DRAFT RISK MANAGEMENT GUIDE
The National Cyber Security Centre is developing a National Risk Management Guide on information security and cyber security matters. This project is available for contributions, comments and suggestions for improvement that will be duly appreciated for the definition of the final version.
Through this framework, which contemplates a systematic and coherent approach to the process of analysis, evaluation and periodic treatment of risks and assessment of the way they are related in the context of the provision of a good or service, it is intended that organisations characterise the current situation, define objectives and list a set of actions and security measures that foster a positive evolution of their situation in the cyber security context.
Through the guidelines already established in the National Reference Framework for Cyber Security and the Legal Framework for Cyberspace Security (RJSC), this Guide is a decisive aspect to help organisations choose the security measures and controls to define and implement at a technical and organisational level in order to guarantee a level of security adequate to the risk in question.
The main target audience are the entities covered by RJSC and Decree-Law 65/2021, of 30 July, which include Public Administration entities, Critical Infrastructure Operators, Essential Service Operators and Digital Service Providers. However, it does not exclude its use by the entire society and all types of organisations wishing to benefit from this document.
The final version of the Guide will also be supported by an operational tool to support the risk management process.
To view the document CLICK HERE.
Submission of contributions
In this context, interested parties are requested to send their contributions, in writing and in Portuguese, by e-mail to: email@example.com, until the 14th of June 2022.