PAe - 10 keys of the Centre to manage National Cryptologic ciberincidentes
accesskey _ mod _ content

10 Keys of the National Centre to manage Cryptologic ciberincidentes

27 september 2021

The Centre National Cryptologic shares the fundamental steps forward for the sound management of security incidents.

The CCN-CERT the Centre National Cryptologic ( CCN ), has just published a new infographic on ‘ keys to the management of ciberincidentes ’ (Opens in new window) in setting out the ten steps forward in the process of managing incidents of cybersecurity.

The agility with which this procedure will largely determine the scope and impact of the incident. This is why it is essential management tools and Notification of incidents, as the solution LUCÍA (Opens in new window) (Consolidated List of incidents and Threats) developed by the CCN-CERT to reduce performance.

Keys to the management of ciberincidentes

  1. To have tools, mechanisms, and screening procedures to alert the agency of deviant behaviour in their systems and networks. To that end, it is recommended accession to the Early warning system ( SAT ) of CCN-CERT
  2. It is essential to identify the threat, the potential risks and prevent the possible impact on the service.
  3. The agency must know their degree of maturity to respond to the incident on the basis of the typology and hazard allowances as defined in the guide CCN-STIC 817.
  4. Act promptly, without undue delay. the incident to Notify the competent authority through CSIRT to communicate directly. In the case of the public sector agencies, the victims of possible ciberincidentes shall notify the CCN-CERT . The notification is a fundamental step: the incident may be affecting another agency simultaneously.
  5. Prioritization and implementation of procedures and measures to prevent the spread of the incident. The reporting of incidents has to be a reality within the framework of the law of the implementation plan to respond to the security policy of the agency.
  6. Collect the information of the incident. Check the events of the security council and to identify internal assets that have suffered the attempt to attack and what is more important to give priority on the basis of dangerousness and context (triaje).
  7. Documenting the incident and the actions carried out at the time of detection.
  8. To contain and alleviate the threat. To carry out research, audit, bastionado, forensic analysis and reverse engineering.
  9. Restoration of systems and services established a plan. Will the risk of technically reconnection of a system indicating to procedures and safeguards to be implemented to reduce the impact on, in the manner as possible, prevent the occurrence of new circumstances that led to.
  10. Resolution and closure of the incident. Determine the impact of cyber attack and to review and strengthen policies and necessary security measures.

Original source of news (Opens in new window)


  • Security