"/ >

PAe - Issued an update of the guide CCN-STIC-801 on responsibilities and duties in ENS
the accesskey _ mod _ content

Published an update of the guide CCN-STIC-801 on responsibilities and duties in ENS

09 May 2019

CCN-CERT Logo

The purpose of the guide CCN-STIC-801 is to establish the general responsibilities in the management of the security of information systems of public Sector entities

The centre CCN-CERT National PKIX has published in the web portal an update of its CCN-STIC-801 guide (Opens in new window) on responsibilities and duties in ENS. Specifically, the document, which can be found in the public part of the vestibule, reflects the general responsibilities in the management of the security of information systems of public Sector entities of the subjective scope of application of RD 3/2010, de 8 de enero, por el que se regula el Esquema Nacional de seguridad (ENS) (Opens in new window) .

These entities must, based on the guidelines outlined in this guide, establish and adopt its own security organization, according to its nature, structure, dimensions and available resources, which should be reflected in the policy of information security of the entity and, when you treat personal data, in the data protection policy.

Among the main content that contains the directory is a definition of the security structure, as well as actors and responsible for the management of the same. Those responsible are grouped according to the level of government, monitoring and operational.

However, as indicated in the document, some responsibilities can be instrumentalized through committees, which will act as a collegiate bodies, as specified in the law 40 / 2015. The most common, as stated, are the corporate security Committee and the committee of Information security.

Finally, includes a section dedicated to the management of risks and another to the intersection of ENS with the General Rules of data protection (RGPD).

Original source of the news (Opens in new window)

  • Security
General access point
 
General access point