accesskey_mod_content
CTT - Centro de Transferencia de Tecnología

Consolidated List for the Coordination of Incidents and Threats (LUCIA)

  • Short Name :
    lucia
    Summary :
    The Consolidated List for the Coordination of Incidents and Threats (LUCIA) is a tool developed by the National Computer Emergency Response Team at the National Cryptology Centre (CCN-CERT) for the management of cyber-incidents in the bodies/units in which the National Security Scheme (ENS) is applied. It is aimed at improving coordination between CERT and the organisations or bodies it works with. It is based on the Request Tracker (RT) and Request Tracker for Incident Response (RT-IR) systems (the latter used in incident response equipment), having been customised to meet CCN-CERT requirements and procedures and to comply with ENS.
    Target audience :
    Business , Any Public Administration
    Usage :
    Network service integrable in customers applications , Installable product
    Type of Solution :
    Application , Infrastructure or common service
    Status of the Solution :
    Production
    Organic area :
    State
    Technical area :
    Management of services and systems , Communications infrastructure and messenger , Horizontal services for the AA.PP
    Functional area :
    Government and public sector , Health
    License :
    GPL (GNU General Public License)
    Interoperability level :
    Technical

    Description

    The Consolidated List for the Coordination of Incidents and Threats (LUCIA) is a tool for the management of cyber-incidents in the bodies/units in which the National Security Scheme (ENS) is applied. It is aimed at improving coordination between the National Computer Emergency Response Team (CERT) and the organisations or bodies it works with.

    LUCIA features a common language for the classification of incidents in terms of danger, and for incident traceability and follow-up. Besides, it allows for task automation and integration into already implemented systems.

    LUCIA enables the management of three types of cyber-incidents:

    • Incidents within the organisation/body itself.
    • Incidents from the Early-Warning System of the SARA network (SAT-SARA).
    • Incidents from the Early-Warning System of the Internet (SAT-INET).

    Main advantages:

    • Incident management tool in the absence of other tools or in case a special tool is required for this purpose.
    • Compliance with ENS standards and CCN-STIC-817 guideline for incident management within the ENS.
    • Common language for incident classification in terms of danger in accordance with CCN-STIC-403 and CCN-STIC-817 guidelines, based on a two-level system approved by international organisations.
    • Improved coordination with the CERT at the National Cryptology Centre (CCN) (CCN-CERT) and other organisations using its services through security incident integration with CCN-CERT.
    • Improved exchange of information about security incidents.
    • Incident traceability and follow-up.
    • More effective management processes.
    • Task automation and integration into other systems.
    • Classification of incident closure and causes.
    • Knowledge databases.
    • Better management of SAT-SARA and SAT-INET projects

Responsable

Enlaces de interésSoluciones Relacionadas