"/>

PAe - update management Guides Ciberincidentes and Statement and certification in accordance with the NHIS, as well as the Índice CCN-STIC guides
accesskey _ mod _ content

Update on management Guides Ciberincidentes and Statement and certification in accordance with the NHIS, as well as the Índice CCN-STIC guides

09 september 2016

CCN-CERT logo

Help public entities to establish the ciberincidentes and to determine their dangerousness, offering a methodology of reporting CCN-CERT. The Guide 809 notes what should be the appearance and content of the declarations of conformity and features of the security council.

Guide Ciberincidentes management

The CCN-CERT, centre National Cryptologic (CCN), attached to the national intelligence Centre (CNI), has updated its Guide CCN-STIC 817 Ciberincidentes management (Opens in new window) . With it, the National Government CERT aims to help the public entities in the Scope of the TEAMS to the establishment of the response capabilities and their proper ciberincidentes treatment, effective and efficient.

The guide adopts a classification with nine different types of ciberincidentes and 36 subcategories, including some of the attacks and more vulnerabilities detected as trojans, Spyware, Cross-Site Scripting (XSS), SQL Injection, DDoS, ex-filtration, Phishing Information or Ransomware. In Addition, and in the light of various parameters (such as the underlying threat, the vector of attack or characteristics of potential ciberincidente), contains a table to determine the potential risks and, in this way, to assign priorities and resources.

The criminalization of causes and facts of the ciberincidente, collection and safe custody of evidence, as well as the exchange of information and communication of ciberincidentes are other issues addressed in this document.

The guide, updated now includes an annex with metrics and indicators (implementation, effectiveness and efficiency and critical indicators of risk), another with elements for the report of the closure of a ciberincidente and an introduction to the Lucia tool .

Statement and certification in accordance with the NHIS

The Centre National Cryptologic (CCN) has also published its updated Guide CCN-STIC 809 Statement and certification in accordance with the NHIS (Opens in new window) as well as the Índice CCN-STIC guides (Opens in new window) . In total, 258 Guides (346 documents) that cover nine series of rules, instructions, guidelines and recommendations developed by the NCC in order to improve the level of cyber security organizations.

With regard to the guide 809 comes to develop article 41 of the national security Scheme (NHIS) which states: “ The Organs and Public law entities will advertising for electronic headquarters for the declarations of conformity, and to the safety of those who are creditors, obtained in the implementation of the NHIS ”.

Well, and according to the category of system distinguishes between:

  • Statement of conformity: implementation of information systems of basic level. You Can represent themselves through Distinctive Stamp or declaration in accordance generated by the entity under whose responsibility is the system.
  • Certification of conformity: mandatory information systems or High-class and on a voluntary basis in the case of information systems of basic level.

The updated document now say what should be the appearance and content of statements and certificates of conformity and its features of the security council referred to in article 41 of the NHIS, who can apply — who can lend and how they should be made visible in public spaces technological agencies concerned or in private economic operators concerned.

Original source of news [1] (Opens in new window) [2] (Opens in new window)

  • Security