Cookies configuration
Our applications use cookies in order to provide best possible services. According to EU regulation our cookies are inactive (except those necessary for the application to work correctly) until you provide us with explicit consent. You can easily allow or reject all, or select and allow cookies by category. Naturally, you can change your decision any time.
  • Necessary
    Technical cookies used by CTU applications to store their settings, features and session identifiers. They are necessary for the application to work correctly and are always active.
  • Analytical
    Used for gathering anonymized statistical data helping us to make our applications better. These are typically cookies set by third party systems we use for this purpose.
  • Marketing
    Used to display correct content according to your personal preferences. These are typically cookies set by third party systems we use for user behavior analysis.
  • Unclassified
    Cookies application cannot recognize. Our goal for this category is to keep it clear and have all cookies we use assigned to one of the categories above.
Publication date: 
2021/07/20
In June, a ten-member team of experts from CTU, University of Pardubice, VŠB-TUO and ČZU completed a CESNET Development Fund project focused on cybersecurity of public universities under the title "Creation of methodologies and documentation in the field of cybersecurity in the environment of higher education institutions". Its aim was to help other universities to implement the measures set out in the Cybersecurity Decree, which applies to universities as public authorities.

The current legislation classifies universities as public authorities and, on the basis of the determining criteria in Decree No.317/2014 Coll. for operators and administrators of important information systems, as obligatory subjects under Act No. 181/2014 Coll. At the same time, this imposes on universities the obligation to implement an Information Security Management System (ISMS) and, in relation to the NCSIB, specifically: reporting contact details and changes to them to the obliged entity, implementing security measures (organisational measures, technical measures), maintaining security documentation, reporting cyber security incidents to the Office (NCSIB), implementing reactive and protective measures imposed by the Office.

CTU submitted a project under the CESNET Development Fund that focused on the development of methodologies, implementation of security documentation, a functioning mechanism for staff training and risk analysis management in the public university environment. "We believe that these measures will help universities to meet the two important requirements mentioned above, namely maintaining security documentation and implementing security measures. Risk analysis is also an integral part of the organizational measures as a guide to determine the requirements for security measures and training," says Ing. Jiří Richter from the Quality and Information System Department of the CTU Rectorate.

The project was based on solutions developed at all four universities. Some of the materials were redesigned within the project to be as responsive as possible to the academic environment of public universities.

Revised methodologies for asset identification and assessment, risk analysis methodology, sample documents for the introduction of mandatory roles under the Cybersecurity Act, sample guidelines for the creation of a security policy and sample courses for cybersecurity training on the Moodle platform will be made available to other universities as output materials. The resulting solutions should help other universities to speed up the process of implementing the requirements of Act No. 181/2014 Coll., i.e. the Cybersecurity Act.