Translations:Network and Information Security Directive (NIS2-RL)/100/en
Aus RI Wiki
- **Oversight**: They are required to supervise the implementation of cybersecurity measures, ensuring effectiveness and compliance. They must ensure regular review and updates of such measures.
- **Resource allocation**: Management bodies are responsible for providing sufficient financial and personnel resources for cybersecurity. This includes developing and regularly updating a detailed resource allocation plan.
- **Risk oversight**: Management must monitor and manage cybersecurity risks, conduct comprehensive assessments including the identification of critical systems, potential incident impacts, and ensure development and review of incident response plans.
- **Training**: Management must attend cybersecurity training and ensure employees receive training to detect, assess, and manage risks.
- **Accountability**: Management bodies are liable for any breach of cybersecurity obligations that causes damage, unless already covered by the Liability of Public Officials Act (OrgHG), BGBl 181/1967[1].
- **Strategic priority**: These obligations aim to establish cybersecurity as a strategic priority at the highest level of management.
- ↑ S. 33
