- Released version of the library 2.0.6.R1 exchange SIR
- Available in Production 9.0 version of silver
- More than 50% of public universities are integrated in AnotaRCP
- The platform Cl@ve, for the identification and electronic signature, reaches ten million registered users
- API SITNA in the supply of free software solutions from the centre of technology transfer
The analysis and risk management is a key aspect of the royal decree 3/2010, of January 8th, that regulates the national security Scheme in the area of E-government which aims to give satisfaction to the principle of proportionality in fulfilling the basic principles and minimum requirements for adequate protection of information.
MAGERIT is a tool to facilitate the introduction and implementation of the national security Scheme providing the basic principles and minimum requirements for adequate protection of information.
MAGERIT contained in the inventory of methods of analysis and risk management of ENISA in http://rm-inv.enisa.europa.eu/methods_tools/m_magerit.html
MAGERIT pursues the following objectives:
5. raise those responsible for organizations of information from the existence of risks and the need to manage
6. ofrecer un método sistemático para analizar los riesgos derivados del uso de tecnologías de la información y comunicaciones (TIC)
7. help discover and plan timely treatment to maintain the risks under control
8. prepare the Organization for evaluation processes, audit, certification and accreditation, as appropriate in each case
There has also sought uniformity of reports that reflect the findings and conclusions of the analysis and risk management
MAGERIT es la metodología de análisis y gestión de riesgos elaborada por el Consejo Superior de Administración Electrónica.
- Consider the risks that supports an information system and the environment associated with Him. MAGERIT proposes an analysis of the risks involved in the impact assessment that a breach of security has in the organization; notes existing risks, identifying the threats facing the information system, and determines the vulnerability of the system of prevention of such threats, obtaining results.
- The results of the risk analyses allow to risk management recommend appropriate measures that should be taken to know, the prevention, control or reduce the risks identified and thus minimize its potential or the potential dangers.
Figure 2. Risk management
MAGERIT version 3 is structured in three guides:
Is structured in the following way:
- Chapter 2 presents the concepts informally. In particular are framed the analysis and treatment within a comprehensive process risk management.
- Chapter 3 concrete steps and formalizes the analysis of the risks.
- Chapter 4 describes options and treatment criteria of risks and formalizes the risk management activities.
- Chapter 5 focuses on the projects of risk analysis, projects that we will be plunged to perform the first risk analysis of a system and eventually when there are substantial changes and redo the model widely.
- El capítulo 6 formaliza las actividades de los planes de seguridad, a veces denominados planes directores o planes estratégicos.
- Chapter 7 focuses on the development of information systems and how risk analysis serves to manage the safety of the final product since its initial conception until his release in production, as well as to the protection of the development process itself.
- Chapter 8 is anticipating some recurring problems that appear when conducting risk analysis
Appendices reflected reference material:
7. a glossary,
8. bibliographic references considered for the development of this methodology,
9. references to the legal framework that fits the tasks of analysis and management in public administration, Spanish
10. the normative framework of assessment and certification
11. the characteristics required tools, present or future, to withstand the process of analysis and risk management,
(a comparative guide how version 1 Magerit has evolved to version 2 and version 3.
Catalogue of Elements
Brand guidelines regarding:
- types of assets
- dimensions of valuation of assets
- evaluation criteria of assets
- typical threats on Information Systems
- to consider safeguards to protect information systems
The objectives are twofold:
3. On the one hand, to facilitate the work of people who addresses the project, offering standard elements which can be positioned quickly, focusing on system-specific object of analysis.
4. On the other hand, homogenize the results of the analysis, promoting a terminology and uniform criteria to compare and even integrate analyses by different teams.
Cada sección incluye una notación XML que se empleará para publicar regularmente los elementos en un formato estándar capaz de ser procesado automáticamente por herramientas de análisis y gestión.
Si el lector usa una herramienta de análisis y gestión de riesgos, este catálogo será parte de la misma; si el análisis se realiza manualmente, este catálogo proporciona una amplia base de partida para avanzar rápidamente sin distracciones ni olvidos.
Provides additional light and guidance on some techniques that are routinely used to carry out projects of analysis and risk management:
specific techniques to risk analysis
- tables analysis through
- algorithmic analysis
- Attack trees
- graphic techniques
- working sessions: interviews, meetings and presentations
- valuation Delphi
It is a reference guide. According To the reader step by the tasks of the project, he will recommend the use of certain specific techniques, this guide aims to be an introduction, as well as providing references to the reader deepen the techniques presented.
The bodies of the Spanish government can apply for a licence free of charge to center National PKIX; this address your request to
National PKIX centre firstname.lastname@example.org.
MAGERIT interest to all those who work with digital information and computer systems to treat it. If the information or services provided through it, are valuable, MAGERIT will allow them to know how much value is at stake and help them to protect it. Knowing the risk to which they are subjected elements of work is simply impossible to manage. With MAGERIT seeks a methodical approach that leaves no place to improvisation, neither depends on the arbitrariness of the analyst.