Cybersecurity by Design
What does that mean in practice?
Cybersecurity must be integrated from the very beginning of a digital service’s design and throughout the entire software lifecycle. It is not a final check, but rather an ongoing process that encompasses design, development, vulnerability management, and incident response.
National Regulations
Decree-Law No. 82 of May 18, 2021, established the National Cybersecurity Agency (ACN), which is responsible for coordinating and implementing cybersecurity policies at the national level.
Technical Implementation
ACN publishes regulations, guidelines, and technical documentation related to:
risk management;
the security of critical infrastructure;
the protection of networks and information systems.
For those who develop public digital services, this means adopting secure development practices, managing vulnerabilities, and implementing appropriate protective measures consistent with the level of risk.
European legislation
Directive (EU) 2022/2555 (“NIS2”) strengthens the European framework for the security of network and information systems by imposing obligations regarding risk management, security of supply chain, vulnerability management, and incident reporting.