HUNGARY Law and Practice Contributed by: Adam Liber and Tamás Bereczki, PROVARIS Varga & Partners
The NBSZ is responsible for a wide range of tasks to ensure the security of electronic infor - mation systems. Key responsibilities include: • verifying compliance of individuals responsi - ble for system security and registering their qualifications; • reviewing and approving security classifica - tions for systems and ensuring compliance with relevant regulations and standards; • issuing guidelines, recommendations, and technical requirements for system security and mandating adherence to international and European standards; • addressing and rectifying identified security deficiencies and monitoring the effectiveness of corrective measures; • overseeing system security during develop - ment and approving their deployment while restricting usage if requirements are unmet; • managing cybersecurity incidents, notifying the incident response centre, and participat - ing in national and international cybersecurity exercises and events; • representing Hungary in EU and international cybersecurity bodies; • identifying critical or important organisations and recommending their designation to the relevant authorities; • organising or mandating cybersecurity drills for organisations and issuing guidance on their exercises. The SZTFH: • defines guidelines, recommendations, and requirements for the security of electronic information systems; • may issue guidance on the compatibility of protective measures specified in EU legisla - tion and regulations issued by the minister responsible for IT;
• ensures compliance with electronic informa - tion security requirements, may mandate the application of relevant European and inter - national standards and technical specifica - tions for the security of electronic information systems, without prescribing or favouring specific technologies; • verifies compliance with statutory or self- defined requirements for the classification of electronic information systems; • orders the remediation of security deficien - cies identified during inspections or brought to its attention, oversees the implementation of corrective measures, and evaluates their effectiveness; • participates in cybersecurity-related exer - cises and represents Hungary in international cybersecurity exercises upon request; • represents Hungary in domestic and interna - tional cybersecurity and information security events; • may participate in expert evaluations under Article 19 of the NIS2 Directive or initiate evaluations; • monitors the Hungarian implementation of the NIS2 Directive; • contributes to awareness-raising activities to protect Hungarian cyberspace; • may order and verify any measures necessary to mitigate threats to electronic information systems; • maintains a registry of reported registration data; • conducts extraordinary inspections or orders audits in the event of significant security inci - dents or suspected non-compliance; • may request and review, for oversight pur - poses, the following from organisations: (a) documents supporting the appropri - ateness of security classifications and measures; (b) reports on internal IT security audits; and
99
CHAMBERS.COM
Powered by FlippingBook