accesskey_mod_content
CTT - Centro de Transferencia de Tecnología

MAGERIT V.3

  • Short Name :
    magerit
    Summary :
    MAGERIT is a formal method to assess the risks incurred by information systems and recommend appropriate measures to manage them.
    Target audience :
    Any Public Administration
    Type of Solution :
    Regulation
    Status of the Solution :
    Production
    Organic area :
    State
    Technical area :
    Horizontal services for the AA.PP , Standardization and regulation
    Functional area :
    Government and public sector
    License :
    Not applicable
    Interoperability level :
    Legal

    Description

    MAGERIT version 3 is the risk analysis and management methodology developed by the former Superior Council of Electronic Administration and currently maintained by the General Secretariat of Digital Administration (Ministry of Economic Affairs and Digital Transformation) with the collaboration of the National Cryptologic Center (CCN). 

    MAGERIT is a public methodology that can be used freely and does not require prior authorization. It is of particular interest for entities in the scope of the National Security Framework (ENS) in order to satisfy the principle of risk-based security management, as well as the requirement of risk analysis and management, considering the dependence on information technologies to fulfil missions, provide services and achieve the objectives of the organization.

    Following the terminology of the ISO 31000 standard, MAGERIT responds to what is called “Risk Management Process”, section 4.4 (“Implementation of Risk Management”) within the “Risk Management Framework”. In other words, MAGERIT implements the Risk Management Process within a framework for the governing bodies to make decisions taking into account the risks derived from the use of information technologies. 

    MAGERIT is listed in ENISA's inventory of risk analysis and management methods at: http://rm-inv.enisa.europa.eu/methods_tools/m_magerit.html

Responsable