NCSI FULFILMENT PERCENTAGE
Version 15 Apr 2024 Choose a version
STRATEGIC CYBERSECURITY INDICATORS
-
1. CYBERSECURITY POLICY 12/15 80%1215 80%
-
1.1. High-level cybersecurity leadership 333
Requirements
CriteriaThe country has appointed governmental leadership responsible for cybersecurity at the national level.
Accepted referencesLegal act, national strategy, official statutes or terms of reference, or official website
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2018/69/
Office in the field of cyber security, of the National Security Office, according to § 5 of the 69/2018 The Law of January 30, 2018 on cyber security and amendments to some laws
-
1.2. Cybersecurity policy development 333
Requirements
CriteriaThere is a competent entity in the central government to whom responsibility is assigned for national cybersecurity strategy and policy development.
Accepted referencesLegal act, official statute or terms of reference, or official website
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2018/69/
Office in the field of cyber security, of the National Security Office, according to § 5 (d) of the 69/2018 The Law of January 30, 2018 on cyber security and amendments to some laws
-
1.3. Cybersecurity policy coordination 003
Requirements
CriteriaThe country has a regular official format for cybersecurity policy coordination at the national level.
Accepted referencesLegal act, official statute or terms of reference, or official website
Evidence
-
1.4. National cybersecurity strategy 333
Requirements
CriteriaThe central government has established a national-level cybersecurity strategy defining strategic cybersecurity objectives and measures to improve cybersecurity across society.
Accepted referencesValid official document
Evidence
Evidence presented in a foreign language
National Cyber Security Strategy 2021 to 2025
-
1.5. National cybersecurity strategy action plan 333
Requirements
CriteriaThe central government has established an action plan to implement the national cybersecurity strategy.
Accepted referencesCurrent official document, legal act, or official statement
Evidence
Evidence presented in a foreign language
Implementation action plan: National Cyber Security Strategy 2021 to 2025
-
-
2. GLOBAL CYBERSECURITY CONTRIBUTION 4/6 67%46 67%
-
2.1. Cyber diplomacy engagements 333
Requirements
CriteriaThe government contributes to international or regional cooperation formats dedicated to cybersecurity and cyber stability. (The indicator is limited to strategic-level cooperation; operational-level incident response cooperation and cross-border law enforcement cooperation are addressed separately under other indicators.)
Accepted referencesOfficial website of the organisation or cooperation format, official statement or contribution
Evidence
OSCE
- OSCE – Permanent Council Decision No. 1106, Initial set of OSCE Confidence–Building Measures to reduce the risks of conflict stemming from the use of information and communication technologies
- Permanent Council Decision No. 1202 – OSCE confidence-building measures to reduce the risks of conflict stemming from the use of information and communication technologies.
Background information:
-
2.2. Commitment to international law in cyberspace 111
Requirements
CriteriaThe country has an official position on the application of international law, including human rights, in the context of cyber operations.
Accepted referencesOfficial document or statement, international indexes
Evidence
Evidence presented in a foreign language
Chapter 2.1 of the National Cyber Security Strategy 2021 to 2025:
"The Slovak Republic declares itself to respect basic human rights as defined in the Charter of Human Rights and promotes the opinion that human rights are enforceable both offline and online.This principle has been upheld and enforced by the Slovak Republic for a long time, and it supports states with the same value anchoring, while supporting the responsible behavior of states and a uniform interpretation of international law in cyberspace.
We must begin to consider cyberspace as the equivalent of the physical world, together with the application of clear rules that will respect the basic human rights and freedoms guaranteed by the constitution, including the right to privacy, so that it is not only safe, but also open, free and accessible to all who enter it they enter. The security of cyberspace must be linked to its freedom, and basic human rights and freedoms in digital space can only be guaranteed under the assumption of preserving the digital sovereignty of the countries of the European Union as a whole, which guarantees independence and sovereignty in cyberspace as well." -
2.3. Contribution to international capacity building in cybersecurity 002
Requirements
CriteriaThe country has led or supported cybersecurity capacity building for another country in the past three years.
Accepted referencesOfficial website or project document
Evidence
-
-
3. EDUCATION AND PROFESSIONAL DEVELOPMENT 10/10 100%1010 100%
-
3.1. Cyber safety competencies in primary education 222
Requirements
CriteriaPrimary education curricula in the public education system include cyber safety (online safety, computer safety) competencies.
Accepted referencesOfficial curriculum or official report
Evidence
Structural indicators for monitoring education and training systems in Europe 2022, Eurydice background report.
See Figure 1: Compulsory starting grade and curriculum approaches to teaching digital competence, 2021/2022 (p.28);
Slovakia has it for primary education (ISCED level 1, Integrated in compulsory separate subjects) and lower secondary education (ISCED level 24, compulsory separate subject).
See Figure 2: Learning outcomes related to selected digital competences defined in the DigComp framework, 2021/2022 (p.30); Slovakia has it for Information and Data Literacy (ISCED level 1 & ISCED level 24), Digital Content Creation (ISCED level 1 & ISCED level 24) and Safety (ISCED level 1 & ISCED level 24)
https://op.europa.eu/en/publication-detail/-/publication/c2fcfd3c-438e-11ed-92ed-01aa75ed71a1
In Slovakia, it is compulsory from grade 3 but schools can also offer it to students in grades 1 and 2 as an optional subject.
-
3.2. Cyber safety competencies in secondary education 222
Requirements
CriteriaSecondary education curricula in the public education system include cyber safety (online safety, computer safety) competencies.
Accepted referencesOfficial curriculum or official report
Evidence
Structural indicators for monitoring education and training systems in Europe 2022, Eurydice background report.
See Figure 1: Compulsory starting grade and curriculum approaches to teaching digital competence, 2021/2022 (p.28);
Slovakia has it for primary education (ISCED level 1, Integrated in compulsory separate subjects) and lower secondary education (ISCED level 24, compulsory separate subject).
See Figure 2: Learning outcomes related to selected digital competences defined in the DigComp framework, 2021/2022 (p.30); Slovakia has it for Information and Data Literacy (ISCED level 1 & ISCED level 24), Digital Content Creation (ISCED level 1 & ISCED level 24) and Safety (ISCED level 1 & ISCED level 24)
https://op.europa.eu/en/publication-detail/-/publication/c2fcfd3c-438e-11ed-92ed-01aa75ed71a1
European Commission, European Education and Culture Executive Agency, Informatics education at school in Europe, Publications Office of the European Union, 2022, see p. 53, Safety and security, Area 10: Safety and security, Estonia (country code “SK”) has it for all levels, i.e., primary & secondary education.
-
3.3. Undergraduate cybersecurity education 222
Requirements
CriteriaAt least one undergraduate education programme is available in the country to train students in cybersecurity.
Accepted referencesAccredited study programme
Evidence
Evidence presented in a foreign language
https://www.fei.tuke.sk/sk/studium/bakalarske-studium/studijne-programy
Bachelor's Degree in Cybersecurity at the Technical University in Košice
-
3.4. Graduate cybersecurity education 333
Requirements
CriteriaAt least one cybersecurity education programme is available in the country at the graduate level.
Accepted referencesAccredited study programme
Evidence
Evidence presented in a foreign language
https://www.fei.tuke.sk/sk/studium/inzinierske-studium/studijne-programy
Engineering Degree in Cybersecurity at the Technical University in Košice
https://www.fiit.stuba.sk/en/study-programs/master/information-security.html?page_id=1829
Information Security study program of master studies in computer science, Slovak University of Technology, Bratislava
-
3.5. Association of cybersecurity professionals 111
Requirements
CriteriaA professional association of cybersecurity specialists, managers, or auditors exists in the country.
Accepted referencesOfficial website
Evidence
https://engage.isaca.org/slovakiachapter/home
ISACA Slovensko Chapter
-
-
4. CYBERSECURITY RESEARCH AND DEVELOPMENT 0/4 0%04 0%
-
4.1. Cybersecurity research and development programmes 002
Requirements
CriteriaA cybersecurity research and development (R&D) programme or institute exists and is recognised and/or supported by the government.
Accepted referencesOfficial programme or official website
Evidence
-
4.2. Cybersecurity doctoral studies 002
Requirements
CriteriaAn officially recognised PhD programme exists accommodating research in cybersecurity.
Accepted referencesOfficial programme or official website
Evidence
-
PREVENTIVE CYBERSECURITY INDICATORS
-
5. CYBERSECURITY OF CRITICAL INFORMATION INFRASTRUCTURE 12/12 100%1212 100%
-
5.1. Identification of critical information infrastructure 333
Requirements
CriteriaThere is a framework or a mechanism to identify operators of critical information infrastructure.
Accepted referencesLegal or administrative act
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2011/45/20230301
45/2011 The Law of February 8, 2011 on critical infrastructure
-
5.2. Cybersecurity requirements for operators of critical information infrastructure 333
Requirements
CriteriaOperators of critical (information) infrastructure are required to assess and manage cyber risks and/or implement cybersecurity measures.
Accepted referencesLegal act, or mandatory cybersecurity framework or standard
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2011/45/20230301
According to § 9 & Annex 2 of the 45/2011 The Law of February 8, 2011 on critical infrastructure
-
5.3. Cybersecurity requirements for public sector organisations 333
Requirements
CriteriaPublic sector organisations are required to assess and manage cyber risks and/or implement cybersecurity measures.
Accepted referencesLegal or administrative act, mandatory cybersecurity framework or standard
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2018/69/#
According to § 10 of the 69/2018 The Law of January 30, 2018 on cyber security and amendments to some laws
-
5.4. Competent supervisory authority 333
Requirements
CriteriaA competent authority has been designated and allocated powers to supervise the implementation of cyber/information security measures.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2018/69/
Office in the field of cyber security, of the National Security Office, according to § 5 (a) & (o) of the 69/2018 The Law of January 30, 2018 on cyber security and amendments to some laws
-
-
6. CYBERSECURITY OF DIGITAL ENABLERS 10/12 83%1012 83%
-
6.1. Secure electronic identification 222
Requirements
CriteriaA national electronic identification solution exists that allows for officially recognised and secure electronic identification of natural and/or legal persons.
Accepted referencesLegal act, nationally recognised identification scheme, or official website
Evidence
Evidence presented in a foreign language
https://www.opis.gov.sk/nove-obcianske-preukazy-%E2%80%93-eid/?csrt=17826281869551092589
-
6.2. Electronic signature 222
Requirements
CriteriaA nationally recognised and publicly available solution exists to issue secure and legally binding electronic signatures.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2016/272/20190801.html
272/2016 The Law of September 20, 2016 on trusted services for electronic transactions in the internal market and on the amendment of certain laws (Act on trusted services)
-
6.3. Trust services 222
Requirements
CriteriaTrust services (e.g. digital certificates, timestamps, private key management service) are regulated, at least for use in the public sector.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2016/272/20190801.html
272/2016 The Law of September 20, 2016 on trusted services for electronic transactions in the internal market and on the amendment of certain laws (Act on trusted services)
-
6.4. Supervisory authority for trust services 222
Requirements
CriteriaAn independent authority has been designated and given the power to supervise trust services and trust service providers.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2016/272/20190801.html
The National Security Office as per § 1 and § 11
-
6.5. Cybersecurity requirements for cloud services 222
Requirements
CriteriaRequirements are established for the secure use of cloud services in government and/or public sector organisations.
Accepted referencesLegal or administrative act, cybersecurity framework or standard
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2019/95/20230801
95/2019 The Law from March 27, 2019 on information technologies in public administration and on the amendment of some laws
-
6.6. Supply chain cybersecurity 002
Requirements
CriteriaRequirements are established to identify and manage cybersecurity risks through the ICT supply chain.
Accepted referencesLegal act or official website
Evidence
-
-
7. CYBER THREAT ANALYSIS AND AWARENESS RAISING 9/12 75%912 75%
-
7.1. Cyber threat analysis 333
Requirements
CriteriaA government entity has been assigned the responsibility for national-level cybersecurity and/or cyber threat assessments.
Accepted referencesLegal act, statute, or official website
Evidence
Evidence presented in a foreign language
https://www.sk-cert.sk/sk/o-nas/index.html
The tasks of the National Cyber Security Center SK-CERT mainly include:
- Monitoring, detection and evaluation of cyber incidents and threats at the national level,
- Strategic analysis of incidents, vulnerabilities and threats at the national level,
-
7.2. Public cyber threat reports 333
Requirements
CriteriaPublic cyber threat reports and notifications are issued at least once a year.
Accepted referencesOfficial website, official social media channel, or public report
Evidence
Evidence presented in a foreign language
https://www.nbu.gov.sk/2023/05/31/vyrocne-spravy-nbu/index.html
In May, the Director of the National Security Office, presented the Report on Cyber Security in the Slovak Republic in 2022 to the members of the National Council of the Slovak Republic.
-
7.3. Public cybersecurity awareness resources 333
Requirements
CriteriaPublic authorities provide publicly available cybersecurity advisories, tools, and resources for users, organisations, and ICT and cybersecurity professionals.
Accepted referencesOfficial website, public advisories
Evidence
Evidence presented in a foreign language
https://www.sk-cert.sk/sk/rady-a-navody/rady-pre-verejnost/index.html
Advice for the public
Primary information source with information on the risks and threats associated with the use of the Internet and digital technologies, tips on how to protect yourself and advice for victims of cybercrime.
-
7.4. Cybersecurity awareness raising coordination 003
Requirements
CriteriaThere is an entity with the clearly assigned responsibility to lead and/or coordinate national cybersecurity awareness activities.
Accepted referencesLegal act, official document, or official website
Evidence
-
-
8. PROTECTION OF PERSONAL DATA 4/4 100%44 100%
-
8.1. Personal data protection legislation 222
Requirements
CriteriaThere is a legal act for personal data protection that is applicable to the protection of data online or in digital form.
Accepted referencesLegal act
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2018/18/
18/2018 Law of November 29, 2017 on the protection of personal data and on the amendment of certain laws
-
8.2. Personal data protection authority 222
Requirements
CriteriaAn independent public supervisory authority has been designated and allocated powers to supervise personal data protection.
Accepted referencesLegal act or official website
Evidence
https://dataprotection.gov.sk/en/office/about-us/?csrt=13534921564030631598
Personal Data Protection Office of the Slovak Republic
-
RESPONSIVE CYBERSECURITY INDICATORS
-
9. CYBER INCIDENT RESPONSE 14/14 100%1414 100%
-
9.1. National incident response capacity 333
Requirements
CriteriaThere is a CERT designated with nationwide responsibilities for cyber incident detection and response.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://www.sk-cert.sk/sk/o-nas/index.html
National Cyber Security Center SK-CERT
-
9.2. Incident reporting obligations 333
Requirements
CriteriaOperators of critical information infrastructure and/or government institutions are obliged to notify the designated competent authorities about cyber incidents.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2018/69/20220630
according to § 19, § 22, § 24, & § 25 of the 69/2018 The Law of January 30, 2018 on cyber security and amendments to some laws
-
9.3. Cyber incident reporting tool 222
Requirements
CriteriaA publicly available official resource is provided for notifying competent authorities about cyber incidents.
Accepted referencesOfficial website
Evidence
Evidence presented in a foreign language
https://www.sk-cert.sk/sk/rady-a-navody/nahlasit-incident/index.html
-
9.4. Single point of contact for international cooperation 333
Requirements
CriteriaThe government has designated a single point of contact for international cybersecurity cooperation.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/pravne-predpisy/SK/ZZ/2018/69/
Office in the field of cyber security, of the National Security Office, according to § 5 (1) e) of the 69/2018 The Law of January 30, 2018 on cyber security and amendments to some laws
-
9.5. Participation in international incident response cooperation 333
Requirements
CriteriaThe national cyber incident response team (CSIRT/CERT/CIRT) participates in international or regional cyber incident response formats.
Accepted referencesOfficial website or official document
Evidence
-
-
10. CYBER CRISIS MANAGEMENT 2/9 22%29 22%
-
10.1. Cyber crisis management plan 002
Requirements
CriteriaThe government has established a crisis management plan for large-scale cyber incidents.
Accepted referencesLegal act or official website
Evidence
-
10.2. National cyber crisis management exercises 003
Requirements
CriteriaRegular interagency cyber crisis management exercises or crisis management exercises with a cyber component are arranged at the national level at least every other year.
Accepted referencesExercise document, official website, or press release
Evidence
-
10.3. Participation in international cyber crisis exercises 222
Requirements
CriteriaThe country participates in an international cyber crisis management exercise at least every other year.
Accepted referencesExercise document/website or press release
-
10.4. Operational crisis reserve 002
Requirements
CriteriaA mechanism for engaging reserve support has been established to reinforce government bodies in managing cyber crises.
Accepted referencesLegal act or official website
Evidence
-
-
11. FIGHT AGAINST CYBERCRIME 16/16 100%1616 100%
-
11.1. Cybercrime offences in national law 333
Requirements
CriteriaCybercrime offences are defined in national legislation.
Accepted referencesLegal act
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/static/pdf/2005/300/ZZ_2005_300_20240315.pdf
Criminal Code includes the following crimes: Illegal access to computer systems (Section 247), Illegal interception of computer data (Section 247c), Illegal interference to computer data (Section 247 b), Illegal interference to computer systems (Section 247a), Production and possession of access device, password to a computer system or other data (Section 247 d), Damaging and abusing information stored on data carrier (Section 247), Unjust enrichment (Section 226), Production of child pornography (Section 368), Dissemination of child pornography (Section 369), Possession of child pornography and participation in child pornography performance (Section 370), Further, sections 201a and 201b provide for the merits of the criminal offence “Sexual abuse” implementing the Council of Europe Convention on the Protection of Children against Sexual Exploitation and Sexual Abuse (the Lanzarote Convention), Infringement of copyright (Section 283).
-
11.2. Procedural law provisions 333
Requirements
CriteriaLegislation defines the powers and procedures for cybercrime investigations and proceedings and for the collection of electronic evidence.
Accepted referencesLegal act
Evidence
Evidence presented in a foreign language
https://www.slov-lex.sk/static/pdf/2005/301/ZZ_2005_301_20240315.pdf
Criminal Procedure Code § 91, § 93 & § 97 referencing computer data.
-
11.3. Ratification of or accession to the Convention on Cybercrime 222
Requirements
CriteriaThe country has ratified or acceded to the Council of Europe (CoE) Convention on Cybercrime.
Accepted referencesLegal act on Convention ratification or accession, website of the CoE Treaty Office
Evidence
https://www.coe.int/en/web/conventions/full-list?module=signatures-by-treaty&treatynum=185
Entry into force: 01/05/2008
-
11.4. Cybercrime investigation capacity 333
Requirements
CriteriaLaw enforcement has a specialised function and capacity to prevent and investigate cybercrime offences.
Accepted referencesLegal act or official website
Evidence
Evidence presented in a foreign language
https://www.minv.sk/?pocitacova-kriminalita
Cybercrime Unit (Computer Crime Department) of the Criminal Police Bureau
-
11.5. Digital forensics capacity 222
Requirements
CriteriaLaw enforcement has a specialised function and capacity for digital forensics.
Accepted referencesLegal act, statute, official document, or official website
Evidence
Evidence presented in a foreign language
https://www.minv.sk/?struktura-3
The Criminalistics and Expertise Institute of the Police Force (KEÚPZ)
-
11.6. 24/7 contact point for international cybercrime 333
Requirements
CriteriaThe government has designated an international 24/7 point of contact for assistance on cybercrime and electronic evidence.
Accepted referencesOfficial website, legal act or statute
Evidence
https://rm.coe.int/cyber-list-of-competent-authorities-july-2023/1680ac0d0f
Presidium of the Police Force, Criminal Police Bureau, Cybercrime Unit
-
-
12. MILITARY CYBER DEFENCE 4/6 67%46 67%
-
12.1. Military cyber defence capacity 222
Requirements
CriteriaArmed forces have designated units responsible for the cybersecurity of military operations and/or for cyber operations.
Accepted referencesLegal act, statute, other official document or official website
Evidence
Evidence presented in a foreign language
https://vs.mosr.sk/eng/o-nas/#poslanie
Military Intelligence
-
12.2. Military cyber doctrine 002
Requirements
CriteriaThe tasks, principles, and oversight of armed forces for military cyber operations are established by official doctrine or legislation.
Accepted referencesLegal act, official doctrine, or official website
Evidence
-
12.3. Military cyber defence exercises 222
Requirements
CriteriaArmed forces have conducted or participated in a cyber defence exercise or an exercise with a cyber defence component in the past three years.
Accepted referencesOfficial website or official document
Evidence
Evidence presented in a foreign language
Locked Shields 2022
-
Information Disclaimer
The information provided on the NCSI website is based on publicly available evidence materials. The appearance in the index and subsequent ranking is commensurate to the existence and public availability of such information. The NCSI links to third party websites and information. The NCSI and eGA are not responsible for the accuracy or completeness of third party website information.
What can I do to improve my country's data in NCSI?
Become a data contributor Update a specific indicator with evidence data
CONTRIBUTORS
Intern at e-Governance Academy