Subjekts veic piemērotus un samērīgus tehniskos un organizatoriskos pasākumus, lai pārvaldītu kiberriskus subjekta izmantoto elektronisko sakaru tīklu un informācijas sistēmu drošībai un novērstu vai līdz minimumam samazinātu kiberincidentu ietekmi uz subjekta pakalpojumu saņēmējiem un uz citiem pakalpojumiem.
When the confidentiality of backups is important, backups are protected by encryption. The need to encrypt backups may become highlighted when backups are stored in a physical location where security policies are unknown.
Laptops are protected by full-disk encryption.
The media used for backups and the restoration of backups are tested regularly to ensure that they can be relied on in an emergency.
Accurate and complete instructions are maintained for restoring backups. The policy is used to monitor the operation of backups and to prepare for backup failures.
In connection with the data systems listing, we describe for which systems we are responsible for the implementation of the backup. The organization’s own backup processes are documented and an owner is assigned to each. The documentation includes e.g.:
The Encryption Key Management System (CKMS) handles, manages, stores, and monitors encryption keys. The management system can be implemented as an automated tool or as a more manual implementation.
The organization must have the means to monitor and report on all encryption materials and their status using an encryption key management system. The cryptographic key management system should be used at least to:
Our organization has defined policies for creating, storing, sharing, and deleting encryption keys.
Encryption key lengths and usage practices will be selected in accordance with best general practices by monitoring developments in the industry.
Storing confidential information on removable media should be avoided. When removable media is used to transfer confidential information, appropriate security is used (e.g., full disk encryption with pre-boot authentication).
With adequate backups, all important data and programs can be restored after a disaster or media failure. An important first step in a functional backup strategy is to identify who is responsible for backing up each piece of data. Determining the responsibility for backup is the responsibility of the owners of the information assets (systems, hardware).
If the backup is the responsibility of the partner, we will find out:
If the backup is our own responsibility, we will find out:
The data to be transmitted must be protected using cryptographic methods. The protection of the confidentiality and integrity of the data transmitted applies to the internal and external network and to all systems that can transmit data. These include:
The data to be transferred can be protected by physical or logical means.
The organization's personnel are offered a solution to protect unclassified confidential information with encryption when information is transferred outside of physically protected areas via the network. The solution has no known vulnerabilities and, according to the information received from the manufacturer, it supports modern encryption strengths and settings.
The staff's competence in the safe use of the encryption solution has been ensured (for example, instructions, training and supervision).
When choosing the encryption methods to be used, take into account e.g. the following points:
The need for the advice of external experts is always considered when determining used cryptographic practices.
.png)
.png)
