SlideShare une entreprise Scribd logo

20111010 The National Security Framework of Spain for Guide Share Europe, in Madrid in October 2011.

Miguel A. Amutio
Miguel A. Amutio

Presentation about the National Security Framework of Spain for Guide Share Europe, in Madrid in October 2011. The National Security Framework (NSF) of Spain is in the service of the right of citizens to interact electronically with their government. The NSF establishes the security policy in the scope of eGovernment (Law 11/2007) and consists of basic principles and minimum requirements to allow an adequate protection of information. It is a legal text (Royal Decree 3/2010). The NSF introduces common elements and concepts that provide guidance to public administrations and that facilitate the communication of information security requirements to Industry. Recommendations of the OECD, EU, standards and experiences from other countries were considered. This National Security Framework, as well as the National Interoperability Framework, is the result of a collective effort of all public administrations and also of the Industry through their associations. Both of them are part of the well known effort of Spain to develop the Information Society and eGovernment.

Technologie
1  sur  29
Télécharger pour lire hors ligne
The National Security Framework of Spain 10 October 2011 Miguel A. Amutio, CISA, CISM Ministry of Territorial Policy and Public Administration 1
Contents The context: eGovernment services The legal basis: eGov services and security The National Security Framework How do we collaborate Conclusions 2
The context: eGovernment services To improve the quality of life of citizens and reduce administrative burden on business in their interaction with public administrations. To contribute to growth and extend the benefits of a digital society to all (no one left behind). Services are provided in a complex scenario. 3
Why security is important in eGovernment services Citizens expect that eGov services are provided under conditions of trust and security comparable to those they encounter when they go personally to the offices of the Administration. There is a growing proportion of electronic versus paper documents, and, increasingly, there is no paper. Information on electronic means has potential risks from the threat of malicious or illegal actions, errors or failures and accidents or disasters. Digital Agenda for Europe 4
International context OECD Guidelines for information and network security: “... risk evaluation, security design and implementation, security management and re-evaluation.” Implementation Plan for the OECD Guidelines: “Government should develop policies that reflect best practices in security management and risk assessment... to create a coherent system of security.” Standards, in the field of IT security. European Union – Digital Agenda, ENISA. USA, FISMA, Federal Information Security Management Act Other references: DE, UK, FR 5
Contents The context: eGovernment services The legal basis: eGov services and security The National Security Framework How do we collaborate Conclusions 6
eGovernment Law 11/2007 Recognises the citizens’ right to interact with Public Administration by electronic means. Obligation to public administrations to enable electronic access to their services. The principles pay attention to security: – The right to the protection of personal data. – Security in the implementation and use of electronic means by public administrations. – Proportionality in the implementation of security measures according to the information and services to be protected and their context. Also the rights of citizens: – Right to security and confidentiality of the information contained in the files, systems and applications of Public Administrations. 7
The National Security Framework Law 11/2007, art. 42 → RD 3/2010 The Spanish NSF is a legal text (Royal Decree 3/2010) which develops the provisions about security foreseen in eGovernment Law. The NSF establishes the security policy for eGov services. It consists of the basic principles and minimum requirements to enable adequate protection of information. To be followed by all Public administrations. It is a key element of the Spanish Security Strategy. The legal framework has a direct impact in eGovernment quality of service as well in the perception of the citizens and, at the same time, as a driver of the digital society. OECD highligths it as an important aspect of eGovernment readiness. 8
Why the National Security Framework is needed Objectives Create the necessary conditions of trust, through measures to ensure IT security for the exercise of rights and the fulfillment of duties through the electronic access to public services. Provide common languange and elements of security to guide Public Administrations in the implementation of ICT security. to facilitate interaction between Public Administrations and to communicate security requirements to the Industry. Provide an common approach to security which enables cooperation to deliver eGoverment services. The NSF complements the National Interoperability Framework. Facilitate the continuous management of security, regardless of the impulses of the moment or lack thereof. 9
+ Stimulate the Industry AMETIC: multi-sector partnership of companies in the fields of electronics, telecommunications and digital content. http://www.ametic.es/ 10
Contents The context: eGovernment services The legal basis: eGov services and security The National Security Framework How do we collaborate Conclusions 11
National Security Framework Main elements The Basic principles to be taken into account in decision about security. The minimum requirements which allow an adequate protection of information. How to satisfy the basic principles and minimum requirements by means of the adoption of proportionate security measures according to information and services to be protected and to the riks to which they are exposed. Security audit. Response to security incidents (CERT). Security certified products, to be considered in procurement. 12
National Security Framework Security policy Public Administrations will have a security policy on the basis of the basic principles and minimum requirements. In order to satisfy the minimum requirements, proportional security measures will be adopted taking into account: System category, on the basis of the evaluation of the security dimensions. Law and rules about personal data protection. Decisions to manage identified risks. Regular audits will be carried out (for systems falling under Medium or High categories). 13
Basic principles The following basic principles should considered when taking decisions about security: Security as an integral process every process is concerned involves equipment, facilities, people, and processes Risk management risk analysis is mandatory; the rest is negotiable Prevention, reaction and recovery Defense in depth defence in depth physical, logical, organisational Periodic re-evaluation dynamic and reactive Segregation of duties Security role is separated from operational role 14
Minimum requirements The security policy will be based on the basic principles and it will be developed to meet the following minimum requirements: 74 15
Fulfilment of minimum requirements To meet the minimum requirements, security measures will be selected considering the following: The category of the system, Basic, Medium and High, depending on the evaluation of the security dimensions (availability, authenticity, integrity, confidentiality, traceability), taking into account the impact of a security breach. Who? higher management: information owner service owner. The provisions in the legislation on protection of personal data. The decisions taken to manage identified risks. 16
Security measures organizational operational asset protection – security policy – planning – facilities – security – access control – personnel regulations – operation – equipment – security – external services – communications procedures – continuity – media – authorization – monitoring – software process – information – services + use of common infrastructures and services and security guidelines provided by CCN. 17
How to Organisations providing e-government services have to ... Evaluate information Prepare and adopt a Define roles and and services (system security policy appoint persons categorisation) Carry out risk Improve security analysis Audit Implement, operate, Prepare and adopt a Every 2 years (H/M) and monitor the statement of security applicability 18
Audits Periodic audit to assess compliance with NSF. According to the category of the system: Category LOW: self-evaluation Category MEDIUM – HIGH: periodic (e.g. aligned with personal data audits) Use of widely recognized audit criteria and standards. Audit reports to be analysed by the security manager that will communicate his conclusions to the operational manager to apply the required changes. Security of information systems shall be audited: Security policy defines roles and functions. There are procedures for resolving conflicts. People have been designated for those roles according to the principle of "separation of roles”. There is a risk analysis, approved, and periodic. Compliance to security measures, according to system category and security requirements. There is a formal management system. 19
Implementation support Guidelines and tools Security Guidelines • 801 – Roles and responsibilities • 802 – Auditing guide • 803 – Valuation of systems • 804 – Implementation guidance • 805 – Information security policy • 806 – Security implementation plan • 807 – Use of cryptography • 808 – Inspection of compliance • 809 – Statement of conformity • 810 – Creation of a CERT/CSIRT • 811 – Networking in the Nat. Security Framework • 812 – Security in web applications • 814 – Security in e-mail • … Risk analysis methodology and software tools • MAGERIT – Risk analysis methodology • PILAR – Risk Analysis and Manag. Tool • Early warning services in admin. network Red SARA • CERT services • Certification services (certified security products) • Training 20
Government CERT CCN-CERT Support and coordination of other national CERTS. International point of contact. Support and coordination in incident resolution: incident response; may request audit reports from attacked systems Research and dissemination. Awareness and training for the public sector. Reporting of vulnerabilities (Early Warning System) Support to the building of CERT capabilities in other administrations. https://www.ccn-cert.cni.es/ 21
National Evaluation and Certification Scheme http://www.oc.ccn.cni.es/index_en.html The NSF recognizes the role of certified products to fulfill the minimum requirements proportionately. Recognizes the role of the Certification Body (CCN). Certification is an aspect to consider when purchasing security products. Depending on the security level, preferably use certified products. It includes a model clause for Technical Specifications. 22
National Interoperability Framework (Royal Decree 4/2010) Criteria and recommendations to build and improve interoperability: Integral, multidimensional and multilateral approach. Takes into account dimensions: Organisational, Semantic, Technical Use of standards. Use of common infrastrutures and services for multilateral interactions. Reuse of applications and other information objects. e-Signature and certificates. e-Document: recovery and preservation. + Tecnical Guides & supporting instruments. http://administracionelectronica.gob.es/recursos/pae_000002017.pdf http://www.epractice.eu/en/cases/eni 23
Contents The context: eGovernment services The legal basis: eGov services and security The National Security Framework How do we collaborate Conclusions 24
How do we collaborate? Coordinated by MPTAP + CCN with the collaboration of all Public Administrations + opinion of Industry. *> 200 experts With different profiles (IT, legal, archives, ...) + Justice (EJIS) Universities (CRUE) 25
Contents The context: eGovernment services The legal basis: eGov services and security The National Security Framework How do we collaborate Conclusions 26
Conclusions The NSF provides a legal framework to align security of eGovernment services across public administrations. A global and coherent approach to security. It applies proportionality: balance between the minimum requirements, information and services to be protected and their risks. It references security measures, the WHAT, but there is freedom on HOW to implement them. It takes into account the state of the art and principal terms of reference from EU, OECD, standardization, others. The NSF is a key element of the Spanish Security strategy. Cooperation: participation of all Public Administrations; and of the private sector through Industry associations. Challenge: Provide guidance, tools and training to facilitate implementation of the NSF and resolve common issues and difficulties. 27
To know more about IT security and Spain www.lamoncloa.gob.es/NR /.../EstrategiaEspanolaDeSeguridad.pdf http://www.epractice.eu/en/factsheets/ http://administracionelectronica.gob.es/ http://www.enisa.europa.eu/act/sr/files/ recursos/pae_000002018.pdf country-reports/?searchterm=country%20reports http://www.oc.ccn.cni.es/index_en.html https://www.ccn-cert.cni.es/index.php?lang=en http://administracionelectronica.gob.es 28
Thank you very much for your attention 29

Recommandé

Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...Anna Gomez
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
 
Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...Jacqueline Fick
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Ethiopia reba paper
Ethiopia reba paperEthiopia reba paper
Ethiopia reba paperWesen Tegegne
 
Privacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataPrivacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataH. T. Besik
 
Mon cirt khaltar
Mon cirt khaltarMon cirt khaltar
Mon cirt khaltarKhaltar Togtuun
 

Recommandé

Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...Anna Gomez
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
 
Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...Jacqueline Fick
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Ethiopia reba paper
Ethiopia reba paperEthiopia reba paper
Ethiopia reba paperWesen Tegegne
 
Privacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataPrivacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataH. T. Besik
 
Mon cirt khaltar
Mon cirt khaltarMon cirt khaltar
Mon cirt khaltarKhaltar Togtuun
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1Royalzig Luxury Furniture
 
Chapter1
Chapter1Chapter1
Chapter1tammy1124
 
Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Editor IJCATR
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
Cs8792 cns - unit i
Cs8792 cns - unit iCs8792 cns - unit i
Cs8792 cns - unit iArthyR3
 
Institutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveInstitutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveGovernment
 
Revolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryRevolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryWilliam Beer
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Cissp notes
Cissp notesCissp notes
Cissp notesJagbir Singh
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Privacy trends 2011
Privacy trends 2011Privacy trends 2011
Privacy trends 2011Vladimir Matviychuk
 
Cyber security: challenges for society- literature review
Cyber security: challenges for society- literature reviewCyber security: challenges for society- literature review
Cyber security: challenges for society- literature reviewIOSR Journals
 
Research Agenda in Security Research
Research Agenda in Security ResearchResearch Agenda in Security Research
Research Agenda in Security Researchsiswarren
 
I0516064
I0516064I0516064
I0516064IOSR Journals
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
Security Awareness
Security AwarenessSecurity Awareness
Security AwarenessDinesh O Bareja
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawSynopsys Software Integrity Group
 

Contenu connexe

Tendances

Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 
Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Editor IJCATR
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
Cs8792 cns - unit i
Cs8792 cns - unit iCs8792 cns - unit i
Cs8792 cns - unit iArthyR3
 
Institutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveInstitutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveGovernment
 
Revolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryRevolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryWilliam Beer
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Cyber security: challenges for society- literature review
Cyber security: challenges for society- literature reviewCyber security: challenges for society- literature review
Cyber security: challenges for society- literature reviewIOSR Journals
 
Research Agenda in Security Research
Research Agenda in Security ResearchResearch Agenda in Security Research
Research Agenda in Security Researchsiswarren
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 

Tendances (20)

Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technology
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
Chapter1
Chapter1Chapter1
Chapter1
 
Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
 
Cs8792 cns - unit i
Cs8792 cns - unit iCs8792 cns - unit i
Cs8792 cns - unit i
 
Institutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveInstitutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military Perspective
 
Revolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryRevolution Or Evolution Exec Summary
Revolution Or Evolution Exec Summary
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
Information Security
Information Security Information Security
Information Security
 
Cissp notes
Cissp notesCissp notes
Cissp notes
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
Privacy trends 2011
Privacy trends 2011Privacy trends 2011
Privacy trends 2011
 
Cyber security: challenges for society- literature review
Cyber security: challenges for society- literature reviewCyber security: challenges for society- literature review
Cyber security: challenges for society- literature review
 
Research Agenda in Security Research
Research Agenda in Security ResearchResearch Agenda in Security Research
Research Agenda in Security Research
 
I0516064
I0516064I0516064
I0516064
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 

Similaire à 20111010 The National Security Framework of Spain for Guide Share Europe, in Madrid in October 2011.

Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...DaveNjoga1
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013Vidushi Singh
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Citizen centric digital and mobile-identity, personal data ecosystems and the...
Citizen centric digital and mobile-identity, personal data ecosystems and the...Citizen centric digital and mobile-identity, personal data ecosystems and the...
Citizen centric digital and mobile-identity, personal data ecosystems and the...Dr Rachel O'Connell
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdfkarthikvcyber
 
The National Security Framework of Spain
The National Security Framework of SpainThe National Security Framework of Spain
The National Security Framework of SpainMiguel A. Amutio
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxsoulscout02
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.pptkarthikvcyber
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesingsegughana
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
 

Similaire à 20111010 The National Security Framework of Spain for Guide Share Europe, in Madrid in October 2011. (20)

Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the Law
 
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and Challenges
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet Security
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
Citizen centric digital and mobile-identity, personal data ecosystems and the...
Citizen centric digital and mobile-identity, personal data ecosystems and the...Citizen centric digital and mobile-identity, personal data ecosystems and the...
Citizen centric digital and mobile-identity, personal data ecosystems and the...
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdf
 
The National Security Framework of Spain
The National Security Framework of SpainThe National Security Framework of Spain
The National Security Framework of Spain
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
Cybersecurity isaca
Cybersecurity isacaCybersecurity isaca
Cybersecurity isaca
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.ppt
 
Module 7.pdf
Module 7.pdfModule 7.pdf
Module 7.pdf
 
Module 7 Cyber Laws and Forensic
Module 7 Cyber Laws and ForensicModule 7 Cyber Laws and Forensic
Module 7 Cyber Laws and Forensic
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesing
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
 

Plus de Miguel A. Amutio

Conference THE FUTURE IS DATA Panel: Leaders of the European Open Data Maturi...
Conference THE FUTURE IS DATA Panel: Leaders of the European Open Data Maturi...Conference THE FUTURE IS DATA Panel: Leaders of the European Open Data Maturi...
Conference THE FUTURE IS DATA Panel: Leaders of the European Open Data Maturi...Miguel A. Amutio
 
Mejora de la adecuación de los sistemas de la Administración General del Esta...
Mejora de la adecuación de los sistemas de la Administración General del Esta...Mejora de la adecuación de los sistemas de la Administración General del Esta...
Mejora de la adecuación de los sistemas de la Administración General del Esta...Miguel A. Amutio
 
Código de interoperabilidad - Introducción
Código de interoperabilidad - IntroducciónCódigo de interoperabilidad - Introducción
Código de interoperabilidad - IntroducciónMiguel A. Amutio
 
El Centro Europeo de Competencias en Ciberseguridad
El Centro Europeo de Competencias en CiberseguridadEl Centro Europeo de Competencias en Ciberseguridad
El Centro Europeo de Competencias en CiberseguridadMiguel A. Amutio
 
V Encuentros CCN ENS. Novedades, retos y tendencias
V Encuentros CCN ENS. Novedades, retos y tendenciasV Encuentros CCN ENS. Novedades, retos y tendencias
V Encuentros CCN ENS. Novedades, retos y tendenciasMiguel A. Amutio
 
Quien hace el Esquema Nacional de Seguridad ENS
Quien hace el Esquema Nacional de Seguridad ENSQuien hace el Esquema Nacional de Seguridad ENS
Quien hace el Esquema Nacional de Seguridad ENSMiguel A. Amutio
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity ContextMiguel A. Amutio
 
Contexto Europeo de Ciberseguridad
Contexto Europeo de CiberseguridadContexto Europeo de Ciberseguridad
Contexto Europeo de CiberseguridadMiguel A. Amutio
 
El nuevo ENS ante la ciberseguridad que viene
El nuevo ENS ante la ciberseguridad que vieneEl nuevo ENS ante la ciberseguridad que viene
El nuevo ENS ante la ciberseguridad que vieneMiguel A. Amutio
 
CryptoParty 2022. El Esquema Nacional de Seguridad para principiantes
CryptoParty 2022. El Esquema Nacional de Seguridad para principiantesCryptoParty 2022. El Esquema Nacional de Seguridad para principiantes
CryptoParty 2022. El Esquema Nacional de Seguridad para principiantesMiguel A. Amutio
 
Medidas del Estado para garantizar la seguridad en la Administración Pública
Medidas del Estado para garantizar la seguridad en la Administración PúblicaMedidas del Estado para garantizar la seguridad en la Administración Pública
Medidas del Estado para garantizar la seguridad en la Administración PúblicaMiguel A. Amutio
 
La preservación digital de datos y documentos a largo plazo: 5 retos próximos
La preservación digital de datos y documentos a largo plazo: 5 retos próximosLa preservación digital de datos y documentos a largo plazo: 5 retos próximos
La preservación digital de datos y documentos a largo plazo: 5 retos próximosMiguel A. Amutio
 
INAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedades
INAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedadesINAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedades
INAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedadesMiguel A. Amutio
 
Presente y futuro de la administración electrónica
Presente y futuro de la administración electrónicaPresente y futuro de la administración electrónica
Presente y futuro de la administración electrónicaMiguel A. Amutio
 
El nuevo Esquema Nacional de Seguridad. Jornadas CRUE TIC La Laguna
El nuevo Esquema Nacional de Seguridad. Jornadas CRUE TIC La LagunaEl nuevo Esquema Nacional de Seguridad. Jornadas CRUE TIC La Laguna
El nuevo Esquema Nacional de Seguridad. Jornadas CRUE TIC La LagunaMiguel A. Amutio
 
IV Encuentro ENS - El nuevo Esquema Nacional de Seguridad
IV Encuentro ENS - El nuevo Esquema Nacional de SeguridadIV Encuentro ENS - El nuevo Esquema Nacional de Seguridad
IV Encuentro ENS - El nuevo Esquema Nacional de SeguridadMiguel A. Amutio
 
Revista SIC. El nuevo esquema nacional de seguridad
Revista SIC. El nuevo esquema nacional de seguridadRevista SIC. El nuevo esquema nacional de seguridad
Revista SIC. El nuevo esquema nacional de seguridadMiguel A. Amutio
 
El nuevo Esquema Nacional de Seguridad
El nuevo Esquema Nacional de SeguridadEl nuevo Esquema Nacional de Seguridad
El nuevo Esquema Nacional de SeguridadMiguel A. Amutio
 
Actualización del ENS. Presentación CCN-CERT / SGAD
Actualización del ENS. Presentación CCN-CERT / SGADActualización del ENS. Presentación CCN-CERT / SGAD
Actualización del ENS. Presentación CCN-CERT / SGADMiguel A. Amutio
 

Plus de Miguel A. Amutio (20)

Conference THE FUTURE IS DATA Panel: Leaders of the European Open Data Maturi...
Conference THE FUTURE IS DATA Panel: Leaders of the European Open Data Maturi...Conference THE FUTURE IS DATA Panel: Leaders of the European Open Data Maturi...
Conference THE FUTURE IS DATA Panel: Leaders of the European Open Data Maturi...
 
Mejora de la adecuación de los sistemas de la Administración General del Esta...
Mejora de la adecuación de los sistemas de la Administración General del Esta...Mejora de la adecuación de los sistemas de la Administración General del Esta...
Mejora de la adecuación de los sistemas de la Administración General del Esta...
 
Código de interoperabilidad - Introducción
Código de interoperabilidad - IntroducciónCódigo de interoperabilidad - Introducción
Código de interoperabilidad - Introducción
 
El Centro Europeo de Competencias en Ciberseguridad
El Centro Europeo de Competencias en CiberseguridadEl Centro Europeo de Competencias en Ciberseguridad
El Centro Europeo de Competencias en Ciberseguridad
 
V Encuentros CCN ENS. Novedades, retos y tendencias
V Encuentros CCN ENS. Novedades, retos y tendenciasV Encuentros CCN ENS. Novedades, retos y tendencias
V Encuentros CCN ENS. Novedades, retos y tendencias
 
Quien hace el Esquema Nacional de Seguridad ENS
Quien hace el Esquema Nacional de Seguridad ENSQuien hace el Esquema Nacional de Seguridad ENS
Quien hace el Esquema Nacional de Seguridad ENS
 
Quien hace el ENI
Quien hace el ENIQuien hace el ENI
Quien hace el ENI
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity Context
 
Contexto Europeo de Ciberseguridad
Contexto Europeo de CiberseguridadContexto Europeo de Ciberseguridad
Contexto Europeo de Ciberseguridad
 
El nuevo ENS ante la ciberseguridad que viene
El nuevo ENS ante la ciberseguridad que vieneEl nuevo ENS ante la ciberseguridad que viene
El nuevo ENS ante la ciberseguridad que viene
 
CryptoParty 2022. El Esquema Nacional de Seguridad para principiantes
CryptoParty 2022. El Esquema Nacional de Seguridad para principiantesCryptoParty 2022. El Esquema Nacional de Seguridad para principiantes
CryptoParty 2022. El Esquema Nacional de Seguridad para principiantes
 
Medidas del Estado para garantizar la seguridad en la Administración Pública
Medidas del Estado para garantizar la seguridad en la Administración PúblicaMedidas del Estado para garantizar la seguridad en la Administración Pública
Medidas del Estado para garantizar la seguridad en la Administración Pública
 
La preservación digital de datos y documentos a largo plazo: 5 retos próximos
La preservación digital de datos y documentos a largo plazo: 5 retos próximosLa preservación digital de datos y documentos a largo plazo: 5 retos próximos
La preservación digital de datos y documentos a largo plazo: 5 retos próximos
 
INAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedades
INAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedadesINAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedades
INAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedades
 
Presente y futuro de la administración electrónica
Presente y futuro de la administración electrónicaPresente y futuro de la administración electrónica
Presente y futuro de la administración electrónica
 
El nuevo Esquema Nacional de Seguridad. Jornadas CRUE TIC La Laguna
El nuevo Esquema Nacional de Seguridad. Jornadas CRUE TIC La LagunaEl nuevo Esquema Nacional de Seguridad. Jornadas CRUE TIC La Laguna
El nuevo Esquema Nacional de Seguridad. Jornadas CRUE TIC La Laguna
 
IV Encuentro ENS - El nuevo Esquema Nacional de Seguridad
IV Encuentro ENS - El nuevo Esquema Nacional de SeguridadIV Encuentro ENS - El nuevo Esquema Nacional de Seguridad
IV Encuentro ENS - El nuevo Esquema Nacional de Seguridad
 
Revista SIC. El nuevo esquema nacional de seguridad
Revista SIC. El nuevo esquema nacional de seguridadRevista SIC. El nuevo esquema nacional de seguridad
Revista SIC. El nuevo esquema nacional de seguridad
 
El nuevo Esquema Nacional de Seguridad
El nuevo Esquema Nacional de SeguridadEl nuevo Esquema Nacional de Seguridad
El nuevo Esquema Nacional de Seguridad
 
Actualización del ENS. Presentación CCN-CERT / SGAD
Actualización del ENS. Presentación CCN-CERT / SGADActualización del ENS. Presentación CCN-CERT / SGAD
Actualización del ENS. Presentación CCN-CERT / SGAD
 

Dernier

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

20111010 The National Security Framework of Spain for Guide Share Europe, in Madrid in October 2011.

  • 1. The National Security Framework of Spain 10 October 2011 Miguel A. Amutio, CISA, CISM Ministry of Territorial Policy and Public Administration 1
  • 2. Contents The context: eGovernment services The legal basis: eGov services and security The National Security Framework How do we collaborate Conclusions 2
  • 3. The context: eGovernment services To improve the quality of life of citizens and reduce administrative burden on business in their interaction with public administrations. To contribute to growth and extend the benefits of a digital society to all (no one left behind). Services are provided in a complex scenario. 3
  • 4. Why security is important in eGovernment services Citizens expect that eGov services are provided under conditions of trust and security comparable to those they encounter when they go personally to the offices of the Administration. There is a growing proportion of electronic versus paper documents, and, increasingly, there is no paper. Information on electronic means has potential risks from the threat of malicious or illegal actions, errors or failures and accidents or disasters. Digital Agenda for Europe 4
  • 5. International context OECD Guidelines for information and network security: “... risk evaluation, security design and implementation, security management and re-evaluation.” Implementation Plan for the OECD Guidelines: “Government should develop policies that reflect best practices in security management and risk assessment... to create a coherent system of security.” Standards, in the field of IT security. European Union – Digital Agenda, ENISA. USA, FISMA, Federal Information Security Management Act Other references: DE, UK, FR 5
  • 6. Contents The context: eGovernment services The legal basis: eGov services and security The National Security Framework How do we collaborate Conclusions 6
  • 7. eGovernment Law 11/2007 Recognises the citizens’ right to interact with Public Administration by electronic means. Obligation to public administrations to enable electronic access to their services. The principles pay attention to security: – The right to the protection of personal data. – Security in the implementation and use of electronic means by public administrations. – Proportionality in the implementation of security measures according to the information and services to be protected and their context. Also the rights of citizens: – Right to security and confidentiality of the information contained in the files, systems and applications of Public Administrations. 7
  • 8. The National Security Framework Law 11/2007, art. 42 → RD 3/2010 The Spanish NSF is a legal text (Royal Decree 3/2010) which develops the provisions about security foreseen in eGovernment Law. The NSF establishes the security policy for eGov services. It consists of the basic principles and minimum requirements to enable adequate protection of information. To be followed by all Public administrations. It is a key element of the Spanish Security Strategy. The legal framework has a direct impact in eGovernment quality of service as well in the perception of the citizens and, at the same time, as a driver of the digital society. OECD highligths it as an important aspect of eGovernment readiness. 8
  • 9. Why the National Security Framework is needed Objectives Create the necessary conditions of trust, through measures to ensure IT security for the exercise of rights and the fulfillment of duties through the electronic access to public services. Provide common languange and elements of security to guide Public Administrations in the implementation of ICT security. to facilitate interaction between Public Administrations and to communicate security requirements to the Industry. Provide an common approach to security which enables cooperation to deliver eGoverment services. The NSF complements the National Interoperability Framework. Facilitate the continuous management of security, regardless of the impulses of the moment or lack thereof. 9
  • 10. + Stimulate the Industry AMETIC: multi-sector partnership of companies in the fields of electronics, telecommunications and digital content. http://www.ametic.es/ 10
  • 11. Contents The context: eGovernment services The legal basis: eGov services and security The National Security Framework How do we collaborate Conclusions 11
  • 12. National Security Framework Main elements The Basic principles to be taken into account in decision about security. The minimum requirements which allow an adequate protection of information. How to satisfy the basic principles and minimum requirements by means of the adoption of proportionate security measures according to information and services to be protected and to the riks to which they are exposed. Security audit. Response to security incidents (CERT). Security certified products, to be considered in procurement. 12
  • 13. National Security Framework Security policy Public Administrations will have a security policy on the basis of the basic principles and minimum requirements. In order to satisfy the minimum requirements, proportional security measures will be adopted taking into account: System category, on the basis of the evaluation of the security dimensions. Law and rules about personal data protection. Decisions to manage identified risks. Regular audits will be carried out (for systems falling under Medium or High categories). 13
  • 14. Basic principles The following basic principles should considered when taking decisions about security: Security as an integral process every process is concerned involves equipment, facilities, people, and processes Risk management risk analysis is mandatory; the rest is negotiable Prevention, reaction and recovery Defense in depth defence in depth physical, logical, organisational Periodic re-evaluation dynamic and reactive Segregation of duties Security role is separated from operational role 14
  • 15. Minimum requirements The security policy will be based on the basic principles and it will be developed to meet the following minimum requirements: 74 15
  • 16. Fulfilment of minimum requirements To meet the minimum requirements, security measures will be selected considering the following: The category of the system, Basic, Medium and High, depending on the evaluation of the security dimensions (availability, authenticity, integrity, confidentiality, traceability), taking into account the impact of a security breach. Who? higher management: information owner service owner. The provisions in the legislation on protection of personal data. The decisions taken to manage identified risks. 16
  • 17. Security measures organizational operational asset protection – security policy – planning – facilities – security – access control – personnel regulations – operation – equipment – security – external services – communications procedures – continuity – media – authorization – monitoring – software process – information – services + use of common infrastructures and services and security guidelines provided by CCN. 17
  • 18. How to Organisations providing e-government services have to ... Evaluate information Prepare and adopt a Define roles and and services (system security policy appoint persons categorisation) Carry out risk Improve security analysis Audit Implement, operate, Prepare and adopt a Every 2 years (H/M) and monitor the statement of security applicability 18
  • 19. Audits Periodic audit to assess compliance with NSF. According to the category of the system: Category LOW: self-evaluation Category MEDIUM – HIGH: periodic (e.g. aligned with personal data audits) Use of widely recognized audit criteria and standards. Audit reports to be analysed by the security manager that will communicate his conclusions to the operational manager to apply the required changes. Security of information systems shall be audited: Security policy defines roles and functions. There are procedures for resolving conflicts. People have been designated for those roles according to the principle of "separation of roles”. There is a risk analysis, approved, and periodic. Compliance to security measures, according to system category and security requirements. There is a formal management system. 19
  • 20. Implementation support Guidelines and tools Security Guidelines • 801 – Roles and responsibilities • 802 – Auditing guide • 803 – Valuation of systems • 804 – Implementation guidance • 805 – Information security policy • 806 – Security implementation plan • 807 – Use of cryptography • 808 – Inspection of compliance • 809 – Statement of conformity • 810 – Creation of a CERT/CSIRT • 811 – Networking in the Nat. Security Framework • 812 – Security in web applications • 814 – Security in e-mail • … Risk analysis methodology and software tools • MAGERIT – Risk analysis methodology • PILAR – Risk Analysis and Manag. Tool • Early warning services in admin. network Red SARA • CERT services • Certification services (certified security products) • Training 20
  • 21. Government CERT CCN-CERT Support and coordination of other national CERTS. International point of contact. Support and coordination in incident resolution: incident response; may request audit reports from attacked systems Research and dissemination. Awareness and training for the public sector. Reporting of vulnerabilities (Early Warning System) Support to the building of CERT capabilities in other administrations. https://www.ccn-cert.cni.es/ 21
  • 22. National Evaluation and Certification Scheme http://www.oc.ccn.cni.es/index_en.html The NSF recognizes the role of certified products to fulfill the minimum requirements proportionately. Recognizes the role of the Certification Body (CCN). Certification is an aspect to consider when purchasing security products. Depending on the security level, preferably use certified products. It includes a model clause for Technical Specifications. 22
  • 23. National Interoperability Framework (Royal Decree 4/2010) Criteria and recommendations to build and improve interoperability: Integral, multidimensional and multilateral approach. Takes into account dimensions: Organisational, Semantic, Technical Use of standards. Use of common infrastrutures and services for multilateral interactions. Reuse of applications and other information objects. e-Signature and certificates. e-Document: recovery and preservation. + Tecnical Guides & supporting instruments. http://administracionelectronica.gob.es/recursos/pae_000002017.pdf http://www.epractice.eu/en/cases/eni 23
  • 24. Contents The context: eGovernment services The legal basis: eGov services and security The National Security Framework How do we collaborate Conclusions 24
  • 25. How do we collaborate? Coordinated by MPTAP + CCN with the collaboration of all Public Administrations + opinion of Industry. *> 200 experts With different profiles (IT, legal, archives, ...) + Justice (EJIS) Universities (CRUE) 25
  • 26. Contents The context: eGovernment services The legal basis: eGov services and security The National Security Framework How do we collaborate Conclusions 26
  • 27. Conclusions The NSF provides a legal framework to align security of eGovernment services across public administrations. A global and coherent approach to security. It applies proportionality: balance between the minimum requirements, information and services to be protected and their risks. It references security measures, the WHAT, but there is freedom on HOW to implement them. It takes into account the state of the art and principal terms of reference from EU, OECD, standardization, others. The NSF is a key element of the Spanish Security strategy. Cooperation: participation of all Public Administrations; and of the private sector through Industry associations. Challenge: Provide guidance, tools and training to facilitate implementation of the NSF and resolve common issues and difficulties. 27
  • 28. To know more about IT security and Spain www.lamoncloa.gob.es/NR /.../EstrategiaEspanolaDeSeguridad.pdf http://www.epractice.eu/en/factsheets/ http://administracionelectronica.gob.es/ http://www.enisa.europa.eu/act/sr/files/ recursos/pae_000002018.pdf country-reports/?searchterm=country%20reports http://www.oc.ccn.cni.es/index_en.html https://www.ccn-cert.cni.es/index.php?lang=en http://administracionelectronica.gob.es 28
  • 29. Thank you very much for your attention 29