Guide Ciberincidentes management
The CCN-CERT, centre National Cryptologic (CCN), attached to the national intelligence Centre (CNI), has updated its
Guide CCN-STIC 817 Ciberincidentes management
. With it, the National Government CERT aims to help the public entities in the Scope of the TEAMS to the establishment of the response capabilities and their proper ciberincidentes treatment, effective and efficient.
The guide adopts a classification with nine different types of ciberincidentes and 36 subcategories, including some of the attacks and more vulnerabilities detected as trojans, Spyware, Cross-Site Scripting (XSS), SQL Injection, DDoS, ex-filtration, Phishing Information or Ransomware. In Addition, and in the light of various parameters (such as the underlying threat, the vector of attack or characteristics of potential ciberincidente), contains a table to determine the potential risks and, in this way, to assign priorities and resources.
The criminalization of causes and facts of the ciberincidente, collection and safe custody of evidence, as well as the exchange of information and communication of ciberincidentes are other issues addressed in this document.
The guide, updated now includes an annex with metrics and indicators (implementation, effectiveness and efficiency and critical indicators of risk), another with elements for the report of the closure of a ciberincidente and an introduction to the
Statement and certification in accordance with the NHIS
The Centre National Cryptologic (CCN) has also published its updated
Guide CCN-STIC 809 Statement and certification in accordance with the NHIS
as well as the Índice CCN-STIC guides
. In total, 258 Guides (346 documents) that cover nine series of rules, instructions, guidelines and recommendations developed by the NCC in order to improve the level of cyber security organizations.
With regard to the guide 809 comes to develop article 41 of the national security Scheme (NHIS) which states: “ The Organs and Public law entities will advertising for electronic headquarters for the declarations of conformity, and to the safety of those who are creditors, obtained in the implementation of the NHIS ”.
Well, and according to the category of system distinguishes between:
- Statement of conformity: implementation of information systems of basic level. You Can represent themselves through Distinctive Stamp or declaration in accordance generated by the entity under whose responsibility is the system.
- Certification of conformity: mandatory information systems or High-class and on a voluntary basis in the case of information systems of basic level.
The updated document now say what should be the appearance and content of statements and certificates of conformity and its features of the security council referred to in article 41 of the NHIS, who can apply — who can lend and how they should be made visible in public spaces technological agencies concerned or in private economic operators concerned.
Original source of news