This website has been translated by machine translation software and has not been subsequently revised by translators. Further information at: link. Hide
the accesskey _ mod _ content
-

MAGERIT version 3

  • Short Name:
    magerit
    Summary:
    The Methodology MAGERIT, is a formal method to investigate the risks they bear information systems and to recommend appropriate measures that should be taken to manage these risks.
    Target audience:
    Any Public Administration
    Agencies Responsible:
    Political ministry Territorial and Public Function
    Secretariat of state of Public Function
    General Secretariat of Digital Administration
    Contact:

    Miguel Ángel Amutio Gómez
    S.G. programmes, Studies and Momentum of E-government
    miguel.amutio@correo.gob.es

    Type of Solution:
    Regulation
    Status of the Solution:
    Production
    Organic Area:
    State
    Technical Area:
    Horizontal services for the AA.PP, standardization and regulation
    Functional Area:
    Government and the public Sector
    License:
    Not implemented
    Interoperability level:
    Legal

    Description

    Purpose:

    El análisis y gestión de los riesgos es un aspecto clave del Real Decreto 3/2010, de 8 de enero, por el que se regula el Esquema Nacional de Seguridad en el ámbito de la Administración Electrónica que tiene la finalidad de poder dar satisfacción al principio de proporcionalidad en el cumplimiento de los principios básicos y requisitos mínimos para la protección adecuada de la información.

    MAGERIT es un instrumento para facilitar la implantación y aplicación del Esquema Nacional de Seguridad proporcionando los principios básicos y requisitos mínimos para la protección adecuada de la información.

    MAGERIT figura en el inventario de métodos de análisis y gestión de riesgos de ENISA en http://rm-inv.enisa.europa.eu/methods_tools/m_magerit.html (Opens in new window)

    Objectives:

    MAGERIT pursues the following objectives:

    : Direct

    5. concienciar a los responsables de las organizaciones de información de la existencia de riesgos y de la necesidad de gestionarlos
    6. ofrecer un método sistemático para analizar los riesgos derivados del uso de tecnologías de la información y comunicaciones (TIC)
    7. help discover and plan timely treatment to maintain the risks under control

    Indirect:

    8. preparar a la Organización para procesos de evaluación, auditoría, certificación o acreditación, según corresponda en cada caso

    There has also sought uniformity of reports that reflect the findings and conclusions of the analysis and risk management

    Description:

    MAGERIT es la metodología de análisis y gestión de riesgos elaborada por el Consejo Superior de Administración Electrónica.

    MAGERIT allows:

    • Estudiar los riesgos que soporta un sistema de información y el entorno asociado a él. MAGERIT propone la realización de un análisis de los riesgos que implica la evaluación del impacto que una violación de la seguridad tiene en la organización; señala los riesgos existentes, identificando las amenazas que acechan al sistema de información, y determina la vulnerabilidad del sistema de prevención de dichas amenazas, obteniendo unos resultados.
    • Los resultados del análisis de riesgos permiten a la gestión de riesgos recomendar las medidas apropiadas que deberían adoptarse para conocer, prevenir, impedir, reducir o controlar los riesgos identificados y así reducir al mínimo su potencialidad o sus posibles perjuicios.

    Schema Magerit 2 Introduction

    Figure 2. Risk management

    Guides organization

    MAGERIT version 3 is structured in three guides:

    Method:

    Is structured in the following way:

    • El capítulo 2 presenta los conceptos informalmente. En particular se enmarcan las actividades de análisis y tratamiento dentro de un proceso integral de gestión de riesgos.
    • Chapter 3 concrete steps and formalizes the analysis of the risks.
    • Chapter 4 describes options and treatment criteria of risks and formalizes the risk management activities.
    • El capítulo 5 se centra en los proyectos de análisis de riesgos, proyectos en los que nos veremos inmersos para realizar el primer análisis de riesgos de un sistema y eventualmente cuando hay cambios sustanciales y hay que rehacer el modelo ampliamente.
    • El capítulo 6 formaliza las actividades de los planes de seguridad, a veces denominados planes directores o planes estratégicos.
    • Chapter 7 focuses on the development of information systems and how risk analysis serves to manage the safety of the final product since its initial conception until his release in production, as well as to the protection of the development process itself.
    • Chapter 8 is anticipating some recurring problems that appear when conducting risk analysis

    Appendices reflected reference material:

    7. a glossary,
    8. bibliographic references considered for the development of this methodology,
    9. references to the legal framework that fits the tasks of analysis and management in public administration, Spanish
    10. the normative framework of assessment and certification
    11. las características que se requieren de las herramientas, presentes o futuras, para soportar el proceso de análisis y gestión de riesgos,
    12. una guía comparativa de cómo Magerit versión 1 ha evolucionado a la versión 2 y a esta versión 3.

    Catalogue of Elements

    Brand guidelines regarding:

    • types of assets
    • dimensions of valuation of assets
    • evaluation criteria of assets
    • typical threats on Information Systems
    • to consider safeguards to protect information systems

    The objectives are twofold:

    3. On the one hand, to facilitate the work of people who addresses the project, offering standard elements which can be positioned quickly, focusing on system-specific object of analysis.

    4. On the other hand, homogenize the results of the analysis, promoting a terminology and uniform criteria to compare and even integrate analyses by different teams.

    Each section includes a XML notation that will be used to publish regular elements in a standard format can be processed automatically by tools of analysis and management.

    Si el lector usa una herramienta de análisis y gestión de riesgos, este catálogo será parte de la misma; si el análisis se realiza manualmente, este catálogo proporciona una amplia base de partida para avanzar rápidamente sin distracciones ni olvidos.

    Technical guide

    Provides additional light and guidance on some techniques that are routinely used to carry out projects of analysis and risk management:

    specific techniques to risk analysis

    • tables analysis through
    • algorithmic analysis
    • Attack trees

    General techniques

    • graphic techniques
    • working sessions: interviews, meetings and presentations
    • valuation Delphi

    It is a reference guide. According To the reader step by the tasks of the project, he will recommend the use of certain specific techniques, this guide aims to be an introduction, as well as providing references to the reader deepen the techniques presented.

     

    PILLAR tool (CCN) (Opens in new window)

    The bodies of the Spanish government can apply for a licence free of charge to center National PKIX; this address your request to
    National PKIX centre ccn@cni.es.

    Advantages:

    MAGERIT interest to all those who work with digital information and computer systems to treat it. If the information or services provided through it, are valuable, MAGERIT will allow them to know how much value is at stake and help them to protect it. Knowing the risk to which they are subjected elements of work is simply impossible to manage. With MAGERIT seeks a methodical approach that leaves no place to improvisation, neither depends on the arbitrariness of the analyst.

    News

    13 November 2012

    Available MAGERIT version 3 Unshade accordion

    Version 3 of MAGERIT, analytical methodology and risk management information systems, remains largely the structure of the version 2 and has been updated to provide a better alignment with the regulations ISO

    Pursuing an integration of the tasks of risk analysis within an organizational framework of risk management led from government agencies. Also, in the light of the experience of application, slimmer the text, have been eliminated minor parties or little used and improved the normalization of activities.

    09 March 2010

    MAGERIT Unshade accordion

    It is available at the methodology MAGERIT CTT, formal method to investigate the risks they bear information systems, and to recommend appropriate measures that should be taken to manage these risks. In the download area are available in English and Spanish, the three Books that conforms the methodology: Method, Catalogue of Elements and Technical Guide book I is also available in Italian

    Subscriptions

    In this area you can register to receive notification of changes that occur in news, documents or forums associated with the settlement or the active semantic.

    The fields with an asterisk * are required. It must mark at least one of the subscription rushes (News, documents or forums) and indicate the email in the text field indicated for the high or low of subscription.

    Enter the email with which you want to receive notifications of the solution or the active semantic.

    *

    Puede consultar la política de protección de datos del PAe y CTT en su  legal notice

    Enter the email to unsubscribe from the unsubscribe.
General access point
General access point
Maintainer