{"id":9182,"date":"2026-04-07T00:07:13","date_gmt":"2026-04-06T22:07:13","guid":{"rendered":"https:\/\/cyberawareness.sk\/?page_id=9182"},"modified":"2026-04-07T14:44:53","modified_gmt":"2026-04-07T12:44:53","slug":"expertna_cinnost","status":"publish","type":"page","link":"https:\/\/cyberawareness.sk\/en\/expertna_cinnost\/","title":{"rendered":"Expert activities of the KC KB UPJ\u0160 in the field of cybersecurity"},"content":{"rendered":"
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Expert<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

and professional activity<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Expert<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

and professional activity<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

A5. Expert activities of the KC KB UPJ\u0160 in the field of cybersecurity<\/strong><\/h2>

The aim of this activity is to provide professional and expert support to public administration bodies in the design, implementation and evaluation of security measures, as well as in the creation of conceptual and legislative documents and solutions to cyber security incidents. In this area, the KC KB UPJ\u0160 builds on its previous experience in preparing expert opinions, technical methodologies and commenting on legislation.<\/p>

\u00a0KC KB UPJ\u0160 focuses on:<\/p>

1. Expert support in resolving cyber security incidents<\/span><\/h3>

The KC KB UPJ\u0160 provides expert support in resolving cyber security incidents to accredited CSIRT units, in particular the National Cyber \u200b\u200bSecurity Center SK-CERT and the government unit CSIRT.SK, as well as directly to public administration entities. Expert activities include securing digital traces, digital forensic analysis, OSINT analysis, identification of indicators of compromise and the design of corrective security measures. Special emphasis is placed on supporting the key phases of incident resolution, especially containment and eradication. This activity is mainly provided by the academic security team CSIRT-UPJS, \u200b\u200bwhich is an accredited member of the TF-CSIRT community.<\/p>

2. Creation of expert opinions and legislative documents<\/span><\/h3>

KC KB UPJ\u0160 actively participates in the preparation of expert opinions, conceptual materials and legislative documents in the field of cyber and information security. The outputs take the form of methodologies, technical opinions and legal analyses that support the implementation of legislative requirements in public administration practice, e.g. in the field of AI systems security management or vulnerability management. KC KB UPJ\u0160 also participates in commenting procedures on the prepared legislation and provides expert proposals for improving the regulatory framework.<\/p>

3. Participation in strategic activities in the field of KIB<\/span><\/h3>

Members of KC KB UPJ\u0160 participate in the preparation of strategic documents at the national level, especially in the field of development of research, innovation and education in cybersecurity. KC KB UPJ\u0160 contributes to the creation of conceptual materials, such as national strategies and action plans, reflecting the need to connect academic research, practice and public policies.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

KC KB UPJ\u0160 has prepared these following outputs:<\/p>

Substantive comments on the draft MIRRI SR Decree on ITVS security measures<\/strong><\/h4>

The document identifies key shortcomings of the draft decree, especially in the area of \u200b\u200bcategorization of entities, the scope of security measures and the practical feasibility of requirements. It proposes a transition to a risk-oriented approach and better consideration of the real needs of public administration. It also includes recommendations for harmonization with international standards and the addition of areas such as threat intelligence or coordinated vulnerability disclosure. The aim is to increase the efficiency and applicability of regulation in practice.<\/p>

Draft tasks for the Action Plan for the National Cybersecurity Strategy 2026 - 2030<\/strong><\/h4>

The material contains a proposal for specific measures aimed mainly at developing capacities, education and research in the field of cybersecurity. It emphasizes the need for systematic linking of the academic sector, public administration and practice. It proposes the use of competence centers, the development of CSIRT capacities and the support of practical education. The aim is to strengthen the resilience of the Slovak Republic to cyber security threats through the development of human resources and a coordinated ecosystem.<\/p>

Cyber \u200b\u200band information security management of artificial intelligence systems in ITVS<\/strong><\/h4>

The expert opinion provides a methodological framework for the safe and legally compliant use of AI systems in public administration. It focuses on legal aspects (GDPR, AI Act), risk management and setting up internal processes when deploying AI systems. It uses the PDCA model for systematic security management and supplements it with practical examples and recommendations. The aim is to ensure transparent, responsible and safe use of AI systems.<\/p>

Technical opinion \u2013 deception technology<\/strong><\/h4>

The document analyses the use of deception technologies (e.g. honeypots, honeynets, honeytokens) as a tool for active defense and threat intelligence collection (threat intelligence). It describes their classification, method of deployment and processing of the obtained data. It provides recommendations for implementation in the public administration environment, including practical aspects and tools. The aim is to increase the ability to detect attacks and improve situational awareness of threats.<\/p>

Technical opinion - vulnerability management<\/strong><\/h4>

The material presents a comprehensive methodology for managing security vulnerabilities in public administration organizations. It describes the entire life cycle from identification through assessment to implementation of corrective measures and patch management. It emphasizes the need for a systematic, auditable and repeatable process in accordance with legislation and standards. The aim is to reduce security risks and increase the resilience of information systems.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t