Swiss, reminding that companies and organizations have the responsibility to protect themself, issues minimun rules for their cyber security
The Swiss Government, worried about the global wave of cyber attacks, has published rules for the cyber security of the organizations. “Rapidly advancing digitalisation of all areas of life opens up enormous economic and social potential for Switzerland.” a press release of the Helvetic Confederation reported, “At the same time, however, digitalisation gives rise to new risks which must be tackled quickly and decisively. Each individual business and organisation has a fundamental responsibility to protect itself. However, wherever the functioning of critical infrastructures is affected, the state also has a responsibility, based on its remit as laid down in the Federal Constitution, and on the National Economic Supply Act. This Minimum ICT Standard is an expression of the responsibility of the state to protect its citizens, its economy, and its institutions and public administration”.
Three documents set a series of concrete measures to implement in organization ICT to counter the cyber threats
In the rules on the cyber security of the organizations, the Swiss Government “recommended that operators of critical infrastructures implement this Minimum ICT Standard. This document nonetheless provides any interested business or organisation with a decision-making guide and specific instructions for improving its own ICT resilience”. To reach the goal, the Helvetic Confederation published a set of 3 main documents. The first is the basic principles or reference guide, providing general information about computer security. The second is a framework that offers users a series of concrete measures to implement, broken down into five themes: “identify”, “protect”, “detect”, “react” and “recover” (106 measures in all). The last one is a tool for self-assessment (in Excel) and assessment, with which companies can control the degree of application of measures or have them controlled by external (audit). The results can then be used as a basis for a comparative analysis.