CDESK and the cybersecurity act with NIS2

From 1 January 2025, the number of companies and institutions in Slovakia required to meet the conditions of the Cybersecurity Act (ZoKB), including the European NIS2 directive, has expanded.

One of the tools for meeting the requirements is also a service desk, which represents a key tool for the efficient management of departments, change management, asset registration, resolving security incidents and other activities.

Cybersecurity is today one of the foremost aspects of corporate policy, both from the perspective of organisational as well as technical and legislative requirements. That is why we recommend the following article be read also by organisations and companies to which the cybersecurity act does not apply.

Meet the NIS2 requirements
Get to know the NIS2 requirements

Why is the cybersecurity act with NIS2 important?

  • NIS2 increases the resilience of your organisation too against cyber threats
  • NIS2 commits management to accountability
  • NIS2 improves cooperation within the EU
  • NIS2 introduces stricter security requirements with higher penalties

Cybersecurity is today one of the foremost aspects of corporate policy, both from the perspective of organisational as well as technical and legislative requirements. That is why we recommend the following page be read also by organisations and companies to which the cybersecurity act does not apply.

Find out more about the legislation
Whom the amendment concerns

Sectors to which NIS2 applies

Sectors to which the new SI2 EU directive applies.

Energy

Essential entity

Healthcare

Essential entity

Transport

Essential entity

Banking and financial services

Essential entity

Drinking and waste water

Essential entity

Digital infrastructure

Essential entity

Public administration

Essential entity

Digital providers

Essential entity

Postal services

Essential entity

Waste management

Essential entity

Space

Essential entity

Food

Essential entity

Manufacturing

Essential entity

Chemicals

Essential entity

Research

Essential entity

How does CDESK help meet the NIS2 requirements?

CDESK is a comprehensive, stable and proven tool with more than 15 years of history, which meets the strict requirements of the cybersecurity act and the NIS2 directive. It combines a wide range of features with a user-friendly environment to simplify and streamline work in demanding enterprise environments, as well as in cases where simplicity and clarity are needed. CDESK is valued by managers as well as cybersecurity architects responsible for organisational, technical and security measures to safeguard assets and data.

Registration and escalation of Incidents

The ZoKB directly imposes on subjects the obligation to register security incidents. CDESK offers you not only the registration of the incidents themselves in line with NIS2, but also makes available further functionalities through which you will effectively prevent incidents. When integrating the latest trends in the field of cybersecurity, we also implement the current requirements and recommendations of state institutions. Once the interface for directly writing incidents into the NBÚ/NÚKIB systems is released, we will apply this feature into CDESK solutions as well.

Registration of activities, planning, notification, analyses

The activity of your staff or suppliers that may affect the integrity and confidentiality of data must be documented. CDESK documents anything your staff or suppliers do that may affect the integrity and trustworthiness of data. Not only the incidents themselves, but also changes in the system and ordinary requests over the monitored assets. CDESK ensures that the resolution of arising problems, or of planned activities, takes place within the expected deadlines according to SLA. In CDESK you can, with the help of AI too, register, analyse and prevent recurring security problems and their escalation. CDESK will help you with the correct handling of staff onboarding and offboarding, with planning training, adhering to regular updates, backup checks, disaster recovery tests and the like. For keeping employees and suppliers well informed, you have advanced notifications available via emails, SMS and Push notifications to the mobile application.

Management of all assets, services and their monitoring​

CDESK has its own Configuration database (CMDB), where you have the option to clearly register services for IT operations, information systems and assets, such as computers, servers or network elements. Evaluation and availability monitoring of the registered elements is available, and evaluation of impact during outages will soon be added. Loading data from real IT with monitoring is possible either through the integrated CUSTOMER MONITOR tool with the Autodiscovery feature, or via an API connection to other systems, such as ESET Protect, Zabbix and others. The Asset management module covers asset management in general, including carrying out inventories.

Assigning and tracking responsibilities​

CDESK will help you ensure that you have full control over the changes that affect security. In CDESK, the registration of responsibilities is comprehensively handled in the registration of assets in the configuration database, but also in the processes that are carried out in the form of requests and work orders. This is followed by a conveniently designed approval system for superior staff, even from the CDESK Pro mobile application environment.

Automated reports

Relevant and regular outputs are also inseparably part of the proper functioning and further development of a company. Thanks to the reports in CDESK, you have at any time available proof of the correctness of the procedure, as well as data to improve the functioning of your team. CDESK offers various reporting options in XLS/PDF, automatically generated and emailed reports, ready-made models in PowerBI and quick overviews in dashboards. Not only for directly meeting the requirements arising from the cybersecurity act and any demonstration of compliance with the act, but also for the efficient management of teams and the organisation.

Incident recording and escalation

The CSA directly imposes on entities the obligation to record security incidents.

Recording of activities, planning, notification, analysis

Any activity of your staff or suppliers that may affect the integrity and confidentiality of data must be documented.

Management and monitoring of all assets and services

CDESK offers a CMDB for recording IT services and assets, including monitoring and availability evaluation.

Assigning and tracking responsibilities

CDESK ensures the tracking of responsibilities for security activities and provides an approval system for supervisors.

Automated reports

CDESK offers various reporting options for the efficient management of teams, including automatically generated reports and PowerBI models.

Incident recording and escalation

The CSA directly imposes on entities the obligation to record security incidents.

CDESK offers you not only the recording of incidents themselves in compliance with NIS2, but also gives you access to other features that help you prevent incidents effectively. When integrating the latest trends in cyber security, we also implement the current requirements and recommendations of state institutions. Once the interface for direct submission of incidents to the systems of the NSA/NCSC is published, we will also apply this function to CDESK solutions.

Recording of changes, activities, planning, notification, analysis

Any activity of your staff or suppliers that may affect the integrity and confidentiality of data must be documented.

CDESK documents anything your staff or suppliers do that may affect the integrity and credibility of data. Not only the incidents themselves, but also changes in the system and routine requests over monitored assets. CDESK ensures that the resolution of arising problems, or planned activities, takes place within the expected deadlines according to the SLA. In CDESK, you can, with the help of AI, record, analyse and prevent recurring security problems and their escalation. CDESK helps you with the correct handling of staff onboarding and offboarding, with the planning of training, compliance with regular updates, backup checks, disaster recovery tests and the like. To keep employees and suppliers well informed, you have advanced notifications available via email, SMS and push notifications to the mobile application.

Management and monitoring of all assets and services​

CDESK has its own Configuration Database (CMDB), where you can clearly record IT operation services, information systems and assets such as computers, servers or network elements. Evaluation and availability tracking of the recorded elements are available, and impact evaluation in the event of outages will be added soon.

Loading data from real IT with monitoring is possible either through the integrated CUSTOMER MONITOR tool with the Autodiscovery function, or via API connection to other systems such as ESET Protect, Zabbix and others.

The Asset management module covers asset management in general, including the carrying out of inventories.

Assigning and tracking responsibilities​

CDESK helps you ensure that you have full control over changes that affect security. In CDESK, the recording of responsibilities is comprehensively handled in asset records within the configuration database, but also for processes carried out in the form of requests and work orders. This is followed by a conveniently designed approval system for supervisors, even from within the CDESK Pro mobile application.

Automated reports

Relevant and regular outputs are an inseparable part of the proper functioning and further development of a company.

Thanks to reports in CDESK, you always have at your disposal proof of the correctness of your procedures, as well as data to improve the functioning of your team. CDESK offers various reporting options in XLS/PDF, automatically generated reports sent by email, ready-made PowerBI models and quick overviews in dashboards. Not only for the direct fulfilment of requirements arising from the Cyber Security Act and possible demonstration of compliance with the law, but also for the efficient management of teams and the organisation.

CDESK meets stringent cyber security requirements

For CDESK to be safely deployed in your IT environment, it must comply with the requirements of the Cyber Security Act.

The most important are:

Encrypted communication:

CDESK encrypts all communication over the HTTPS and TLS 1.3 protocol with AES-128/256 encryption. The connection of the mobile application, the desktop client and the API interface is also encrypted. This applies to both the Cloud service and the On-Premise solution operated at your premises.

Identity management:

Our software supports external services for digital identity verification, such as Active Directory (AD), LDAP, Microsoft Entra ID, Google OAuth2 and others. It also supports SSO and SAML technologies, which allow you to log in to the system without repeatedly entering login credentials.

Multi-factor authentication:

Local employee and administrator accounts in CDESK are secured using two-factor authentication (TOTP) generated in mobile applications.

Access control:

CDESK has advanced access control management for information, with high granularity of roles and permissions. In addition to the standard configuration of access to attachments, it allows you to define sensitive attachments with their own permissions to ensure confidentiality.

Activity monitoring:

CDESK enables activity monitoring to identify undesirable changes and anomalies. It supports the export of data to SIEM/SOAR systems, thereby contributing to a higher level of control.

System updates:

Regular updates are an integral part of every solution, service or software. CDESK has them ensured for both the Cloud service and the On-Premise solution.

Prevention of security incidents:

CDESK is regularly tested for vulnerabilities (penetration tests, OWASP, CWE/SANS…). In the event of an incident, the affected persons are informed, and in the case of an incident classified under the Cyber Security Act, it is reported to the NSA/NCSC.

Legislation:

The development and operation of the product takes place in compliance with the legislation required in the EU and the Slovak Republic. Compliance with it is supported by the ISO standards implemented in our companies for information security management ISO27001 and quality management according to ISO9001. We are preparing for the new regulation on software development, the Cyber Resilience Act, a regulation that has been in force since 10 December 2024 and will become effective on 11 December 2027.

CDESK in your organisation

CDESK will function in your organisation as a central platform for monitoring, managing, documenting and resolving security incidents and requests arising from the Cyber Security Act. Thanks to automated processes and clear records, CDESK will help your organisation meet legislative requirements while increasing your cyber resilience.

Why choose CDESK

  • Comprehensive solution: CDESK is a comprehensive, stable and proven tool with more than 15 years of history
  • Cost-effectiveness: CDESK offers you flexible and cost-effective licensing with a sufficient range of functions even for larger enterprises
  • Proven security: CDESK already helps dozens of companies meet the obligations of the Cyber Security Act, and serves hundreds of companies securely as a tool for planning, carrying out and overseeing a wide range of activities
Try the demo

Timeline for new entities

The timeline illustrates the obligations for operators of essential services (OES) under Section 17 of the amendment to the act and operators of critical essential services (OCES) under Section 18(1) and (2) of the amendment to the act.

01.01.2025

Effective date of the amendment to the act

02.03.2025

Notification by the authority

March 2025

Decision by the authority

April 2025

Creation of rights and obligations for the entity

March 2026

Obligation to introduce security measures

March 2027

First audit or self-assessment