Publication date: 
In June, a ten-member team of experts from CTU, University of Pardubice, VŠB-TUO and ČZU completed a CESNET Development Fund project focused on cybersecurity of public universities under the title "Creation of methodologies and documentation in the field of cybersecurity in the environment of higher education institutions". Its aim was to help other universities to implement the measures set out in the Cybersecurity Decree, which applies to universities as public authorities.

The current legislation classifies universities as public authorities and, on the basis of the determining criteria in Decree No.317/2014 Coll. for operators and administrators of important information systems, as obligatory subjects under Act No. 181/2014 Coll. At the same time, this imposes on universities the obligation to implement an Information Security Management System (ISMS) and, in relation to the NCSIB, specifically: reporting contact details and changes to them to the obliged entity, implementing security measures (organisational measures, technical measures), maintaining security documentation, reporting cyber security incidents to the Office (NCSIB), implementing reactive and protective measures imposed by the Office.

CTU submitted a project under the CESNET Development Fund that focused on the development of methodologies, implementation of security documentation, a functioning mechanism for staff training and risk analysis management in the public university environment. "We believe that these measures will help universities to meet the two important requirements mentioned above, namely maintaining security documentation and implementing security measures. Risk analysis is also an integral part of the organizational measures as a guide to determine the requirements for security measures and training," says Ing. Jiří Richter from the Quality and Information System Department of the CTU Rectorate.

The project was based on solutions developed at all four universities. Some of the materials were redesigned within the project to be as responsive as possible to the academic environment of public universities.

Revised methodologies for asset identification and assessment, risk analysis methodology, sample documents for the introduction of mandatory roles under the Cybersecurity Act, sample guidelines for the creation of a security policy and sample courses for cybersecurity training on the Moodle platform will be made available to other universities as output materials. The resulting solutions should help other universities to speed up the process of implementing the requirements of Act No. 181/2014 Coll., i.e. the Cybersecurity Act.