Art. 9a. (New, SG No. 54/2020, effective 16.06.2020) (1) The network and information security officer shall be under the direct supervision of the executive director.
(2) In fulfillment of the tasks assigned to him by the Cybersecurity Act and the Electronic Government Act and by the by-laws on their implementation, the network and information security officer shall:
1. manage the activities related to achieving a high level of network and information security and the goals set in the policy of the Agency;
2. participate in the preparation, maintenance and development of the policies for network and information security and the documented information;
3. participate in the maintenance and development of the Information Security Management System according to the international standard ISO 27001;
4. consult the management of the Agency in connection with the information security; periodically (at least once a year) prepare reports on the state of network and information security in the Agency and submit them to the Executive Director of the Agency;
6. coordinate the trainings related to the network and information security;
7. maintain relations with other administrations, organizations and experts working in the field of information security;
8. monitor the accurate keeping of the register of the incidents and organize analysis of the incidents with the network and information security, for finding the reasons for them and undertaking measures for their elimination;
9. monitor the emergence of new cyber threats (viruses, malicious code, spam, attacks, etc.) and propose adequate measures to counter them;
10. Propose sanctions for the persons who have violated the measures for the network and information security;
11. perform other tasks, arising from the normative acts, regulating the network and information security.