Prime Minister Ali Asadov has signed a Cabinet of Ministers’ decision regarding the implementation of an information security risk registry.
According to the decision, state bodies, public legal entities established on behalf of the state, legal entities with state-owned shares, and other budget organizations must ensure the formation of the information security risk registry within six months in accordance with the requirements of the “Procedure for Maintaining the Information Security Risk Registry”. The registry aims to prevent threats in the information space and ensure cybersecurity.
Additionally, in line with the 2023–2027 Strategy on Information Security and Cybersecurity of the Republic of Azerbaijan, a “Threats and Solutions” catalog will be created on the website of the State Service for Special Communication and Information Security. This catalog will include a categorized set of threats to the information space and will be continuously updated.
The procedure defines the legal, technical, and organizational basis for maintaining the risk registry. Since information necessary for assessing and managing risks is considered confidential, it will be collected, protected, and used within the responsible entity’s information infrastructure.
The objectives of maintaining the information security risk registry include:
Identifying and classifying information security and cybersecurity risks in the national information space;
Organizing effective preventive measures against threats in the information space under the responsibility of the registry owner;
Evaluating potential threats, estimating likelihood and impact, identifying risk-causing events in advance, planning preventive actions, and implementing AI-based and other relevant solutions.
Expenses related to the design, formation, implementation, maintenance, monitoring, and continuous development of the risk registry will be funded annually from the state budget allocated to the relevant authorities and other legally permitted sources.
