PAe - Issued an update of the guide CCN-STIC-801 on responsibilities and duties in ENS
the accesskey _ mod _ content

Published an update of the guide CCN-STIC-801 on responsibilities and duties in ENS

09 May 2019


The purpose of the guide CCN-STIC-801 is to establish the general responsibilities in the management of the security of information systems of public Sector entities

The centre CCN-CERT National PKIX has published in the web portal an update of its CCN-STIC-801 guide (Opens in new window) sobre responsabilidades y funciones en el ENS. Concretamente, el documento, que se puede consultar en la parte pública del portal, recoge las responsabilidades generales en la gestión de la seguridad de los sistemas de información de las entidades del Sector Público del ámbito subjetivo de aplicación del "3/2010, of January 8th, that regulates the national security Scheme (NHIS) (Opens in new window) .

These entities must, based on the guidelines outlined in this guide, establish and adopt its own security organization, according to its nature, structure, dimensions and available resources, which should be reflected in the policy of information security of the entity and, when you treat personal data, in the data protection policy.

Among the main content that contains the directory is a definition of the security structure, as well as actors and responsible for the management of the same. Those responsible are grouped according to the level of government, monitoring and operational.

However, as indicated in the document, some responsibilities can be instrumentalized through committees, which will act as a collegiate bodies, as specified in the law 40/2015. The most common, as stated, are the corporate security Committee and the committee of Information security.

Finally, includes a section dedicated to the management of risks and another to the intersection of ENS with the General Rules of data protection (RGPD).

Original source of the news (Opens in new window)

  • Security