{"id":1233,"date":"2026-03-10T11:52:39","date_gmt":"2026-03-10T11:52:39","guid":{"rendered":"https:\/\/nimbis.si\/?page_id=1233"},"modified":"2026-03-10T14:08:51","modified_gmt":"2026-03-10T14:08:51","slug":"ocena-zrelosti-informacijske-varnosti","status":"publish","type":"page","link":"https:\/\/nimbis.si\/en\/ocena-zrelosti-informacijske-varnosti\/","title":{"rendered":"Ocena zrelosti informacijske varnosti"},"content":{"rendered":"\n<style>\n  :root {\n    --ink: rgb(41, 53, 64);\n    --paper: conic-gradient(from 45deg at center,#222f3a 0%,#293540 12%,#344554 25%,#293540 37%,#222f3a 50%,#293540 62%,#344554 75%,#293540 87%,#222f3a 100%)!important;\n    --accent: #00B6ED;\n    --accent-light: hsl(from #00B6ED h s l \/ 0.1);\n    --gold: #b89650;\n    --muted: #6b7280;\n    --border: rgba(255,255,255,0.12);\n    --green: #2d6a4f;\n    --amber: #b45309;\n    --red: #991b1b;\n    --card: #2c3a47;\n  }\n\n  * { box-sizing: border-box; margin: 0; padding: 0; }\n\n  body {\n    font-family: 'Roboto', sans-serif;\n    background: var(--paper);\n    color: var(--ink);\n    min-height: 100vh;\n    font-size: 16px;\n    line-height: 1.6;\n  }\n\n  \/* \u2500\u2500 HEADER \u2500\u2500 *\/\n  .header.assessment {\n    background: var(--ink);\n    color: var(--paper);\n    padding: 2em;\n    text-align: center;\n    position: relative;\n    overflow: hidden;\n    box-shadow: rgba(0, 0, 0, 0.3) 0px 2px 18px 0px;\n}\n  .header.assessment::before {\n    content: '';\n    position: absolute;\n    inset: 0;\n    background: repeating-linear-gradient(\n      45deg,\n      transparent,\n      transparent 40px,\n      rgba(200,64,26,0.04) 40px,\n      rgba(200,64,26,0.04) 41px\n    );\n  }\n  .header-eyebrow {\n    font-family: 'DM Mono', monospace;\n    font-size: 0.7rem;\n    letter-spacing: 0.2em;\n    text-transform: uppercase;\n    color: var(--accent);\n    margin-bottom: 0.8rem;\n  }\n  .header.assessment h1 {\n    font-family: 'Roboto', sans-serif;\n    font-size: 2.5em;\n    font-weight: 700;\n    color: #fff;\n    line-height: 1.2;\n    margin-bottom: 0.7rem;\n  }\n  .header.assessment p {\n    color: #a0aab4;\n    font-size: 0.92rem;\n    font-weight: 300;\n    max-width: 560px;\n    margin: 0 auto;\n  }\n  .badge-row {\n    display: flex;\n    justify-content: center;\n    gap: 0.6rem;\n    margin-top: 1.2rem;\n    flex-wrap: wrap;\n  }\n  .badge {\n    font-family: 'DM Mono', monospace;\n    font-size: 0.62rem;\n    letter-spacing: 0.12em;\n    padding: 0.25rem 0.7rem;\n    border: 1px solid var(--accent);\n    color: var(--accent);\n    border-radius: 2px;\n  }\n\n  \/* \u2500\u2500 INTRO \u2500\u2500 *\/\n  .intro-bar {\n    background: var(--accent-light);\n    border-left: 4px solid var(--accent);\n    padding: 1rem 1.5rem;\n    margin: 1.8rem auto;\n    max-width: 820px;\n    font-size: 0.88rem;\n    color: white;\n    border-radius: 0 4px 4px 0;\n  }\n  .intro-bar strong { color: var(--accent); }\n\n  \/* \u2500\u2500 WRAPPER \u2500\u2500 *\/\n  .wrapper {\n    max-width: 820px;\n    margin: 0 auto;\n    padding: 0 1.2rem 4rem;\n  }\n\n  \/* \u2500\u2500 SECTION LABEL \u2500\u2500 *\/\n  .section-label {\n    display: flex;\n    align-items: center;\n    gap: 0.8rem;\n    margin: 2.4rem 0 1rem;\n  }\n  .section-number {\n    font-family: 'DM Mono', monospace;\n    font-size: 0.65rem;\n    color: white;\n    border-radius: 2px;\n    letter-spacing: 0.08em;\n    flex-shrink: 0;\n  }\n  .section-title {\n    font-family: 'Roboto', sans-serif;\n    font-size: 1.2rem;\n    font-weight: 600;\n    color: white;\n  }\n  .section-line {\n    flex: 1;\n    height: 1px;\n    background: var(--border);\n  }\n\n  \/* \u2500\u2500 QUESTION CARD \u2500\u2500 *\/\n  .q-card {\n    background: var(--card);\n    border: 1px solid var(--border);\n    border-radius: 10px;\n    padding: 1.2rem 1.4rem;\n    margin-bottom: 1rem;\n    transition: border-color 0.2s;\n    box-shadow: 0px 2px 5px 0px rgba(0,0,0,0.3);\n  }\n  .q-card:hover { border-color: var(--accent); }\n  .q-text {\n    font-size: 0.92rem;\n    font-weight: 500;\n    margin-bottom: 0.9rem;\n    line-height: 1.5;\n    color: white;\n  }\n  .q-num {\n    font-family: 'DM Mono', monospace;\n    font-size: 0.7rem;\n    color: var(--accent);\n    margin-right: 0.4rem;\n  }\n  .options {\n    display: grid;\n    gap: 0.45rem;\n  }\n  .option-label {\n    display: flex;\n    align-items: flex-start;\n    gap: 0.7rem;\n    cursor: pointer;\n    padding: 0.55rem 0.8rem;\n    border-radius: 4px;\n    border: 1px solid var(--border);\n    font-size: 0.84rem;\n    transition: background 0.15s, border-color 0.15s;\n    line-height: 1.4;\n    color: white;\n  }\n  .option-label:hover { border-color: var(--accent); }\n  .option-label input { display: none; }\n  .option-label.selected {\n    border-color: var(--accent);\n  }\n  .opt-dot {\n    width: 18px;\n    height: 18px;\n    border-radius: 50%;\n    border: 2px solid var(--border);\n    flex-shrink: 0;\n    margin-top: 1px;\n    display: flex;\n    align-items: center;\n    justify-content: center;\n    transition: border-color 0.15s, background 0.15s;\n  }\n  .option-label.selected .opt-dot {\n    border-color: var(--accent);\n    background: var(--accent);\n  }\n  .opt-dot::after {\n    content: '';\n    width: 7px;\n    height: 7px;\n    border-radius: 50%;\n    background: white;\n    display: none;\n  }\n  .option-label.selected .opt-dot::after { display: block; }\n  .score-hint {\n    font-family: 'DM Mono', monospace;\n    font-size: 0.62rem;\n    color: var(--muted);\n    margin-left: auto;\n    flex-shrink: 0;\n    padding-left: 0.5rem;\n  }\n\n  \/* \u2500\u2500 SUBMIT \u2500\u2500 *\/\n  .submit-area {\n    margin-top: 2.5rem;\n    text-align: center;\n  }\n  .progress-label {\n    font-family: 'DM Mono', monospace;\n    font-size: 0.72rem;\n    color: var(--muted);\n    margin-bottom: 0.6rem;\n  }\n  .progress-bar {\n    width: 100%;\n    height: 4px;\n    background: var(--border);\n    border-radius: 4px;\n    margin-bottom: 1.5rem;\n    overflow: hidden;\n  }\n  .progress-fill {\n    height: 100%;\n    background: linear-gradient(90deg, var(--accent), var(--gold));\n    border-radius: 4px;\n    transition: width 0.4s ease;\n    width: 0%;\n  }\n  .btn-submit {\n    background: var(--accent);\n    color: white;\n    border: none;\n    padding: 1em 2em;\n    font-family: 'Roboto', sans-serif;\n    font-size: 1em;\n    font-weight: 500;\n    border-radius: 4px;\n    cursor: pointer;\n    transition: background 0.2s, transform 0.1s;\n  }\n  .btn-submit:hover { transform: translateY(-1px); }\n  .btn-submit:active { transform: translateY(0); }\n\n  \/* \u2500\u2500 RESULTS \u2500\u2500 *\/\n  #results { display: none; }\n  .result-header {\n    text-align: center;\n    padding: 2.5rem 1rem 2rem;\n    background: var(--card);\n    border: 1px solid var(--border);\n    border-radius: 8px;\n    margin-top: 1.5rem;\n  }\n  .result-level-tag {\n    font-family: 'DM Mono', monospace;\n    font-size: 0.68rem;\n    letter-spacing: 0.18em;\n    text-transform: uppercase;\n    margin-bottom: 0.5rem;\n  }\n  .result-score-big {\n    font-family: 'Roboto', sans-serif;\n    font-size: 4em;\n    font-weight: 700;\n    line-height: 1;\n    margin: 0.3rem 0;\n    color: white;\n  }\n  .result-label {\n    font-family: 'Roboto', sans-serif;\n    font-size: 1.2em;\n    font-weight: 600;\n    margin-bottom: 0.8rem;\n    color: white;\n  }\n  .result-desc {\n    font-size: 0.9rem;\n    color: var(--muted);\n    max-width: 520px;\n    margin: 0 auto 1.2rem;\n    line-height: 1.6;\n  }\n  .score-meter {\n    max-width: 340px;\n    margin: 1rem auto 0;\n  }\n  .meter-track {\n    height: 10px;\n    background: #e8e4dc;\n    border-radius: 10px;\n    overflow: hidden;\n    margin-bottom: 0.3rem;\n  }\n  .meter-fill {\n    height: 100%;\n    border-radius: 10px;\n    transition: width 1.2s cubic-bezier(0.23, 1, 0.32, 1);\n  }\n  .meter-labels {\n    display: flex;\n    justify-content: space-between;\n    font-family: 'DM Mono', monospace;\n    font-size: 0.6rem;\n    color: white;\n  }\n\n  \/* domain breakdown *\/\n  .breakdown-grid {\n    display: grid;\n    grid-template-columns: repeat(auto-fill, minmax(230px, 1fr));\n    gap: 1rem;\n    margin-top: 1.8rem;\n  }\n  .domain-card {\n    background: var(--card);\n    border: 1px solid var(--border);\n    border-radius: 6px;\n    padding: 1rem 1.2rem;\n  }\n  .domain-name {\n    font-size: 0.78rem;\n    font-weight: 500;\n    margin-bottom: 0.5rem;\n    color: white;\n  }\n  .domain-bar-wrap {\n    height: 6px;\n    background: #e8e4dc;\n    border-radius: 6px;\n    overflow: hidden;\n    margin-bottom: 0.35rem;\n  }\n  .domain-bar { height: 100%; border-radius: 6px; }\n  .domain-pct {\n    font-family: 'DM Mono', monospace;\n    font-size: 0.68rem;\n    color: var(--muted);\n  }\n\n  \/* finding cards *\/\n  .findings-title {\n    font-family: 'Roboto', sans-serif;\n    font-size: 1.1rem;\n    margin: 2.5rem 0 1rem;\n    padding-bottom: 0.5rem;\n    border-bottom: 1px solid var(--border);\n  }\n  .finding-card {\n    background: var(--card);\n    border: 1px solid var(--border);\n    border-left: 4px solid;\n    border-radius: 0 6px 6px 0;\n    padding: 1rem 1.2rem;\n    margin-bottom: 0.9rem;\n    font-size: 0.85rem;\n    line-height: 1.6;\n    color: var(--muted);\n  }\n  .finding-card strong {\n    display: block;\n    font-weight: 600;\n    margin-bottom: 0.3rem;\n    font-size: 0.88rem;\n    color: white;\n  }\n\n  \/* CTA *\/\n  .cta-box {\n    background: var(--ink);\n    color: var(--paper);\n    border-radius: 10px;\n    padding: 2rem 2rem;\n    margin-top: 2.5rem;\n    text-align: center;\n    border: 1px solid var(--border);\n    box-shadow: 0px 2px 5px 0px rgba(0,0,0,0.3);\n  }\n  .cta-box h3 {\n    font-family: 'Roboto', sans-serif;\n    font-size: 1.5em;\n    margin-bottom: 0.7rem;\n    color: #fff;\n  }\n  .cta-box p {\n    font-size: 0.87rem;\n    color: #9aabba;\n    max-width: 480px;\n    margin: 0 auto 1.4rem;\n    line-height: 1.6;\n  }\n  .btn-cta {\n    display: inline-block;\n    background: var(--accent);\n    color: #fff;\n    padding: 0.85rem 2rem;\n    margin-bottom: 1em;\n    border-radius: 4px;\n    font-size: 0.88rem;\n    font-weight: 500;\n    text-decoration: none;\n    letter-spacing: 0.03em;\n    transition: background 0.2s;\n  }\n  .btn-cta:hover { background: #a83315; }\n  .cta-legal {\n    font-size: 0.72rem;\n    color: #6b7d8a;\n    margin-top: 0.8rem;\n  }\n\n  \/* util *\/\n  .hidden { display: none !important; }\n  .text-green { color: var(--green); }\n  .text-amber { color: var(--amber); }\n  .text-red   { color: var(--red);   }\n  .bg-green   { background: var(--green); }\n  .bg-amber   { background: var(--amber); }\n  .bg-red     { background: var(--red);   }\n  .border-green { border-left-color: var(--green); }\n  .border-amber { border-left-color: var(--amber); }\n  .border-red   { border-left-color: var(--red);   }\n\n  @media (max-width: 600px) {\n    .section-title { font-size: 1rem; }\n    .result-score-big { font-size: 3rem; }\n    .cta-box { padding: 1.5rem 1.2rem; }\n  }\n<\/style>\n\n<div class=\"header assessment\">\n  <p class=\"header-eyebrow\">Brezpla\u010dna samoocena<\/p>\n  <h1>Ocena zrelosti informacijske varnosti<\/h1>\n  <p>Strukturirana diagnostika za organizacije, ki delujejo v skladu s slovensko in evropsko zakonodajo o kibernetski varnosti<\/p>\n  <div class=\"badge-row\">\n    <span class=\"badge\">Direktiva NIS2<\/span>\n    <span class=\"badge\">ZInfV-1<\/span>\n    <span class=\"badge\">ISO\/IEC 27001:2022<\/span>\n    <span class=\"badge\">DORA-skladno<\/span>\n  <\/div>\n<\/div>\n\n<div class=\"wrapper\">\n\n  <div class=\"intro-bar\">\n    <strong>Kako deluje:<\/strong> Odgovorite na 20 vpra\u0161anj v 5 podro\u010djih. Vsako vpra\u0161anje ponuja \u0161tiri mo\u017enosti, vredne 0\u20133 to\u010dke. Skupni se\u0161tevek (najve\u010d 60) dolo\u010di va\u0161o raven zrelosti. Bodite iskreni \u2014 natan\u010dnej\u0161i ko so va\u0161i odgovori, bolj koristni so rezultati. Va\u0161i odgovori se nikamor ne po\u0161iljajo; vse se izvaja v va\u0161em brskalniku.\n  <\/div>\n\n  <div id=\"quiz\">\n\n    <!-- \u2500\u2500 PODRO\u010cJE 1 \u2500\u2500 -->\n    <div class=\"section-label\">\n      <span class=\"section-number\">01<\/span>\n      <span class=\"section-title\">Upravljanje in obvladovanje tveganj<\/span>\n      <span class=\"section-line\"><\/span>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"0\">\n      <p class=\"q-text\"><span class=\"q-num\">1.<\/span> Ali ima va\u0161a organizacija dokumentirano politiko informacijske varnosti, ki se pregleduje vsaj enkrat letno?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q1\" value=\"0\"><span class=\"opt-dot\"><\/span>Nimamo formalne politike.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q1\" value=\"1\"><span class=\"opt-dot\"><\/span>Politika obstaja, vendar je zastarela ali se redko uporablja.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q1\" value=\"2\"><span class=\"opt-dot\"><\/span>Veljavna politika obstaja in je bila posredovana zaposlenim.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q1\" value=\"3\"><span class=\"opt-dot\"><\/span>Politika je aktualna, letno pregledana, potrjena s strani vodstva in vklju\u010dena v poslovne procese.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"0\">\n      <p class=\"q-text\"><span class=\"q-num\">2.<\/span> Kako va\u0161a organizacija identificira in ocenjuje tveganja za informacijsko varnost?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q2\" value=\"0\"><span class=\"opt-dot\"><\/span>Tveganja se formalno ne ocenjujejo.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q2\" value=\"1\"><span class=\"opt-dot\"><\/span>Ocenjevanje tveganj poteka neformalno ali le po incidentu.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q2\" value=\"2\"><span class=\"opt-dot\"><\/span>Periodi\u010dno izvajamo ocene tveganj z dokumentiranimi rezultati.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q2\" value=\"3\"><span class=\"opt-dot\"><\/span>Ocene tveganj so sistemati\u010dne, temeljijo na apetitu do tveganja in se napajajo v formalni na\u010drt obravnave, ki ga pregleduje vodstvo.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"0\">\n      <p class=\"q-text\"><span class=\"q-num\">3.<\/span> Ali je v va\u0161i organizaciji dolo\u010dena oseba ali funkcija, odgovorna za informacijsko varnost?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q3\" value=\"0\"><span class=\"opt-dot\"><\/span>Ne \u2014 vsi predpostavljajo, da se z varnostjo ukvarja nekdo drug.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q3\" value=\"1\"><span class=\"opt-dot\"><\/span>IT neformalno skrbi za varnost brez jasnega pooblastila.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q3\" value=\"2\"><span class=\"opt-dot\"><\/span>Oseba je dolo\u010dena, vendar ima omejeno pooblastilo ali sredstva.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q3\" value=\"3\"><span class=\"opt-dot\"><\/span>Vloga CISO ali enakovredna funkcija obstaja z jasnim mandatom, prora\u010dunom in dostopom do uprave.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"0\">\n      <p class=\"q-text\"><span class=\"q-num\">4.<\/span> Kako se informacijska varnost obravnava na ravni vi\u0161jega vodstva?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q4\" value=\"0\"><span class=\"opt-dot\"><\/span>Varnost ni to\u010dka na dnevnem redu vodstva.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q4\" value=\"1\"><span class=\"opt-dot\"><\/span>Vodstvo je o varnosti obve\u0161\u010deno le ob nastanku te\u017eav.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q4\" value=\"2\"><span class=\"opt-dot\"><\/span>Varnost se periodi\u010dno obravnava; vodstvo potrjuje klju\u010dne odlo\u010ditve.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q4\" value=\"3\"><span class=\"opt-dot\"><\/span>Vodstvo ka\u017ee vidno zavezanost, postavlja cilje in nadzoruje KPI-je za varnost.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <!-- \u2500\u2500 PODRO\u010cJE 2 \u2500\u2500 -->\n    <div class=\"section-label\">\n      <span class=\"section-number\">02<\/span>\n      <span class=\"section-title\">Upravljanje sredstev in nadzor dostopa<\/span>\n      <span class=\"section-line\"><\/span>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"1\">\n      <p class=\"q-text\"><span class=\"q-num\">5.<\/span> Ali va\u0161a organizacija vzdr\u017euje a\u017euren register informacijskih sredstev (sistemov, podatkov, storitev)?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q5\" value=\"0\"><span class=\"opt-dot\"><\/span>Register ne obstaja.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q5\" value=\"1\"><span class=\"opt-dot\"><\/span>Obstaja delni ali neformalni seznam, ki se ne vzdr\u017euje.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q5\" value=\"2\"><span class=\"opt-dot\"><\/span>Register sredstev obstaja in se periodi\u010dno posodablja.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q5\" value=\"3\"><span class=\"opt-dot\"><\/span>Celovit, klasificiran register sredstev se vzdr\u017euje z jasno lastni\u0161tvo in klasifikacijo podatkov.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"1\">\n      <p class=\"q-text\"><span class=\"q-num\">6.<\/span> Kako se upravljajo pravice dostopa zaposlenih ob zaposlitvi, menjavi vloge ali odhodu?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q6\" value=\"0\"><span class=\"opt-dot\"><\/span>Dostop se redko prekli\u010de; biv\u0161i zaposleni imajo morda \u0161e vedno aktivne ra\u010dune.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q6\" value=\"1\"><span class=\"opt-dot\"><\/span>Dostop se prilagaja reaktivno \u2014 pogosto z zamudo ali nepopolno.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q6\" value=\"2\"><span class=\"opt-dot\"><\/span>Procesi obstajajo, vendar se ne izvajajo dosledno.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q6\" value=\"3\"><span class=\"opt-dot\"><\/span>Formalni, avtomatizirani procesi upravljanja dostopa z rednimi pregledi in uveljavljanjem na\u010dela najmanj\u0161ih pravic.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"1\">\n      <p class=\"q-text\"><span class=\"q-num\">7.<\/span> Ali se ve\u010dfaktorska avtentikacija (MFA) uporablja za kriti\u010dne sisteme in oddaljeni dostop?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q7\" value=\"0\"><span class=\"opt-dot\"><\/span>Ne \u2014 povsod se uporabljajo le gesla.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q7\" value=\"1\"><span class=\"opt-dot\"><\/span>MFA se uporablja za nekatere sisteme (npr. e-po\u0161to v oblaku), a ne dosledno.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q7\" value=\"2\"><span class=\"opt-dot\"><\/span>MFA je obvezna za oddaljeni dostop in ve\u010dino kriti\u010dnih sistemov.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q7\" value=\"3\"><span class=\"opt-dot\"><\/span>MFA je obvezna za ves privilegiran, oddaljeni in kriti\u010dni dostop; uporabljajo se metode, odporne na la\u017eno predstavljanje.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"1\">\n      <p class=\"q-text\"><span class=\"q-num\">8.<\/span> Kako va\u0161a organizacija ureja dostop tretjih oseb in dobaviteljev do va\u0161ih sistemov ali podatkov?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q8\" value=\"0\"><span class=\"opt-dot\"><\/span>Tretje osebe imajo neomejen ali nenadzorovan dostop.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q8\" value=\"1\"><span class=\"opt-dot\"><\/span>Dostop se odobrava neformalno brez pogodb, ki bi zajemale varnostne zahteve.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q8\" value=\"2\"><span class=\"opt-dot\"><\/span>Pogodbe vklju\u010dujejo varnostne dolo\u010dbe; dostop je omejen po obsegu.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q8\" value=\"3\"><span class=\"opt-dot\"><\/span>Tveganja dobavne verige se formalno ocenjujejo; dostop tretjih oseb je omejen, nadzorovan in periodi\u010dno pregledovan.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <!-- \u2500\u2500 PODRO\u010cJE 3 \u2500\u2500 -->\n    <div class=\"section-label\">\n      <span class=\"section-number\">03<\/span>\n      <span class=\"section-title\">Obvladovanje kibernetskih gro\u017eenj in ranljivosti<\/span>\n      <span class=\"section-line\"><\/span>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"2\">\n      <p class=\"q-text\"><span class=\"q-num\">9.<\/span> Kako va\u0161a organizacija upravlja ranljivosti programske opreme in varnostne popravke?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q9\" value=\"0\"><span class=\"opt-dot\"><\/span>Popravki se name\u0161\u010dajo redko ali le ob okvarah.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q9\" value=\"1\"><span class=\"opt-dot\"><\/span>Popravki se name\u0161\u010dajo brez dolo\u010denega urnika ali razvr\u0161\u010danja po pomembnosti.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q9\" value=\"2\"><span class=\"opt-dot\"><\/span>Urnik name\u0161\u010danja popravkov obstaja; kriti\u010dni popravki se namestijo v dolo\u010denem roku.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q9\" value=\"3\"><span class=\"opt-dot\"><\/span>Skeniranje ranljivosti, razvr\u0161\u010danje popravkov po tveganjih in sledenje SLA so vzpostavljeni z dokumentiranimi izjemami.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"2\">\n      <p class=\"q-text\"><span class=\"q-num\">10.<\/span> Ali va\u0161a organizacija nadzoruje sisteme glede varnostnih dogodkov in anomalij?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q10\" value=\"0\"><span class=\"opt-dot\"><\/span>Nadzora ni \u2014 incidente odkrijemo naklju\u010dno.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q10\" value=\"1\"><span class=\"opt-dot\"><\/span>Osnovno bele\u017eenje obstaja, a se dnevniki redko pregledujejo.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q10\" value=\"2\"><span class=\"opt-dot\"><\/span>Dnevniki so centralizirani in se periodi\u010dno pregledujejo; opozorila so nastavljena za nekatere dogodke.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q10\" value=\"3\"><span class=\"opt-dot\"><\/span>Neprekinjeno spremljanje ali SIEM je vzpostavljeno z definiranimi opozorili, postopki eskalacije in nadzori integritete dnevnikov.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"2\">\n      <p class=\"q-text\"><span class=\"q-num\">11.<\/span> Kako se upravlja varnost omre\u017eja (segmentacija, po\u017earni zidovi, za\u0161\u010dita kon\u010dnih to\u010dk)?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q11\" value=\"0\"><span class=\"opt-dot\"><\/span>Obstaja osnovni po\u017earni zid; malo drugega je vzpostavljenega.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q11\" value=\"1\"><span class=\"opt-dot\"><\/span>Obstaja za\u0161\u010dita zunanjega perimetra, a notranje omre\u017eje je ravno; za\u0161\u010dita kon\u010dnih to\u010dk je nedosledna.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q11\" value=\"2\"><span class=\"opt-dot\"><\/span>Omre\u017eni segmenti za kriti\u010dne sisteme obstajajo; upravljana za\u0161\u010dita kon\u010dnih to\u010dk je name\u0161\u010dena na vseh napravah.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q11\" value=\"3\"><span class=\"opt-dot\"><\/span>Uveljavljajo se na\u010dela ni\u010delnega zaupanja; segmentacija omre\u017eja, EDR in spletno filtriranje so name\u0161\u010deni in se redno pregledujejo.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"2\">\n      <p class=\"q-text\"><span class=\"q-num\">12.<\/span> Ali so zaposleni redno usposobljeni za prepoznavanje la\u017enega predstavljanja, socialnega in\u017eeniringa in kibernetskih gro\u017eenj?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q12\" value=\"0\"><span class=\"opt-dot\"><\/span>Usposabljanja s podro\u010dja varnosti ni.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q12\" value=\"1\"><span class=\"opt-dot\"><\/span>Enkratno ali samo uvodno usposabljanje za ozave\u0161\u010danje.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q12\" value=\"2\"><span class=\"opt-dot\"><\/span>Letno usposabljanje za ozave\u0161\u010danje o varnosti s sledenjem zaklju\u010dkov.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q12\" value=\"3\"><span class=\"opt-dot\"><\/span>Stalni program usposabljanja, vklju\u010dno s simuliranim la\u017enim predstavljanjem, usposabljanjem po vlogah in merjenjem sprememb v vedenju.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <!-- \u2500\u2500 PODRO\u010cJE 4 \u2500\u2500 -->\n    <div class=\"section-label\">\n      <span class=\"section-number\">04<\/span>\n      <span class=\"section-title\">Odzivanje na incidente in neprekinjenost poslovanja<\/span>\n      <span class=\"section-line\"><\/span>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"3\">\n      <p class=\"q-text\"><span class=\"q-num\">13.<\/span> Ali ima va\u0161a organizacija dokumentiran na\u010drt odzivanja na kibernetske incidente?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q13\" value=\"0\"><span class=\"opt-dot\"><\/span>Na\u010drta ni \u2014 ob incidentu bi improvizirali.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q13\" value=\"1\"><span class=\"opt-dot\"><\/span>Neformalna navodila obstajajo, a niso dokumentirana ali preizku\u0161ena.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q13\" value=\"2\"><span class=\"opt-dot\"><\/span>Dokumentiran na\u010drt z dolo\u010denimi vlogami obstaja, a ni bil nedavno preizku\u0161en.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q13\" value=\"3\"><span class=\"opt-dot\"><\/span>Celovit na\u010drt odzivanja na incidente je vzpostavljen, preizku\u0161en vsaj enkrat letno, z vklju\u010denimi pridobljenimi izku\u0161njami.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"3\">\n      <p class=\"q-text\"><span class=\"q-num\">14.<\/span> Ali ste seznanjeni z obveznostjo priglasitve incidenta SI-CERT \/ AKOS v roku 72 ur po ZInfV-1 \/ NIS2 in ste nanj pripravljeni?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q14\" value=\"0\"><span class=\"opt-dot\"><\/span>Te obveznosti nismo poznali.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q14\" value=\"1\"><span class=\"opt-dot\"><\/span>Vemo, da obveznost obstaja, a nimamo procesa za spo\u0161tovanje roka.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q14\" value=\"2\"><span class=\"opt-dot\"><\/span>Proces priglasitve obstaja, a ni bil vajan.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q14\" value=\"3\"><span class=\"opt-dot\"><\/span>Preizku\u0161en, dokumentiran postopek priglasitve z imenovanimi kontaktnimi osebami in pripravljenimi predlogami poro\u010dil.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"3\">\n      <p class=\"q-text\"><span class=\"q-num\">15.<\/span> Ali so varnostne kopije vzpostavljene, preizku\u0161ene in za\u0161\u010ditene pred izsiljevalsko programsko opremo (npr. brez povezave ali nespremenljive kopije)?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q15\" value=\"0\"><span class=\"opt-dot\"><\/span>Varnostne kopije so nedosledne ali niso verificirane.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q15\" value=\"1\"><span class=\"opt-dot\"><\/span>Varnostne kopije se redno ustvarjajo, a so v istem omre\u017eju (dostopne izsiljevalski programski opremi).<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q15\" value=\"2\"><span class=\"opt-dot\"><\/span>Varnostne kopije so lo\u010dene; obnovitev se ob\u010dasno preizku\u0161a.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q15\" value=\"3\"><span class=\"opt-dot\"><\/span>Strategija varnostnih kopij 3-2-1+ z nespremenljivimi\/brezspletnimi kopijami, rednimi preizkusi obnovitve in dokumentiranimi cilji RTO\/RPO.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"3\">\n      <p class=\"q-text\"><span class=\"q-num\">16.<\/span> Ali na\u010drt neprekinjenosti poslovanja (BCP) zajema scenarije ve\u010djega kibernetskega incidenta?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q16\" value=\"0\"><span class=\"opt-dot\"><\/span>BCP ne obstaja.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q16\" value=\"1\"><span class=\"opt-dot\"><\/span>BCP obstaja, a izrecno ne obravnava kibernetskih scenarijev.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q16\" value=\"2\"><span class=\"opt-dot\"><\/span>BCP zajema kibernetske scenarije; pregled\u0430\u043d je, a ni bil v celoti preizku\u0161en.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q16\" value=\"3\"><span class=\"opt-dot\"><\/span>BCP in DRP sta integrirana, preizku\u0161ena z vajami, z jasnimi verigami komuniciranja v kriznih situacijah.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <!-- \u2500\u2500 PODRO\u010cJE 5 \u2500\u2500 -->\n    <div class=\"section-label\">\n      <span class=\"section-number\">05<\/span>\n      <span class=\"section-title\">Skladnost, revizija in nenehne izbolj\u0161ave<\/span>\n      <span class=\"section-line\"><\/span>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"4\">\n      <p class=\"q-text\"><span class=\"q-num\">17.<\/span> Ali je va\u0161a organizacija formalno ugotovila, ali spada pod ZInfV-1 kot bistveni ali pomembni subjekt?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q17\" value=\"0\"><span class=\"opt-dot\"><\/span>Nismo ocenili svojega regulatornega statusa po ZInfV-1.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q17\" value=\"1\"><span class=\"opt-dot\"><\/span>Imamo grobo predstavo, a brez formalne pravne analize.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q17\" value=\"2\"><span class=\"opt-dot\"><\/span>Status smo ocenili; klasifikacija je dokumentirana, a se \u0161e ni v celoti ukrepalo.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q17\" value=\"3\"><span class=\"opt-dot\"><\/span>Pravna analiza je zaklju\u010dena, subjekt je po potrebi registriran, obveznosti pa so preslikane na kontrole SUIV.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"4\">\n      <p class=\"q-text\"><span class=\"q-num\">18.<\/span> Ali se izvajajo notranje varnostne revizije ali pregledi za preverjanje u\u010dinkovitosti kontrol?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q18\" value=\"0\"><span class=\"opt-dot\"><\/span>Notranje revizije se ne izvajajo.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q18\" value=\"1\"><span class=\"opt-dot\"><\/span>Ob\u010dasni neformalni pregledi potekajo brez strukturiranega programa revizij.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q18\" value=\"2\"><span class=\"opt-dot\"><\/span>Periodi\u010dne revizije se izvajajo in ugotovitve se sledijo.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q18\" value=\"3\"><span class=\"opt-dot\"><\/span>Strukturiran program notranjih revizij z rotacijo podro\u010dij, upravljanjem ugotovitev in integracijo v pregled vodstva.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"4\">\n      <p class=\"q-text\"><span class=\"q-num\">19.<\/span> Kako va\u0161a organizacija upravlja varstvo osebnih podatkov (GDPR \/ ZVOP-3) v razmerju do informacijske varnosti?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q19\" value=\"0\"><span class=\"opt-dot\"><\/span>Varstvo podatkov in varnost se obravnavata popolnoma lo\u010deno brez usklajevanja.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q19\" value=\"1\"><span class=\"opt-dot\"><\/span>Za GDPR skrbi pravna slu\u017eba\/HR; varnostna ekipa ima malo vpogleda v tokove podatkov.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q19\" value=\"2\"><span class=\"opt-dot\"><\/span>Varstvo podatkov in varnost sodelujeta pri klju\u010dnih vpra\u0161anjih; register dejavnosti obdelave (RDO) se vzdr\u017euje.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q19\" value=\"3\"><span class=\"opt-dot\"><\/span>Vgrajena zasebnost je vklju\u010dena v procese; poobla\u0161\u010dena oseba za varstvo podatkov in CISO sodelujeta; varnostne kontrole so preslikane na obveznosti GDPR.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"q-card\" data-domain=\"4\">\n      <p class=\"q-text\"><span class=\"q-num\">20.<\/span> Ali obstaja formalen proces za sledenje, izvajanje in verificiranje izbolj\u0161av po revizijah, incidentih ali ocenah tveganj?<\/p>\n      <div class=\"options\">\n        <label class=\"option-label\"><input type=\"radio\" name=\"q20\" value=\"0\"><span class=\"opt-dot\"><\/span>Izbolj\u0161ave so ad hoc \u2014 ugotovitve se redko formalno obravnavajo.<span class=\"score-hint\">0 to\u010dk<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q20\" value=\"1\"><span class=\"opt-dot\"><\/span>Ukrepi se bele\u017eijo, a sledenje ni dosledno.<span class=\"score-hint\">1 to\u010dka<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q20\" value=\"2\"><span class=\"opt-dot\"><\/span>Register korektivnih ukrepov se vzdr\u017euje in periodi\u010dno pregleduje.<span class=\"score-hint\">2 to\u010dki<\/span><\/label>\n        <label class=\"option-label\"><input type=\"radio\" name=\"q20\" value=\"3\"><span class=\"opt-dot\"><\/span>Formalen proces korektivnih ukrepov z lastniki, roki, verificiranjem in poro\u010danjem vodstvu \u2014 ki zaklju\u010duje krog PDCA.<span class=\"score-hint\">3 to\u010dke<\/span><\/label>\n      <\/div>\n    <\/div>\n\n    <div class=\"submit-area\">\n      <p class=\"progress-label\">Odgovorjena vpra\u0161anja: <span id=\"answered-count\">0<\/span> \/ 20<\/p>\n      <div class=\"progress-bar\"><div class=\"progress-fill\" id=\"progress-fill\"><\/div><\/div>\n      <button class=\"btn-submit\" onclick=\"submitQuiz()\">Izra\u010dunaj mojo oceno zrelosti \u2192<\/button>\n    <\/div>\n\n  <\/div><!-- \/quiz -->\n\n  <!-- \u2550\u2550 REZULTATI \u2550\u2550 -->\n  <div id=\"results\">\n\n    <div class=\"result-header\">\n      <p class=\"result-level-tag\" id=\"res-tag\"><\/p>\n      <div class=\"result-score-big\" id=\"res-score\"><\/div>\n      <p style=\"font-family:'Roboto',sans-serif;font-size:1em;color:vwhite;margin-bottom:0.5rem;\">od 60 to\u010dk<\/p>\n      <h2 class=\"result-label\" id=\"res-label\"><\/h2>\n      <p class=\"result-desc\" id=\"res-desc\"><\/p>\n      <div class=\"score-meter\">\n        <div class=\"meter-track\"><div class=\"meter-fill\" id=\"res-meter\"><\/div><\/div>\n        <div class=\"meter-labels\"><span>Za\u010detna<\/span><span>Razvijajo\u010da<\/span><span>Vzpostavljena<\/span><span>Optimizirana<\/span><\/div>\n      <\/div>\n    <\/div>\n\n    <div class=\"breakdown-grid\" id=\"domain-breakdown\"><\/div>\n\n    <h3 class=\"findings-title\">Klju\u010dne ugotovitve in prednostna podro\u010dja<\/h3>\n    <div id=\"findings-list\"><\/div>\n\n    <div class=\"cta-box\">\n      <h3>Pripravljeni zapreti vrzeli?<\/h3>\n      <p>Ta ocena vam d\u00e1 usmerjevalno sliko. Celovita diagnostika \u2014 vklju\u010dno z analizo vrzeli ZInfV-1 \u010dlen po \u010dlenu, preslikavo kontrol ISO 27001 in prednostnim na\u010drtom sanacije \u2014 zahteva izku\u0161en pogled strokovnjaka. Pogovorimo se.<\/p>\n      <a href=\"mailto:info@nimbis.si?subject=Povpra%C5%A1anje%20ZInfV-1%20%2F%20NIS2\" class=\"btn-cta\">Rezervirajte brezpla\u010dno 30-minutno posvetovanje<\/a>\n      <p class=\"cta-legal\">Brez obveznosti. Strogo zaupno. Dobrodo\u0161li stranke iz Slovenije in EU.<\/p>\n    <\/div>\n\n    <div style=\"margin-top:1.8rem;text-align:center;\">\n      <button class=\"btn-submit\" onclick=\"resetQuiz()\" style=\"background:var(--muted);\">\u2190 Ponovi oceno<\/button>\n    <\/div>\n\n  <\/div><!-- \/results -->\n\n<\/div><!-- \/wrapper -->\n\n<script>\n  const DOMAINS = [\n    'Upravljanje in tveganja',\n    'Sredstva in nadzor dostopa',\n    'Gro\u017enje in ranljivosti',\n    'Odzivanje na incidente in BCP',\n    'Skladnost in izbolj\u0161ave'\n  ];\n\n  const LEVELS = [\n    { min: 0,  max: 14, tag: 'RAVEN 1 \u2014 ZA\u010cETNA',       label: 'Za\u010detna \/ Ad hoc',       color: 'red',   desc: 'Informacijska varnost va\u0161e organizacije je prete\u017eno reaktivna in nedokumentirana. Pomembne vrzeli obstajajo pri upravljanju, tehni\u010dnih kontrolah in skladnosti. Po ZInfV-1 in NIS2 bistveni in pomembni subjekti na tej ravni nosijo precej\u0161nje regulatorno in operativno tveganje. Nujen je strukturiran poseg.' },\n    { min: 15, max: 29, tag: 'RAVEN 2 \u2014 RAZVIJAJO\u010cA',   label: 'Razvijajo\u010da',             color: 'amber', desc: 'Nekatere varnostne osnove so vzpostavljene, a pokritost je neenakomerna in procesi nedosledni. Nekatere zahteve NIS2\/ZInfV-1 morda neformalno izpolnjujete, a skladnosti ne bi mogli dokazati regulatorju. Prednostne, strukturirane izbolj\u0161ave bodo u\u010dinkovito zaprle najpomembnej\u0161e vrzeli.' },\n    { min: 30, max: 44, tag: 'RAVEN 3 \u2014 VZPOSTAVLJENA', label: 'Vzpostavljena',           color: 'gold',  desc: 'Va\u0161a organizacija ima dokumentirane, delujo\u010de varnostne kontrole na ve\u010dini podro\u010dij. Va\u0161 polo\u017eaj glede obveznosti ZInfV-1 je sprejemljiv, \u010deprav vrzeli verjetno ostajajo pri nadzoru, dobavni verigi ali preizku\u0161anju odzivanja na incidente. Formalna vzpostavitev SUIV bo utrdila in dokazala va\u0161o skladnost.' },\n    { min: 45, max: 60, tag: 'RAVEN 4 \u2014 OPTIMIZIRANA',  label: 'Optimizirana \/ Vodilna',  color: 'green', desc: 'Va\u0161 varnostni program je zrel, temelji na dokazih in je dobro vgrajen v poslovanje. Dobro ste pozicionirani za skladnost z ZInfV-1 \/ NIS2. Osredoto\u010dite se na nenehne izbolj\u0161ave, zagotavljanje dobavne verige in sledenje razvijajo\u010demu se kibernetskemu okolju. Razmislite o zunanjem ocenjevanju ali pridobitvi certifikata ISO 27001 za zunanjo validacijo.' }\n  ];\n\n  const DOMAIN_FINDINGS = [\n    { \/\/ Upravljanje\n      low:  { title: 'Upravljanje: Ni jasne odgovornosti', text: 'Brez dodeljene varnostne odgovornosti in zavezanosti vodstva nobena kontrola ne more biti trajnostna. Vzpostavitev varnostnega mandata je kriti\u010den prvi korak.' },\n      mid:  { title: 'Upravljanje: Vrzeli v politiki in tveganjih', text: 'Formalizirajte postopek ocene tveganj in zagotovite, da politika informacijske varnosti odra\u017ea trenutne gro\u017enje in regulatorne obveznosti po ZInfV-1.' },\n      high: { title: 'Upravljanje: Trdna osnova', text: 'Upravljanje je trdno. Zagotovite, da pregledi vodstva formalno zaprejo krog ISO 27001 in da je apetit do tveganja izrecno dokumentiran ter odobren s strani uprave.' }\n    },\n    { \/\/ Sredstva in dostop\n      low:  { title: 'Nadzor dostopa: Visoko tveganje izpostavljenosti', text: 'Neznana sredstva in neupravljane pravice dostopa sodijo med najpogostej\u0161e vektorje vdorov. Vzpostavite register sredstev in takoj uveljavite MFA.' },\n      mid:  { title: 'Nadzor dostopa: Nedosledne kontrole', text: 'Zategnite postopek upravljanja dostopa ob zaposlitvi\/menjavi\/odhodu in raz\u0161irite MFA na vse kriti\u010dne in oddaljene dostopne to\u010dke. Dostop dobaviteljev zahteva formalni pregled.' },\n      high: { title: 'Nadzor dostopa: Dobro upravljano', text: 'Higiena dostopa je dobra. Razmislite o zorenju v smeri stalnega certificiranja dostopa in arhitekture ni\u010delnega zaupanja za privilegiran dostop.' }\n    },\n    { \/\/ Gro\u017enje\n      low:  { title: 'Zaznavanje gro\u017eenj: Slepe to\u010dke', text: 'Brez nadzora ali rednega name\u0161\u010danja popravkov va\u0161a organizacija ne bo zaznala vdora, dokler ne nastane znatna \u0161koda. Program upravljanja ranljivosti je nujen.' },\n      mid:  { title: 'Zaznavanje gro\u017eenj: Vrzeli v pokritosti', text: 'Ozave\u0161\u010danje o varnosti in nadzor dnevnikov je treba formalizirati. Simulirani napadi z la\u017enim predstavljanjem ter storitev SIEM ali upravljanega SOC bi znatno zmanj\u0161ali va\u0161o izpostavljenost.' },\n      high: { title: 'Zaznavanje gro\u017eenj: Dobra vidljivost', text: 'Zmogljivosti zaznavanja so zrele. Preglejte vire obve\u0161\u010danja o gro\u017enjah in razmislite o purple-teamingu ali penetracijskem testiranju za validacijo kontrol v realnih pogojih.' }\n    },\n    { \/\/ Incidenti\n      low:  { title: 'Odzivanje na incidente: Nepripravljeni', text: 'Brez preizku\u0161enega na\u010drta odzivanja va\u0161a organizacija ne more izpolniti 72-urnega roka za priglasitev, ki ga zahtevata ZInfV-1 in NIS2. Varnostne kopije in osnovni na\u010drt odzivanja je treba prednostno vzpostaviti takoj.' },\n      mid:  { title: 'Odzivanje na incidente: Delno pripravljeni', text: 'Na\u010drti obstajajo, a so nepreizku\u0161eni. Na\u010drtujte vaj\u043e s scenarijem (tabletop exercise) za validacijo postopka priglasitve in zagotovite dosegljivost ciljev \u010dasa obnovitve.' },\n      high: { title: 'Odzivanje na incidente: Dobro pripravljeni', text: 'Zmogljivosti odzivanja so trdne. Razmislite o vklju\u010ditvi kibernetskih scenarijev v vaje BCP in pregledu obveznosti priglasitve incidentov v dobavni verigi.' }\n    },\n    { \/\/ Skladnost\n      low:  { title: 'Skladnost: Precej\u0161nja regulatorna izpostavljenost', text: 'ZInfV-1 predvideva globe do 10 milijonov EUR ali 2 % letnega prometa za bistvene subjekte. Dolo\u010ditev klasifikacije in preslikava obveznosti na kontrole morata za\u010deti takoj.' },\n      mid:  { title: 'Skladnost: Delno preslikano', text: 'Formalizirajte program notranjih revizij in zagotovite, da so obveznosti GDPR\/ZVOP-3 vgrajene v varnostne kontrole \u2014 regulatorji ju vse pogosteje ocenjujejo skupaj.' },\n      high: { title: 'Skladnost: Mo\u010dna kultura zagotavljanja', text: 'Skladnost je vgrajena. Razmislite o pridobitvi certifikata ISO 27001 za zagotovitev zunanjega, revidabilnega dokaza o zrelosti va\u0161ega SUIV regulatorjem in strankam.' }\n    }\n  ];\n\n  \/\/ Track selections\n  function updateProgress() {\n    let answered = 0;\n    for (let i = 1; i <= 20; i++) {\n      if (document.querySelector(`input[name=\"q${i}\"]:checked`)) answered++;\n    }\n    document.getElementById('answered-count').textContent = answered;\n    document.getElementById('progress-fill').style.width = (answered \/ 20 * 100) + '%';\n  }\n\n  document.querySelectorAll('.option-label input').forEach(input => {\n    input.addEventListener('change', function() {\n      \/\/ Deselect siblings\n      document.querySelectorAll(`input[name=\"${this.name}\"]`).forEach(r => {\n        r.closest('.option-label').classList.remove('selected');\n      });\n      this.closest('.option-label').classList.add('selected');\n      updateProgress();\n    });\n  });\n\n  function submitQuiz() {\n    \/\/ Check all answered\n    let missing = [];\n    for (let i = 1; i <= 20; i++) {\n      if (!document.querySelector(`input[name=\"q${i}\"]:checked`)) missing.push(i);\n    }\n    if (missing.length > 0) {\n      alert(`Prosimo, odgovorite na vsa vpra\u0161anja pred oddajo. Manjkajo\u010da: V${missing.join(', V')}`);\n      return;\n    }\n\n    \/\/ Calculate scores\n    let total = 0;\n    let domainScores = [0, 0, 0, 0, 0];\n    for (let i = 1; i <= 20; i++) {\n      const val = parseInt(document.querySelector(`input[name=\"q${i}\"]:checked`).value);\n      total += val;\n      const domain = parseInt(document.querySelector(`input[name=\"q${i}\"]`).closest('.q-card').dataset.domain);\n      domainScores[domain] += val;\n    }\n\n    \/\/ Show results\n    document.getElementById('quiz').style.display = 'none';\n    document.getElementById('results').style.display = 'block';\n\n    const level = LEVELS.find(l => total >= l.min && total <= l.max);\n    document.getElementById('res-tag').textContent = level.tag;\n    document.getElementById('res-tag').className = 'result-level-tag text-' + level.color;\n    document.getElementById('res-score').textContent = total;\n    document.getElementById('res-score').className = 'result-score-big text-' + level.color;\n    document.getElementById('res-label').textContent = level.label;\n    document.getElementById('res-desc').textContent = level.desc;\n\n    const meter = document.getElementById('res-meter');\n    meter.className = 'meter-fill bg-' + level.color;\n    if (total == 0) total = 6\n    setTimeout(() => { meter.style.width = (total \/ 60 * 100) + '%'; }, 100);\n\n    \/\/ Domain breakdown\n    const breakdownEl = document.getElementById('domain-breakdown');\n    breakdownEl.innerHTML = '';\n    domainScores.forEach((score, i) => {\n      const pct = Math.round(score \/ 12 * 100);\n      let bColor = pct >= 67 ? 'var(--green)' : pct >= 34 ? 'var(--amber)' : 'var(--red)';\n      breakdownEl.innerHTML += `\n        <div class=\"domain-card\">\n          <p class=\"domain-name\">${DOMAINS[i]}<\/p>\n          <div class=\"domain-bar-wrap\"><div class=\"domain-bar\" style=\"width:${pct == 0 ? 10 : pct}%;background:${bColor}\"><\/div><\/div>\n          <p class=\"domain-pct\">${score} \/ 12 to\u010dk &nbsp;\u00b7&nbsp; ${pct}%<\/p>\n        <\/div>`;\n    });\n\n    \/\/ Findings\n    const findingsEl = document.getElementById('findings-list');\n    findingsEl.innerHTML = '';\n    domainScores.forEach((score, i) => {\n      const pct = score \/ 12;\n      const finding = pct < 0.34 ? DOMAIN_FINDINGS[i].low : pct < 0.67 ? DOMAIN_FINDINGS[i].mid : DOMAIN_FINDINGS[i].high;\n      const cls = pct < 0.34 ? 'border-red' : pct < 0.67 ? 'border-amber' : 'border-green';\n      findingsEl.innerHTML += `\n        <div class=\"finding-card ${cls}\">\n          <strong>${finding.title}<\/strong>\n          ${finding.text}\n        <\/div>`;\n    });\n\n    window.scrollTo({ top: 0, behavior: 'smooth' });\n  }\n\n  function resetQuiz() {\n    document.querySelectorAll('input[type=\"radio\"]').forEach(r => { r.checked = false; });\n    document.querySelectorAll('.option-label').forEach(l => { l.classList.remove('selected'); });\n    document.getElementById('answered-count').textContent = '0';\n    document.getElementById('progress-fill').style.width = '0%';\n    document.getElementById('quiz').style.display = 'block';\n    document.getElementById('results').style.display = 'none';\n    window.scrollTo({ top: 0, behavior: 'smooth' });\n  }\n<\/script>\n","protected":false},"excerpt":{"rendered":"<p>Brezpla\u010dna samoocena Ocena zrelosti informacijske varnosti Strukturirana diagnostika za organizacije, ki delujejo v skladu s slovensko in evropsko zakonodajo o kibernetski varnosti Direktiva NIS2 ZInfV-1 ISO\/IEC 27001:2022 DORA-skladno Kako deluje: Odgovorite na 20 vpra\u0161anj v 5 podro\u010djih. Vsako vpra\u0161anje ponuja \u0161tiri mo\u017enosti, vredne 0\u20133 to\u010dke. Skupni se\u0161tevek (najve\u010d 60) dolo\u010di va\u0161o raven zrelosti. Bodite iskreni [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-1233","page","type-page","status-publish","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/nimbis.si\/en\/wp-json\/wp\/v2\/pages\/1233","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nimbis.si\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nimbis.si\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nimbis.si\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nimbis.si\/en\/wp-json\/wp\/v2\/comments?post=1233"}],"version-history":[{"count":7,"href":"https:\/\/nimbis.si\/en\/wp-json\/wp\/v2\/pages\/1233\/revisions"}],"predecessor-version":[{"id":1262,"href":"https:\/\/nimbis.si\/en\/wp-json\/wp\/v2\/pages\/1233\/revisions\/1262"}],"wp:attachment":[{"href":"https:\/\/nimbis.si\/en\/wp-json\/wp\/v2\/media?parent=1233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}