MAGERIT is a formal method to assess the risks incurred by information systems and recommend appropriate measures to manage them.
Target audience
:
Any Public Administration
Type of Solution
:
Regulation
Status of the Solution
:
Production
Organic area
:
State
Technical area
:
Horizontal services for the AA.PP
,
Standardization and regulation
Functional area
:
Government and public sector
License
:
Not applicable
Interoperability level
:
Legal
Description
MAGERIT version 3 is the risk analysis and management methodology developed by the former Superior Council of Electronic Administration and currently maintained by the General Secretariat of Digital Administration (Ministry of Economic Affairs and Digital Transformation) with the collaboration of the National Cryptologic Center (CCN).
MAGERIT is a public methodology that can be used freely and does not require prior authorization. It is of particular interest for entities in the scope of the National Security Framework (ENS) in order to satisfy the principle of risk-based security management, as well as the requirement of risk analysis and management, considering the dependence on information technologies to fulfil missions, provide services and achieve the objectives of the organization.
Following the terminology of the ISO 31000 standard, MAGERIT responds to what is called “Risk Management Process”, section 4.4 (“Implementation of Risk Management”) within the “Risk Management Framework”. In other words, MAGERIT implements the Risk Management Process within a framework for the governing bodies to make decisions taking into account the risks derived from the use of information technologies.
