The official gazette of the past 19 april, issued resolution of 13 april 2018, the secretariat of state of public service, which approves the
Technical instruction of the security council (ITS) “ notice of security incidents ”
, its implementation will be on the day following its publication (20 april).
This ITS aims, in accordance with Chapter VII
Royal Decree 3/2010, of 8 january of the national security
the notification and management of security incidents in information systems of public-Sector entities, when such incidents would have a significant impact in the security of information or the services they provide, in relation to the category of the system.
The Instruction states that once detected an incident will
Guide CCN-STIC 817
for classification, and for those with a High impact, very high or critical be notified to the ability to respond to incidents of Cryptologic, National Centre (CCN-CERT). It will be collected evidence of the incident, which will be documented and guarded so as to determine the mode of delivery, ensuring the chain of custody is respected, and the legal system resulting from implementation.
For notification of such incidents, the NCC has developed a tool
LUCIA
with a view to automate the mechanisms for notification, communication and exchange of information on security incidents, which is kept constantly updated.
Scope of application
Public Administrations (General, Regional and Local levels), government agencies and public law entities, entities of private law (with administrative powers), public universities and public organizations comprising the subjective scope of application of this instruction (and ENS), as well as all those activities undertaken by public or private entities whose role is to ensure the information and services provided (hardware, software, information media, communications, facilities, personnel and services provisionados by third parties).
Technical instructions of The Security Council
This is the fourth ITS issued binding upon the recommendation of the sectoral Commission E-government and initiative of the centre National Cryptologic, as laid down in article 29 of the royal decree 3/2010, which regulates the NHIS. The other two relate to “ Conformity with the national security ” and “ Report of the state security ”.
These technical instructions deal with a number of specific aspects that the daily reality has been particularly significant, such as: Report of the state security; notice of security incidents; audit of security; conformity with the national security; acquisition of products of The security council; cryptology of employment in the national security; interconnection in the national security and safety requirements in outsourced environments, without prejudice to the proposals that might be able to agree on the Sectoral Committee of E-government, as provided for in article 29.
Original source of news