2 Executive Briefing
RTF Document β€’ 12 Pages

Board/management presentation covering regulatory obligations, timeline, and strategic response.

  • Executive Summary for board consideration
  • NIS2 Directive Overview & timeline
  • Applicability Assessment (size criteria, sector classification)
  • Legal & Financial Consequences (penalties, management accountability)
  • Article 21 Security Requirements (all 10 measures)
  • Implementation Roadmap & Budget Considerations
  • Regional specifics (Belgium vs. Netherlands)
Download Executive Briefing
Incident Response Playbook
RTF Document β€’ 20+ Pages

Operational playbook for managing cyber incidents under Article 23 notification requirements.

  • 4-level severity matrix with notification thresholds
  • 7-phase process: Detection β†’ Classification β†’ 24h Warning β†’ Containment β†’ Investigation β†’ 72h Report β†’ Recovery
  • Critical NIS2 timelines: 24h early warning, 72h detail, 1-month final
  • Regional procedures (Belgium CCB, Netherlands NCSC-NL)
  • 6 key incident response roles with decision authority
  • Containment actions per incident type (ransomware, data breach, DDoS)
  • Evidence collection & forensic procedures
Download Incident Response Playbook
Information Security Policy Template
RTF Template β€’ 3 Pages

Master security policy template satisfying NIS2 Article 21(2)(a) requirements.

  • Purpose & Scope with regulatory alignment (NIS2, GDPR, ISO 27001)
  • Roles & Responsibilities definitions
  • 7 policy areas: Governance, Risk, Assets, Access, Incidents, Training, Third Parties
  • Baseline vs. Enhanced maturity levels
  • Exceptions Process & Compliance Review
  • Document Control template
Download InfoSec Policy Template
Additional Policy Templates Needed (Article 21(2))
  • Risk Management Policy (21.2.a)
  • Incident Management Policy Critical (21.2.b)
  • Business Continuity & DR Policy Critical (21.2.c)
  • Third-Party Risk Management Policy (21.2.d)
  • Secure Acquisition & Development Policy (21.2.e)
  • Vulnerability Management Policy (21.2.f)
  • Cryptography & Key Management Policy (21.2.g)
  • Human Resources Security Policy (21.2.h)
  • Access Control Policy Critical (21.2.i)
  • Asset Management Policy (21.2.j)
  • Authentication Policy (21.2.k)

Use the Information Security Policy as a structural template for developing these additional policies.

NIS2 Article 21 β€” Procurement & SCM Guide

Reference guide for supply chain security requirements. βœ… Implemented 🟑 Partial πŸ”΄ Planned

Π—Π°Π΄ΡŠΠ»ΠΆΠΈΡ‚Π΅Π»Π½ΠΈ ΠΊΠ»Π°ΡƒΠ·ΠΈ във всСки Π΄ΠΎΠ³ΠΎΠ²ΠΎΡ€ с доставчик ΠΏΠΎ NIS2:

πŸ”΄
24-часово ΡƒΠ²Π΅Π΄ΠΎΠΌΠ»Π΅Π½ΠΈΠ΅ ΠΏΡ€ΠΈ ΠΈΠ½Ρ†ΠΈΠ΄Π΅Π½Ρ‚
Π”ΠΎΡΡ‚Π°Π²Ρ‡ΠΈΠΊΡŠΡ‚ трябва Π΄Π° Π΄ΠΎΠΊΠ»Π°Π΄Π²Π° security ΠΈΠ½Ρ†ΠΈΠ΄Π΅Π½Ρ‚ΠΈ Π² Ρ€Π°ΠΌΠΊΠΈΡ‚Π΅ Π½Π° 24 часа. ΠŸΠΎΡ€Ρ‚Π°Π»ΡŠΡ‚ ΠΏΠΎΠ΄Π΄ΡŠΡ€ΠΆΠ° Π²ΡŠΡ‚Ρ€Π΅ΡˆΠ½ΠΎ 24h reporting β€” Π½ΡƒΠΆΠ½Π° Π΅ Π΄ΠΎΠ³ΠΎΠ²ΠΎΡ€Π½Π° ΠΊΠ»Π°ΡƒΠ·Π° Π·Π° доставчици.
πŸ”΄
Right to Audit
ΠŸΡ€Π°Π²ΠΎ Π½Π° ΠΎΠ΄ΠΈΡ‚ Π½Π° cybersecurity ΠΏΡ€Π°ΠΊΡ‚ΠΈΠΊΠΈΡ‚Π΅ Π½Π° доставчика. Π’ΠΊΠ»ΡŽΡ‡Π΅Ρ‚Π΅ ΠΊΠ»Π°ΡƒΠ·Π° Π·Π° физичСски ΠΈ/ΠΈΠ»ΠΈ дистанционСн ΠΎΠ΄ΠΈΡ‚ ΠΏΠΎΠ½Π΅ вСднъТ годишно Π·Π° ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΈ доставчици.
πŸ”΄
SBOM (Software Bill of Materials)
Π—Π° софтуСрни доставчици β€” пълСн списък Π½Π° всички ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ‚ΠΈ ΠΈ зависимости. ΠšΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΎ Π·Π° vulnerability management ΠΈ CRA compliance.
πŸ”΄
Data Breach Liability
Ясно Π΄Π΅Ρ„ΠΈΠ½ΠΈΡ€Π°Π½Π° отговорност ΠΏΡ€ΠΈ ΠΏΡ€ΠΎΠ±ΠΈΠ² Π½Π° Π΄Π°Π½Π½ΠΈ β€” финансова компСнсация, timeline Π·Π° увСдомяванС, ΡΡŠΡ‚Ρ€ΡƒΠ΄Π½ΠΈΡ‡Π΅ΡΡ‚Π²ΠΎ ΠΏΡ€ΠΈ разслСдванС.
πŸ”΄
Termination for Security Failure
ΠŸΡ€Π°Π²ΠΎ Π½Π° Π½Π΅Π·Π°Π±Π°Π²Π½ΠΎ прСкратяванС ΠΏΡ€ΠΈ Π½Π°Ρ€ΡƒΡˆΠ°Π²Π°Π½Π΅ Π½Π° security изискванията Π±Π΅Π· нСустойки.
πŸ”΄
Sub-processor Vetting
ИзискванС Π΄ΠΎΡΡ‚Π°Π²Ρ‡ΠΈΠΊΡŠΡ‚ Π΄Π° увСдомява ΠΈ ΠΏΠΎΠ»ΡƒΡ‡Π°Π²Π° ΠΎΠ΄ΠΎΠ±Ρ€Π΅Π½ΠΈΠ΅ ΠΏΡ€Π΅Π΄ΠΈ Π°Π½Π³Π°ΠΆΠΈΡ€Π°Π½Π΅ Π½Π° ΠΏΠΎΠ΄-доставчици.
πŸ”΄
Compliance Certification
ИзискванС Π·Π° ISO 27001, IEC 62443 ΠΈΠ»ΠΈ Π΅ΠΊΠ²ΠΈΠ²Π°Π»Π΅Π½Ρ‚Π΅Π½ сСртификат. Π”ΠΎΠΊΡƒΠΌΠ΅Π½Ρ‚ΠΈΡ€Π°ΠΉΡ‚Π΅ ΠΈ слСдСтС валидността.
πŸ”΄
Vulnerability Disclosure Policy (VDP)
Π”ΠΎΡΡ‚Π°Π²Ρ‡ΠΈΠΊΡŠΡ‚ трябва Π΄Π° ΠΈΠΌΠ° ΠΏΡƒΠ±Π»ΠΈΡ‡Π½Π° VDP. ΠŸΡ€ΠΎΠ²Π΅Ρ€Π΅Ρ‚Π΅ Π΄Π°Π»ΠΈ Π΅ Π΄ΠΎΡΡ‚ΡŠΠΏΠ½Π° ΠΈ Π΄Π°Π»ΠΈ ΠΏΠΎΠΊΡ€ΠΈΠ²Π° Π²Π°ΡˆΠΈΡ‚Π΅ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΈ.

ΠŸΡ€Π΅Π΄ΠΈ подписванС Π½Π° Π΄ΠΎΠ³ΠΎΠ²ΠΎΡ€, ΠΈΠ·Π²ΡŠΡ€ΡˆΠ΅Ρ‚Π΅ слСднитС ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠΈ:

πŸ”΄
Cyber Risk Questionnaire
Π‘Ρ‚Π°Π½Π΄Π°Ρ€Ρ‚ΠΈΠ·ΠΈΡ€Π°Π½ Π²ΡŠΠΏΡ€ΠΎΡΠ½ΠΈΠΊ Π·Π° ΠΎΡ†Π΅Π½ΠΊΠ° Π½Π° cybersecurity зрСлостта Π½Π° доставчика.
πŸ”΄
Financial Health Check
Ѐинансова стабилност β€” Ρ„Π°Π»ΠΈΡ‚ ΠΎΠ·Π½Π°Ρ‡Π°Π²Π° ΠΏΡ€Π΅ΠΊΡŠΡΠ²Π°Π½Π΅ Π½Π° ΠΏΠΎΠ΄Π΄Ρ€ΡŠΠΆΠΊΠ° ΠΈ security updates.
πŸ”΄
Geopolitical Risk Assessment
ΠžΡ†Π΅Π½ΠΊΠ° Π½Π° Π΄ΡŠΡ€ΠΆΠ°Π²Π½ΠΈΡ риск. ΠšΠΈΡ‚Π°ΠΉ, Русия, Π‘Π΅Π²Π΅Ρ€Π½Π° ΠšΠΎΡ€Π΅Ρ = повишСн риск Π·Π° ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½Π° инфраструктура.
πŸ”΄
NDAA Compliance Check
ΠŸΡ€ΠΎΠ²Π΅Ρ€Π΅Ρ‚Π΅ Π΄Π°Π»ΠΈ Π΄ΠΎΡΡ‚Π°Π²Ρ‡ΠΈΠΊΡŠΡ‚ Π½Π΅ Π΅ Π² забранСния списък: Huawei, ZTE, Hikvision, Dahua ΠΈ Π΄Ρ€.
πŸ”΄
Reference Checks
ΠŸΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ° с Π΄Ρ€ΡƒΠ³ΠΈ ΠΊΠ»ΠΈΠ΅Π½Ρ‚ΠΈ Π·Π° security ΠΈΠ½Ρ†ΠΈΠ΄Π΅Π½Ρ‚ΠΈ ΠΈ качСство Π½Π° рСакция.
πŸ”΄
On-site Security Audit
Π—Π° ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΈ доставчици β€” физичСски ΠΎΠ΄ΠΈΡ‚ Π½Π° security ΠΏΡ€Π°ΠΊΡ‚ΠΈΠΊΠΈΡ‚Π΅.
Π§Π΅Ρ‚ΠΈΡ€ΠΈ-стСпСнна класификация Π½Π° риска
Ниво ОписаниС ΠžΠ΄ΠΈΡ‚
Critical Π”ΠΎΡΡ‚ΡŠΠΏ Π΄ΠΎ ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΈ систСми, Π»ΠΈΡ‡Π½ΠΈ Π΄Π°Π½Π½ΠΈ, финансови Ρ‚Ρ€Π°Π½Π·Π°ΠΊΡ†ΠΈΠΈ Всяка Π³ΠΎΠ΄ΠΈΠ½Π°
High Π”ΠΎΡΡ‚ΡŠΠΏ Π΄ΠΎ Π²ΡŠΡ‚Ρ€Π΅ΡˆΠ½ΠΈ ΠΌΡ€Π΅ΠΆΠΈ, чувствитСлни Π΄Π°Π½Π½ΠΈ На 2 Π³ΠΎΠ΄ΠΈΠ½ΠΈ
Medium ΠžΠ³Ρ€Π°Π½ΠΈΡ‡Π΅Π½ Π΄ΠΎΡΡ‚ΡŠΠΏ, ΠΎΠ±Ρ‰ΠΈ Π΄Π°Π½Π½ΠΈ Π‘Π°ΠΌΠΎΠΎΡ†Π΅Π½ΠΊΠ° + докумСнтация
Low ΠŸΡƒΠ±Π»ΠΈΡ‡Π½Π° информация, няма систСмСн Π΄ΠΎΡΡ‚ΡŠΠΏ Π‘Π°Π·ΠΎΠ² Π²ΡŠΠΏΡ€ΠΎΡΠ½ΠΈΠΊ

Π—Π°Π΄ΡŠΠ»ΠΆΠΈΡ‚Π΅Π»Π½ΠΈ Π΄ΠΎΠΊΡƒΠΌΠ΅Π½Ρ‚ΠΈ (Article 21(2)(d) ΠΈ 21(3)):
πŸ”΄
Supplier Security Policy
ΠŸΠΎΠ»ΠΈΡ‚ΠΈΠΊΠ° Π·Π° сигурност Π½Π° доставчицитС β€” ΠΌΠΈΠ½ΠΈΠΌΠ°Π»Π½ΠΈ security изисквания Π·Π° всички доставчици.
πŸ”΄
Supply Chain Risk Assessment Report
Π”ΠΎΠΊΠ»Π°Π΄ Π·Π° ΠΎΡ†Π΅Π½ΠΊΠ° Π½Π° риска във Π²Π΅Ρ€ΠΈΠ³Π°Ρ‚Π° Π½Π° доставки. ΠŸΠΎΡ€Ρ‚Π°Π»ΡŠΡ‚ прослСдява NIS2-1.4 ΠΊΠΎΠ½Ρ‚Ρ€ΠΎΠ»Π°Ρ‚Π° Π·Π° Supply Chain Security.
πŸ”΄
Supplier Directory
ПълСн Ρ€Π΅Π³ΠΈΡΡ‚ΡŠΡ€ Π½Π° всички доставчици с Π½ΠΈΠ²ΠΎ Π½Π° риск (Critical/High/Medium/Low).
πŸ”΄
Security Clauses Template
Π‘Ρ‚Π°Π½Π΄Π°Ρ€Ρ‚Π΅Π½ шаблон със security ΠΊΠ»Π°ΡƒΠ·ΠΈ Π·Π° Π²ΠΊΠ»ΡŽΡ‡Π²Π°Π½Π΅ във всички Π½ΠΎΠ²ΠΈ Π΄ΠΎΠ³ΠΎΠ²ΠΎΡ€ΠΈ.
πŸ”΄
Confidentiality Statements
Π”Π΅ΠΊΠ»Π°Ρ€Π°Ρ†ΠΈΠΈ Π·Π° повСритСлност β€” NDA с security ΠΊΠ»Π°ΡƒΠ·ΠΈ Π·Π° всички доставчици с Π΄ΠΎΡΡ‚ΡŠΠΏ Π΄ΠΎ Π΄Π°Π½Π½ΠΈ.
ΠŸΡ€Π΅ΠΏΠΎΡ€ΡŠΡ‡ΠΈΡ‚Π΅Π»Π½ΠΈ инструмСнти:
πŸ’‘
VRM Platform
BitSight, SecurityScorecard, RiskRecon β€” Π·Π° Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·ΠΈΡ€Π°Π½Π° ΠΎΡ†Π΅Π½ΠΊΠ° Π½Π° risk posture Π½Π° доставчици.
πŸ’‘
SBOM Tools
FOSSA, Snyk, Mend β€” Π·Π° Π°Π½Π°Π»ΠΈΠ· Π½Π° софтуСрни зависимости ΠΈ vulnerabilities.
πŸ’‘
IPVM Camera Finder
Π—Π° ΠΈΠ΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΡ†ΠΈΡ€Π°Π½Π΅ Π½Π° rebranded CCTV ΠΎΠ±ΠΎΡ€ΡƒΠ΄Π²Π°Π½Π΅ ΠΎΡ‚ Π·Π°Π±Ρ€Π°Π½Π΅Π½ΠΈ ΠΏΡ€ΠΎΠΈΠ·Π²ΠΎΠ΄ΠΈΡ‚Π΅Π»ΠΈ.

Article 21(3) изисква Π΄Π° сС Ρ€Π°Π·Π³Π»Π΅Π΄Π°Ρ‚:
πŸ”΄
Specific vulnerabilities Π½Π° всСки доставчик
Π˜Π΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΡ†ΠΈΡ€Π°Π½Π΅ ΠΈ Π΄ΠΎΠΊΡƒΠΌΠ΅Π½Ρ‚ΠΈΡ€Π°Π½Π΅ Π½Π° спСцифичнитС рисковС Π·Π° всСки ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π΅Π½ доставчик.
πŸ”΄
Overall quality Π½Π° ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΈΡ‚Π΅
ΠžΡ†Π΅Π½ΠΊΠ° Π½Π° качСството ΠΈ security maturity Π½Π° доставянитС ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΈ ΠΈ услуги.
πŸ”΄
Cybersecurity practices
ΠžΡ†Π΅Π½ΠΊΠ° Π½Π° cybersecurity ΠΏΡ€Π°ΠΊΡ‚ΠΈΠΊΠΈΡ‚Π΅ Π½Π° доставчика β€” incident response, patch management, encryption.
πŸ”΄
Secure development procedures
Π—Π° софтуСрни доставчици β€” SDLC, code review, penetration testing, SAST/DAST.
ΠŸΠΎΡΡ‚ΠΎΡΠ½Π΅Π½ ΠΌΠΎΠ½ΠΈΡ‚ΠΎΡ€ΠΈΠ½Π³:
🟑
Continuous Monitoring
ΠŸΠΎΡ€Ρ‚Π°Π»ΡŠΡ‚ осигурява continuous monitoring Π½Π° Π²ΡŠΡ‚Ρ€Π΅ΡˆΠ½ΠΈ систСми (BreachScreeningAgent). Π—Π° доставчици β€” ΠΏΠ»Π°Π½ΠΈΡ€Π°Π½ΠΎ.
🟑
Threat Intelligence Feeds
ΠŸΠΎΡ€Ρ‚Π°Π»ΡŠΡ‚ ΠΏΠΎΠ΄Π΄ΡŠΡ€ΠΆΠ° threat intelligence sharing. Π‘Π»Π΅Π΄Π΅Ρ‚Π΅ Π·Π° Π½ΠΎΠ²ΠΈ Π·Π°ΠΏΠ»Π°Ρ…ΠΈ ΡΠ²ΡŠΡ€Π·Π°Π½ΠΈ с доставчици.
πŸ”΄
Quarterly Reviews
ВримСсСчни ΠΏΡ€Π΅Π³Π»Π΅Π΄ΠΈ Π½Π° рисковСтС ΠΏΡ€ΠΈ ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΈ доставчици. Π‘ΡŠΠ·Π΄Π°ΠΉΡ‚Π΅ calendar reminders.
🟑
Incident Tracking
ΠŸΠΎΡ€Ρ‚Π°Π»ΡŠΡ‚ прослСдява ΠΈΠ½Ρ†ΠΈΠ΄Π΅Π½Ρ‚ΠΈ β€” ΠΌΠ°Ρ€ΠΊΠΈΡ€Π°ΠΉΡ‚Π΅ supplier-related ΠΈΠ½Ρ†ΠΈΠ΄Π΅Π½Ρ‚ΠΈ Π² катСгорията.

⚑ ΠŸΡ€ΠΈ ΠΈΠ½Ρ†ΠΈΠ΄Π΅Π½Ρ‚ ΠΏΡ€ΠΈ доставчик β€” EU Reporting Timeline:
Π‘Ρ€ΠΎΠΊ ДСйствиС Бтатус Π² ΠΏΠΎΡ€Ρ‚Π°Π»Π°
2 часа ΠŸΡŠΡ€Π²ΠΎΠ½Π°Ρ‡Π°Π»Π½ΠΎ ΡƒΠ²Π΅Π΄ΠΎΠΌΠ»Π΅Π½ΠΈΠ΅ Π΄ΠΎ Π‘Π•Π Π˜ΠšΠ‘ (GovCERT.bg) πŸ”΄ Planned
24 часа Π”ΠΎΡΡ‚Π°Π²Ρ‡ΠΈΠΊΡŠΡ‚ трябва Π΄Π° Π’Π˜ ΡƒΠ²Π΅Π΄ΠΎΠΌΠΈ ВАБ 🟑 Via incidents
5 Ρ€Π°Π±. Π΄Π½ΠΈ ΠŸΠΎΠ΄Ρ€ΠΎΠ±Π΅Π½ Π΄ΠΎΠΊΠ»Π°Π΄ с impact assessment πŸ”΄ Planned
1 мСсСц ΠžΠΊΠΎΠ½Ρ‡Π°Ρ‚Π΅Π»Π΅Π½ Π΄ΠΎΠΊΠ»Π°Π΄ с root cause analysis πŸ”΄ Planned
ДокумСнтация Π·Π° Π·Π°ΠΏΠ°Π·Π²Π°Π½Π΅:
βœ…
Incident Logs
ΠŸΠΎΡ€Ρ‚Π°Π»ΡŠΡ‚ записва пълни audit logs с всички дСйствия.
🟑
Evidence Preservation
Audit Π»ΠΎΠ³ΠΎΠ²Π΅Ρ‚Π΅ сС Π·Π°ΠΏΠ°Π·Π²Π°Ρ‚. Π—Π° Π΄ΠΎΠΏΡŠΠ»Π½ΠΈΡ‚Π΅Π»Π½ΠΈ доказатСлства β€” ΠΈΠ·ΠΏΠΎΠ»Π·Π²Π°ΠΉΡ‚Π΅ impact_assessment ΠΏΠΎΠ»Π΅Ρ‚ΠΎ Π² ΠΈΠ½Ρ†ΠΈΠ΄Π΅Π½Ρ‚ΠΈΡ‚Π΅.
βœ…
Remediation Records
ПълСн workflow Π·Π° mitigation actions ΠΈ status tracking Π² ΠΌΠΎΠ΄ΡƒΠ»Π° Π·Π° ΠΈΠ½Ρ†ΠΈΠ΄Π΅Π½Ρ‚ΠΈ.

πŸ”΄ Π’Π°Π·ΠΈ сСдмица:
☐
Π˜Π½Π²Π΅Π½Ρ‚Π°Ρ€ΠΈΠ·ΠΈΡ€Π°ΠΉΡ‚Π΅ всички Tier 1 доставчици
Π‘ΡŠΠ·Π΄Π°ΠΉΡ‚Π΅ списък Π½Π° всички доставчици с Π΄ΠΎΡΡ‚ΡŠΠΏ Π΄ΠΎ Π²Π°ΡˆΠΈΡ‚Π΅ систСми ΠΈ Π΄Π°Π½Π½ΠΈ.
☐
Π˜Π΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΡ†ΠΈΡ€Π°ΠΉΡ‚Π΅ ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΈΡ‚Π΅ доставчици
ΠœΠ°Ρ€ΠΊΠΈΡ€Π°ΠΉΡ‚Π΅ доставчицитС с Π΄ΠΎΡΡ‚ΡŠΠΏ Π΄ΠΎ ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΈ систСми, Π»ΠΈΡ‡Π½ΠΈ Π΄Π°Π½Π½ΠΈ ΠΈΠ»ΠΈ финансови Ρ‚Ρ€Π°Π½Π·Π°ΠΊΡ†ΠΈΠΈ.
☐
ΠŸΡ€ΠΎΠ²Π΅Ρ€Π΅Ρ‚Π΅ 24-часовата ΠΊΠ»Π°ΡƒΠ·Π°
ΠŸΡ€ΠΎΠ²Π΅Ρ€Π΅Ρ‚Π΅ Π΄Π°Π»ΠΈ Ρ‚Π΅ΠΊΡƒΡ‰ΠΈΡ‚Π΅ Π΄ΠΎΠ³ΠΎΠ²ΠΎΡ€ΠΈ ΠΈΠΌΠ°Ρ‚ 24-часова ΠΊΠ»Π°ΡƒΠ·Π° Π·Π° ΡƒΠ²Π΅Π΄ΠΎΠΌΠ»Π΅Π½ΠΈΠ΅ ΠΏΡ€ΠΈ ΠΈΠ½Ρ†ΠΈΠ΄Π΅Π½Ρ‚.
🟑 Π’ΠΎΠ·ΠΈ мСсСц:
☐
Π˜Π·ΠΏΡ€Π°Ρ‚Π΅Ρ‚Π΅ Cyber Risk Questionnaire
На всички ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΈ доставчици β€” стандартизиран Π²ΡŠΠΏΡ€ΠΎΡΠ½ΠΈΠΊ Π·Π° ΠΎΡ†Π΅Π½ΠΊΠ° Π½Π° cybersecurity.
☐
ΠŸΡ€ΠΎΠ²Π΅Ρ€Π΅Ρ‚Π΅ NDAA compliance
Π—Π° IT/OT ΠΎΠ±ΠΎΡ€ΡƒΠ΄Π²Π°Π½Π΅ β€” ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ° срСщу Π·Π°Π±Ρ€Π°Π½Π΅Π½ΠΈΡ‚Π΅ ΡΠΏΠΈΡΡŠΡ†ΠΈ (Huawei, ZTE, Hikvision, Dahua).
☐
NIS2 ΠΊΠ»Π°ΡƒΠ·ΠΈ Π² ΡΡŠΡ‰Π΅ΡΡ‚Π²ΡƒΠ²Π°Ρ‰ΠΈ Π΄ΠΎΠ³ΠΎΠ²ΠΎΡ€ΠΈ
Π—Π°ΠΏΠΎΡ‡Π½Π΅Ρ‚Π΅ ΠΏΡ€Π΅Π³ΠΎΠ²ΠΎΡ€ΠΈ Π·Π° добавянС Π½Π° NIS2 security ΠΊΠ»Π°ΡƒΠ·ΠΈ Π² Ρ‚Π΅ΠΊΡƒΡ‰ΠΈΡ‚Π΅ Π΄ΠΎΠ³ΠΎΠ²ΠΎΡ€ΠΈ.
πŸ”΅ Π‘Π»Π΅Π΄Π²Π°Ρ‰ΠΈΡ‚Π΅ 3 мСсСца:
☐
Π’Π½Π΅Π΄Ρ€Π΅Ρ‚Π΅ Supplier Risk Scoring Matrix
4-стСпСнна класификация Π½Π° риска Π·Π° всички доставчици.
☐
On-site ΠΎΠ΄ΠΈΡ‚ Π½Π° Ρ‚ΠΎΠΏ 3 доставчици
ЀизичСски ΠΎΠ΄ΠΈΡ‚ Π½Π° сигурността Π½Π° 3-Ρ‚Π΅ Π½Π°ΠΉ-ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΈ доставчици.
☐
Π‘ΡŠΠ·Π΄Π°ΠΉΡ‚Π΅ Supplier Security Policy
Π€ΠΎΡ€ΠΌΠ°Π»Π½Π° ΠΏΠΎΠ»ΠΈΡ‚ΠΈΠΊΠ° Π·Π° сигурност Π½Π° доставчицитС, ΠΎΠ΄ΠΎΠ±Ρ€Π΅Π½Π° ΠΎΡ‚ management.
🚨 Red Flags β€” НСзабавно ΠΏΡ€Π΅ΠΊΡ€Π°Ρ‚Π΅Ρ‚Π΅ ΠΈΠ»ΠΈ ΠΈΠ·Π±Π΅Π³Π½Π΅Ρ‚Π΅ доставчици, ΠΊΠΎΠΈΡ‚ΠΎ:
  • ΠžΡ‚ΠΊΠ°Π·Π²Π°Ρ‚ Π΄Π° прСдоставят VDP (Vulnerability Disclosure Policy)
  • Нямат ISO 27001 ΠΈΠ»ΠΈ Π΅ΠΊΠ²ΠΈΠ²Π°Π»Π΅Π½Ρ‚Π΅Π½ сСртификат
  • Π‘Π° Π±Π°Π·ΠΈΡ€Π°Π½ΠΈ Π² high-risk ΡŽΡ€ΠΈΡΠ΄ΠΈΠΊΡ†ΠΈΠΈ Π±Π΅Π· Π°Π΄Π΅ΠΊΠ²Π°Ρ‚Π½ΠΈ ΠΊΠΎΠ½Ρ‚Ρ€ΠΎΠ»ΠΈ
  • Π˜ΠΌΠ°Ρ‚ история Π½Π° скрити ΠΈΠ½Ρ†ΠΈΠ΄Π΅Π½Ρ‚ΠΈ
  • ΠžΡ‚ΠΊΠ°Π·Π²Π°Ρ‚ on-site ΠΎΠ΄ΠΈΡ‚
  • Нямат 24/7 incident response capability
πŸ’° Budget: 3-5% ΠΎΡ‚ procurement Π·Π° security vetting β€’ €10-50K/Π³ΠΎΠ΄ Π·Π° VRM ΠΏΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ° β€’ €5-15K/ΠΎΠ΄ΠΈΡ‚ Π·Π° ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΈ доставчици β€’ €25-100K Π·Π° ΡŽΡ€ΠΈΠ΄ΠΈΡ‡Π΅ΡΠΊΠΈ ΠΏΡ€Π΅Π³Π»Π΅Π΄ Π½Π° Π΄ΠΎΠ³ΠΎΠ²ΠΎΡ€ΠΈ
ЧСсто Π·Π°Π΄Π°Π²Π°Π½ΠΈ Π²ΡŠΠΏΡ€ΠΎΡΠΈ (Q&A)

Π”ΠΎ €10M ΠΈΠ»ΠΈ 2% ΠΎΡ‚ глобалния годишСн ΠΎΠ±ΠΎΡ€ΠΎΡ‚ Π·Π° essential entities. Π”ΠΎ €7M ΠΈΠ»ΠΈ 1.4% Π·Π° important entities.

Software Bill of Materials β€” пълСн списък Π½Π° всички софтуСрни ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ‚ΠΈ. Π—Π°Π΄ΡŠΠ»ΠΆΠΈΡ‚Π΅Π»Π½ΠΎ Π·Π° CRA (Cyber Resilience Act). Позволява Π±ΡŠΡ€Π·ΠΎ ΠΈΠ΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΡ†ΠΈΡ€Π°Π½Π΅ Π½Π° засСгнати ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚ΠΈ ΠΏΡ€ΠΈ Π½ΠΎΠ²Π° уязвимост (Π½Π°ΠΏΡ€. Log4j).

Next-Generation Security Operations Centre β€” Ρ€Π°ΠΌΠΊΠ° Π·Π° cross-border ΡΡŠΡ‚Ρ€ΡƒΠ΄Π½ΠΈΡ‡Π΅ΡΡ‚Π²ΠΎ ΠΌΠ΅ΠΆΠ΄Ρƒ SOC Π΅ΠΊΠΈΠΏΠΈ Π² Π•Π‘. ΠŸΠΎΡ€Ρ‚Π°Π»ΡŠΡ‚ ΠΏΠΎΠ΄Π΄ΡŠΡ€ΠΆΠ° threat intelligence sharing с ΠΏΠ°Ρ€Ρ‚Π½ΡŒΠΎΡ€ΡΠΊΠΈ SOC Ρ†Π΅Π½Ρ‚Ρ€ΠΎΠ²Π΅ (BG, RO, GR).

Доставчик Π΅ Critical Π°ΠΊΠΎ ΠΈΠΌΠ° Π΄ΠΎΡΡ‚ΡŠΠΏ Π΄ΠΎ: ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΈ систСми, Π»ΠΈΡ‡Π½ΠΈ Π΄Π°Π½Π½ΠΈ Π½Π° ΠΏΠΎΡ‚Ρ€Π΅Π±ΠΈΡ‚Π΅Π»ΠΈ, финансови Ρ‚Ρ€Π°Π½Π·Π°ΠΊΡ†ΠΈΠΈ, ΠΈΠ»ΠΈ Π°ΠΊΠΎ ΠΏΡ€Π΅ΠΊΡŠΡΠ²Π°Π½Π΅Ρ‚ΠΎ Π½Π° услугата ΠΌΡƒ Π±ΠΈ ΠΏΡ€ΠΈΡ‡ΠΈΠ½ΠΈΠ»ΠΎ significant operational impact. Изисква годишСн ΠΎΠ΄ΠΈΡ‚.

INCIDENTRON Π΅ EU ΠΏΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ° Π·Π° Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·ΠΈΡ€Π°Π½ΠΎ Π΄ΠΎΠΊΠ»Π°Π΄Π²Π°Π½Π΅ Π½Π° ΠΈΠ½Ρ†ΠΈΠ΄Π΅Π½Ρ‚ΠΈ. ΠŸΠΎΡ€Ρ‚Π°Π»ΡŠΡ‚ Π΅ ΠΈΠ½Ρ‚Π΅Π³Ρ€ΠΈΡ€Π°Π½ с INCIDENTRON API Π·Π° automated NIS2 reporting.

NIS2 CISO Assistant

AI-powered advisor with real-time portal awareness. Powered by Gemini Flash (latest).

Checking...
Welcome! I am your NIS2 CISO Assistant. I have real-time access to your portal data: incidents, compliance controls, breach screenings, threat intelligence, and more.

Ask me anything about NIS2 compliance, current risks, or what actions to prioritize.