SlideShare a Scribd company logo

The National Security Framework of Spain

Miguel A. Amutio
Miguel A. Amutio

The National Security Framework (ENS) provides the basic principles and minimum security requirements, proportionality through categorization into three steps, security measures updated and adapted to Digital Government, flexibility mechanisms through compliance profiles, accreditation and conformity through a certification scheme with the National Accreditation Entity, ENAC, and monitoring through the Annual Report on State of Security, along with more than 100 support guides ( CCN-STIC) and a collection of support tools provided by CCN-CERT, plus the references in the instruments for central procurement of IT services and products. The ENS is applicable to the entire public sector, to systems that process classified information, to those who provide services or provide solutions to public sector entities, and to the supply chain of such contractors on the basis of risk analysis.

Government & Nonprofit
1 of 32
Download to read offline
0 The National Security Framework (ENS - Esquema Nacional de Seguridad) 29th Plenary Meeting of the NIS Cooperation Group 29th November 2023 Miguel A. Amutio Deputy DG for Cybersecurity Planning and Coordination General Secretariat for Digital Government Secretary of State for Digitization and Artificial Intelligence Ministry for Digital Transformation
1 2010 2014 -16 2017 National Security Strategy 2017 Regulation eIDAS GDPR NIS Directive Updated ENS Technical Security Instructions • Compliance with ENS • Annual Repport Administrative Laws 39/2015, 40/2015 ICT Strategy – Shared Services Declaration (includes Shared Managed Security Services) National Security Framework National Interoperability Framework 2018 ENS Instructions • Auditing • Notification of incidents CoCENS Council for Certification of ENS NIS transposition Law Data Protection (Adding to GDPR) Regulation Critical Infrastructure Protection National Cybersecurity Strategy 2013 Risk Analysis Methodology Magerit v3 2011-13 2019 Cybersecurity Regulation National Guide on Notification of Cyberincidents National Cybersecurity Strategy 2019 Ministers Council Agreement on the Cybersecurity Operations Center of the General State Administration EU Digital Strategy EU Strategy for Data EU on AI White Paper EU Cybersecurity Package España Digital 2025 National Cybersecurity Forum Regulation ECCC Development of NIS Transposition Plan for Digitization of Public Administrations 2021 – 20215 Recovery Plan (Next generation EU funding) Ministers Council Agreement Action Plan on Cybersecurity 2020 2021 2022 RDL 7/2022 Security 5G Cybersecurity National Plan New National Security Framework Proposal Regulation Cybersecurity EUIBAS Proposal Regulation information security EUIBAS Council Conclusions on protection of supply chain Directive 2022/2555 NIS2 Regulation 2022/2554 DORA Directive 2022/2557 CER European Cybersecurity Skills Framework (ECSF) 2022 2023 Communication Cyber Skills Academy Adequacy Decision EU-US Data Privacy Framework Proposal Cybersolidarity Act Proposal modification Cybersecurity Act Adenda Recovery Plan Cybersecurity A collective and multidisciplinary effort, sustained along the time Source: Miguel A. Amutio
2 A global approach to cybersecurity Source: Miguel A.Amutio Legal framework Governance Cooperation Community Capabilities Services Solutions Interaction Evolution Digital Government ▪ National Cybersecurity: ▪ CNCS ▪ FNCS ▪ Digital Government ▪ General State ▪ eGov Sectorial Commission ▪ ENS - CoCENS + Funding Certified Products (Catalogue CPSTIC) Strategic context: National (ENCS 2019), European
3 National Security Framework Big decisions, why and how (1/2) Around 2006, when drafting the eGovernment Law, on the basis of previous experience, it was decided to develop a security instrument tailored to the protection needs of information and services provided BY and provided TO Public Administrations (though not limited to the specific need of eGovernment at the time). It should be embedded in the administrative legislation. Aligned with the National and European strategic and legal framework. And it should be the reference for: • Data Protection • Protection of Critical Infrastructures, as well as Essential Services (at least for the ones managed by the Public Sector)
4 National Security Framework Big decisions, why and how (2/2) The National Security Framework was created by the eGovernment Law in 2007. The ENS was first implemented by a Royal Decree in 2010, to be aplicable by all Public Administrations, as a result of a public effort by the public and private sectors. It was included in the Administrative Laws of 2015 which superseded the previous administrative and eGovernment legislation. It was updated in 2015 in the light of experience and evolution of National and European legislation (e.g. eIDAS, etc.) The ENS was revamped in 2022: • To be aligned with the current National and European strategic and legal framework. • To introduce flexibility that facilitates implementation for specific contexts (e.g. Local Entities, etc.). • To respond to cybersecurity need and trends.
5 National Security Framework More big decisions It was decided to include Public Administration within Strategic Sectors in the legislation for the Protection of Critical Infrastructures. In the transposition of NIS1: • It was decided to align the identification of essential services and their operators with the procedures defined for the designation of Operators of Critical Infrastructures. • The security obligations of essential service operators and digital service providers refer to the National Security Framework (ENS) as a reference. In the COMMISSION IMPLEMENTING REGULATION (EU) 2015/1501 of 8 September 2015 on the interoperability framework pursuant to Article 12(8) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market, article 10 states: Information assurance and security standards: 1. Node operators of nodes providing authentication shall prove that, in respect of the nodes participating in the interoperability framework, the node fulfils the requirements of standard ISO/IEC 27001 by certification, or by equivalent methods of assessment, or by complying with national legislation.
6 National Security Framework Embedded in Administrative Legislation “The National Security Framework aims to establish the security policy within the scope of this Law, and it is constituted by the basic principles and minimum requirements that adequately guarantee the security of the information processed.” (Ar. 156) Security, a general principle of action by Public Administrations “The Public Administrations will interact with each other and with their linked or dependent bodies, public organizations and entities through electronic means, which ensure the interoperability and security of the systems and solutions adopted by each of them, they will guarantee the protection of data, and they will preferably facilitate the joint provision of services to interested parties.” (Art. 3.2) Law 40/2015 on the Legal Regime of the Public Sector Rights of citizens To the protection of personal data, and, in particular, to the security and confidentiality of the data in the files, systems and applications of the Public Administrations. Art. 13 h) Law 39/2015 on the Common Administrative Procedure of Public Administrations
7 National Security Framework General objectives Create the necessary conditions of trust through measures to guarantee security, enabling citizens and Public Sector entities to exercise their rights and fulfil their duties. Promote: • Continuous management of security. • Prevention, detection and response to cyber threats and cyber attacks. • Homogeneous approach to security that facilitates cooperation in the provision of services by means of a common language and elements appropriate to the Public Sector. Provide leadership on best practices. Facilitate interoperability of data and services supporting the National Interoperability Framerwork.
8 An overview (RD 311/2022) • General provisions, object, scope of application, … (arts. 1 – 4) • Basic principles, which serve as a guide. (arts. 5 – 11) • Security policy and minimum requirements, mandatory compliance. (arts. 12 – 28) • Categorization of systems for the adoption of proportionate security measures (arts. 28, 40, 41, Annexes I and II) • Procurement of security products and services. Use of certified products. Role of the Certification Body (OC-CCN) (art. 19 and Annex II) • Use of common infrastructure and services (art. 29) • Specific compliance profiles (art. 30) • The security audit that verifies compliance with the ENS. (art. 31 and A-III) • Annual Report on the Security Status (art. 32) • Response to security incidents (arts. 33 and 34) • Compliance with the ENS (arts. 35 to 38) • Permanent updating (art. 39) • Training (D.a. 1st) • Technical security instructions (D.a. 2nd) • Security guides (D.a. 2nd) • Systems adaptation (d.t.u) -> 24 months • Annex I. System security categories • Annex II. Security measures • Annex III. Security audit • Annex IV. Glossary 41 Articles 4 Annexes English version available (*) (*) Link to the English version: https://administracionelectronica.gob.es/dam/jcr:eb23ff83-ebdb-487e-abd2- 8654f837794f/RD_311-2022_of-3_May_ENS.pdf Link to the official version in Spanish: https://www.boe.es/eli/es/rd/2022/05/03/311
9 ▪ The whole Public Sector in Spain. ▪ Systems that handle classified information. ▪ Providers of services and solutions to entities of the Public Sector. ▪ Public sector entities and third parties providing services to them, in the processing and protection of personal data. ▪ And… ▪ The calls for procurement will include the requirements to ensure compliance with the ENS (extended to the supply chain on the basis of risk analysis). ▪ Providers should have a security policy. ▪ Providers of outsourced services shoud have a Point of Contact for the security of information handled and services provided, and for incident management. It is aplicable to…
10 Compliance Monitoring Annual Report - Support, Guides and Tools Legal base Scope ✓Public Sector Classified Information Technical Instructions ✓Royal Decree 3/2010 ✓Updated 2015 ✓Royal Decree 311/2022 Administrative laws 40/2015 y 39/2015 ✓ Annual Report ✓ Compliance with the ENS ✓ Audit ✓ Notification of incidentes ✓ Certifiers accredited by ENAC ✓ Certified entities (public/private) ✓ Council for the Certification of ENS (CoCENS) ✓> 100 Guides CCN-STIC Series 800 - ✓> 23 Solutions by References ✓ 9 Editions of the Annual Report ✓ Law 3/2018 (add to GDPR) ✓ Transposition of NIS - RD-l 12/2018 - RD 43/2021 ✓ ✓ Providers Supply Chain (on the basis of Risk analisys) ✓ Development Specific Profiles > 10 Specific Profiles for: - Local Entities - Cloud environments - Others ✓
11 Organizational framework 4 Security policy Security regulations Security procedures Authorization process Operational framework 33 Protection measures 36 Planning (5) Access control (6) Operation (10) External resources (4) Cloud services (1) Continuity of service (4) System monitoring (3) Facilities and infrastrucure (7) Staff management (4) Protection of equipment (4) Protection of communications (4) Protection of information media (5) Protection of IT applications (2) Protection of information (6) Protection of services (4) Source: ENS Infographics Organizational framework: measures related to the global organization of security. Operational framework: measures to be taken to protect the operation of the system as an integral set of components for an end. Protection measures: focus on protecting specific assets, depending on their nature and the quality required by the level of security of the dimensions concerned. Proportionate to 3 categories (High, Medium, Low) and 5 security dimensions (Confidentiality [C], Integrity [I], Accountability [Acc], Authenticity [Auth], Availability [A]) Security Measures (I/IV)
12 Organizational framework: measures related to the global organization of security. Operational framework: measures to be taken to protect the operation of the system as an integral set of components for an end. Protection measures: focus on protecting specific assets, depending on their nature and the quality required by the level of security of the dimensions concerned. Security Measures (II/IV) The security measures provided by ENS satisfy the measures by NISCG In relation to article 21, with added value (coding, levels, reinforcements)
13 Organizational framework: measures related to the global organization of security. Operational framework: measures to be taken to protect the operation of the system as an integral set of components for an end. Protection measures: focus on protecting specific assets, depending on their nature and the quality required by the level of security of the dimensions concerned. Security Measures (III/IV) The security measures provided by ENS satisfy the measures by NISCG In relation to article 21, with added value (coding, levels, reinforcements)
14 Security measures, their requirements, and reinforcements are coded to facilitate both implementation and auditing. Example: Security Measures (IV/IV)
15 ✓ Specific compliance profiles (art. 30): They will include the set of security measures that, because of the mandatory risk analysis, are suitable for a specific security category. ✓ Profiles seek to introduce the ability to adjust the ENS requirements to the specific needs of certain: • Groups: Local Entities, Universities, Paying Agencies,… • Technological areas: cloud services,… Examples: ✓ CCN-STIC-881A. Perfil de Cumplimiento Específico Universidades ✓ CCN-STIC 883A Perfil de Cumplimiento Específico Ayuntamientos pequeños (menos de 5.000 habitantes) ✓ CCN-STIC 883B Perfil Cumplimiento Específico Ayuntamientos de menos de 20.000 habitantes ✓ CCN-STIC 883C Perfil de Cumplimiento Específico Ayuntamientos de entre 20.000 y 75.000 habitantes ✓ CCN-STIC 883D Perfil de Cumplimento Específico Diputaciones ✓ CCN-STIC-884 Perfil de cumplimiento específico para Azure Servicio de Cloud Corporativo ✓ CCN-STIC-885 Perfil de cumplimiento específico para Office 365 Servicio de Cloud Corporativo ✓ CCN-STIC-886 Perfil de cumplimiento específico para Sistemas Cloud Privados y Comunitarios ✓ CCN-STIC-887 Perfil de cumplimiento específico para AWS Servicio de Cloud Corporativo ✓ CCN-STIC-888 Perfil de Cumplimiento Específico para Google Cloud Servicio de Cloud Corporativo Responding to specific needs
16 Procedure and roles, in the light of experience and on the basis of the roles defined in the transposition of NIS1. Role of CISRTs: • CCN-CERT, notified by entities of the Public Sector, and national coordinator • INCIBE-CERT, notified by entities of the Private Sector • ESPDEF-CERT, notified by entities in the scope of National Defense Role of the General Secretariat for Digital Government, SGAD, provider of common and shared services, in collaboration with the CCN-CERT. Role of the Ministry of Interior (Cybersecurity Coordination Office, OCC), involved when an essential operator who has been designated as a critical operator suffers an incident. Response to cybersecurity incidentes
17 Use of certified products on the basis of proportionality. Role of the Catalogue of Information and Communication Technology Security Products and Services (CPSTIC) recognized. It offers a set of reference products whose security functionalities have been certified. The instruments for central procurement refer to the ENS for security requirements and to the means to show the compliance. Procurement of security products e.g. DYNAMIC SYSTEM FOR PROCUREMENT OF SYSTEM, DEVELOPMENT AND APPLICATION SOFTWARE SUPPLIES, OF THE STATE CENTRALIZED PROCUREMENT SYSTEM - SDA 25 The specifications for the procurement include: - Security requirements - How to show the compliance with the security requirements by means of the reference to: - National Security Framework (ENS) - Catalogue of Information and Communication Technology Security Products and Services (CPSTIC) or equivalent - Reference to (coming) European certification schemas
18 Those in scope should show compliance with the ENS. Public Sector Entities, service providers or solution providers: same procedures and documents. Certification entities Accreditation by in accordance with UNE-EN ISO/IEC 17065, for certification of systems within the scope of application of the ENS. Declaration of Compliance Applicable to Basic category information systems. Self-assessment for the declaration. Certification of Compliance Mandatory application to information systems of Medium or High categories and voluntary application in Basic category. Audit for certification. Labels Compliance ✓ It allows the unification of criteria of certifying entities through the ENS Certification Council (CoCENS). ✓ At any time, any person or entity can consult the status of a Certification of Compliance with the ENS, in a centralized portal maintained by the CCN based on the information provided by the certification entities.
19 Monitoring - Annual Report ▪ Article 32. Security status report ▪ Security Measurement: 4.7.2 Metric System [op.mon.2] There is a tool for collecting and consolidating data for the State of Security Report Main contents of the report: - General information about organisms - Risk management - Organizational security information - Economic and human resources - Security measures of Annex II of the ENS.In - formation about interconnections - Security application (authentication methods, outsourced services, change management, continuity of services, training, awareness...) - Incident management (number and response times). - Audits and certifications. Versions of the report: Global and by context 177 218 877 55 Participation by type of organism Year 2022 General State Admin Regions Local Bodies Universities 768 898 933 1008 1327 886 1078 1187 1283 1747 500 800 1100 1400 1700 2000 2018 2019 2020 2021 2022 Developments in participation Included in the report Registered in Governance 1327 bodies + 30% compared to 2021 Some figures of 9 edition:
20 A global approach to cybersecurity Source: Miguel A.Amutio Legal framework Governance Cooperation Community Capabilities Services Solutions Interaction Evolution Digital Government ▪ National Cybersecurity: ▪ CNCS ▪ FNCS ▪ Digital Government ▪ General State ▪ eGov Sectorial Commission ▪ ENS - CoCENS + Funding Certified Products (Catalogue CPSTIC) Strategic context: National (ENCS 2019), European
21 General State Administration Gobernanza y Cooperación TIC Working Groups (…ENS, COCS) Sectorial Commission for eGovernment Public Administrations Working Groups (…WG Security) CIO (SGAD) Council for the Certification of ENS Established: 2018 Presidence: CCN Members: SGAD, ENAC, accredited certifies of the ENS Mission: Implementation of the certification of the compliance with the ENS + Community Cooperation, Governance, Community
22 A global approach to cybersecurity Source: Miguel A.Amutio Legal framework Governance Cooperation Community Capabilities Services Solutions Interaction Evolution Digital Government ▪ National Cybersecurity: ▪ CNCS ▪ FNCS ▪ Digital Government ▪ General State ▪ eGov Sectorial Commission ▪ ENS - CoCENS + Funding Certified Products (Catalogue CPSTIC) Strategic context: National (ENCS 2019), European
23 Capacities, services and solutions ✓ COCS provides SOC horizontal cybersecurity services. ✓ It facilitates compliance with the ENS. ✓ > 100 entities within its scope (General State Administration) ✓ Catalogue of solutions provided by the CCN-CERT. ✓ Audit, detection, SIEM, CTI exchange, … ✓ They facilitate the implementation of the ENS. ✓ National Network of SOCs. ✓ Collaboration and exchange of information between the SOCs of the Spanish public sector. ✓ 141 Members, 89 public entities, 52 providers (31 Gold, 21 Informed) ✓ Promotion of cybersecurity capacities in regional governments and local entities.
24 European Crossborder Platform for the Exchange of Cyberintelligence info ✓ EU funding DIGITAL ✓ Cybersecurity Work Prgramme ✓ Cross-border platforms for pooling data on Cybersecurity threats between several Member States ✓ Call for Expression of Interest to select entities in Member States and other elligible countries willing to deploy and manage cross-border SOC platforms. ENSOC Architecture
25 A global approach to cybersecurity Source: Miguel A.Amutio Legal framework Governance Cooperation Community Capabilities Services Solutions Interaction Evolution Digital Government ▪ National Cybersecurity: ▪ CNCS ▪ FNCS ▪ Digital Government ▪ General State ▪ eGov Sectorial Commission ▪ ENS - CoCENS + Funding Certified Products (Catalogue CPSTIC) Strategic context: National (ENCS 2019), European
26 Funding Agreement of the Council of Ministers on Urgent Measures on Cybersecurity (25.05.2021) Line 2 - Action 5 Meausure 9 April 2019 July 2020 October 2021 January 2021 May 2021 Funding Next Generation EU Funding from Nex Generation EU through the Plan for Recovery, Transformation and Resilience: ✓ Cybersecurity Operations Center of the General State Administration (COCS) ✓ Solutions provided by CCN-CERT required by the COCS ✓ Improvement of the implementation of the ENS in the General State Administration. ✓ Cybersecurity capacities in other Public Administrations, Regional Governments, and, particularly, Local Entities, as well as improvement of the implementation of the ENS. ✓ Other investments in cybersecurity.
27 • Regulation 910/2014 eIDAS • Regulation 2016/679 GDPR • Regulation 2019/881 Cybersecurity Act • Regulation 2021/887 ECCC • Directive 2016/1148 NIS • Regulation 2018/1724 Single Digital Gateway • Regulation 2022/2554 DORA • Directive 2022/2555 NIS2 • Directiva 2022/2557 resilience of critical entities (CER) • Regulation 2022/868 Data Governance Act • Council Conclusions on security of the Supply Chain • EU Policy on Cyber Defence • Adequacy Decision EU-US Data Privacy Framework • Proposal Regulation Artificial Intelligence • Proposal Regulation Data Act • Proposal Regulation Europa Interoperable • Proposal Cyberresilience Act (CRA) • Proposal Regulation eIDAS2 • Proposal Regulation on Cybersecurity of EU Institutions • Proposal Regulation on information security of EU Institutions • Proposals European Certification Schemes (EUCC, EUCS) • Proposal Cybersolidarity Act • Proposal modification Cybersecurity Act (No exhaustivo) • Multi Stakeholder Platform for ICT Standards • CIO Network • Expert Group on Interoperability • Group Coordination SDG • European Blockchain Services Infrastructure • eIDAS Expert Group • … • European Cybersecurity Competence Center (ECCC) • Network of NCCs • Group Cooperation NIS • CyCLONe – European Cyber Crises Liaison Organisation Network • Joint Cyber Unit – Cooperation of Cybersecurity Communities • International Cooperation on Cybersecurity standards and specifications • Cooperation with third countries, … • Trans-European TESTA Network • CEF Building Blocks, … • ENISA • CERT-EU (for EUIBAS) • CSIRT Network, … • Next Generation EU • Digital Europe Programme - Cybersecurity • Horizon Europe • Other instruments for funding Cooperation Governance Community Legal Framework Operational capacities Services Solutions Funding ▪ Alignment ▪ Transposition ▪ Implementation ▪ Participation ▪ Contribution to factsheets, etc. EU Cybersecurity Context
28 Photo by Annie Spratt on Unsplash Measures for Risk management • Security policies • Incident management (prevention, detection and response) • Continuity of activities • Supply chain security • Security in acquisition, development and maintenance of networks and systems. Supply chain • Policies and procedures to evaluate the effectiveness of measures. • Basic cyber hygiene practices and cybersecurity training. • Policies and procedures relating to cryptography and encryption • Human resources security,… • Specific vulnerabilities of supplier and service providers. The ENS positions Spain in a favorable condition for the agile implementation of the transposition of the NIS2 Directive. Enlarged scope: Public Administration (General State, Regional Govs; Local Entities, to be determined) Main obligations for entities in the scope: Public Administrations, in the scope of NIS2
29 Conclusions ✓ The ENS provides basic principles and security requirements, proportionality through categorization, updated security measures, flexibility mechanisms through specific profiles, plus accreditation and compliance mechanisms through a certification scheme with ENAC, as well as monitoring through the Annual Report on the state of security, along with more than 100 support guides and a collection of support tools provided by the CCN-CERT. ✓ Applicable to the whole public sector, systems that handle classified information, and providers of solutions and services. ✓ Global approach which engages legal framework; governance cooperation and community; capacities, solutions and services; and funding. ✓ Aligned with cybersecurity context, tailored to digital government including aspects not treated in standards, but coherent with international standards. ✓ It is flexible. At the same time enables harmonization of criteria. Continuously tuned to the evolution of threat on information systems. The ENS satisfy the measures proposed by NISCG for article 21. ✓ 13 years of experience. ✓ A sound basis for the implementation of NIS2 in Spain.
30 More info
31 Many thanks 29th Plenary Meeting of the NIS Cooperation Group 29th November 2023

Recommended

Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
Margarete McGrath
 
Data Encryption Standard
Data Encryption StandardData Encryption Standard
Data Encryption Standard
Adri Jovin
 
Encryption
EncryptionEncryption
Encryption
Nitin Parbhakar
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
SlideTeam
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Information security
Information securityInformation security
Information security
Sina Bagherinezhad
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19
Francesco Flammini
 

Recommended

Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
Margarete McGrath
 
Data Encryption Standard
Data Encryption StandardData Encryption Standard
Data Encryption Standard
Adri Jovin
 
Encryption
EncryptionEncryption
Encryption
Nitin Parbhakar
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
SlideTeam
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Information security
Information securityInformation security
Information security
Sina Bagherinezhad
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19
Francesco Flammini
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
Sergey Gordeychik
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
chauhankapil
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
Tuan Phan
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
Cybersecurity isaca
Cybersecurity isacaCybersecurity isaca
Cybersecurity isaca
Antoine Vigneron
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity Context
Miguel A. Amutio
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptography
subhradeep mitra
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
Doreen Loeber
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best Practices
Bamboo Apps
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
Information Security Awareness Group
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
Vipin Tejwani
 
Cybersecurity Essentials
Cybersecurity EssentialsCybersecurity Essentials
Cybersecurity Essentials
CarmineCastaldoTucci
 
Monoalphabetic Substitution Cipher
Monoalphabetic Substitution CipherMonoalphabetic Substitution Cipher
Monoalphabetic Substitution Cipher
SHUBHA CHATURVEDI
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
Ramana K V
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
gangadhar9989166446
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
Miguel A. Amutio
 
Governing Information Security
Governing Information SecurityGoverning Information Security
Governing Information Security
Roberto Reale
 

More Related Content

What's hot

AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
Sergey Gordeychik
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptography
subhradeep mitra
 

What's hot (20)

AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
Cybersecurity isaca
Cybersecurity isacaCybersecurity isaca
Cybersecurity isaca
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity Context
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptography
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best Practices
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
Cybersecurity Essentials
Cybersecurity EssentialsCybersecurity Essentials
Cybersecurity Essentials
 
Monoalphabetic Substitution Cipher
Monoalphabetic Substitution CipherMonoalphabetic Substitution Cipher
Monoalphabetic Substitution Cipher
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
 

Similar to The National Security Framework of Spain

CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesing
segughana
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
segughana
 
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
Miguel A. Amutio
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
Lisa Catanzaro
 

Similar to The National Security Framework of Spain (20)

Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
Governing Information Security
Governing Information SecurityGoverning Information Security
Governing Information Security
 
Roberto Reale - Governing Information Security
Roberto Reale - Governing Information SecurityRoberto Reale - Governing Information Security
Roberto Reale - Governing Information Security
 
Strategy and experience of Spain in interoperability for eGovernment. Governm...
Strategy and experience of Spain in interoperability for eGovernment. Governm...Strategy and experience of Spain in interoperability for eGovernment. Governm...
Strategy and experience of Spain in interoperability for eGovernment. Governm...
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesing
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
 
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
 
ECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification FrameworkECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification Framework
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
 
E govermentinlocalandregionaladministrations onlineversionpdf
E govermentinlocalandregionaladministrations onlineversionpdfE govermentinlocalandregionaladministrations onlineversionpdf
E govermentinlocalandregionaladministrations onlineversionpdf
 
Towards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk managementTowards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk management
 
Towards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk managementTowards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk management
 
National_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdfNational_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdf
 
Cyber security for smart cities an architecture model for public transport
Cyber security for smart cities an architecture model for public transportCyber security for smart cities an architecture model for public transport
Cyber security for smart cities an architecture model for public transport
 
Digital transformation in the Spanish Government
Digital transformation in the Spanish Government Digital transformation in the Spanish Government
Digital transformation in the Spanish Government
 
Session 2.1 Martin Mühleck
Session 2.1 Martin MühleckSession 2.1 Martin Mühleck
Session 2.1 Martin Mühleck
 
Digital strategy for cyprus
Digital strategy for cyprusDigital strategy for cyprus
Digital strategy for cyprus
 
Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...
Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...
Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...
 
European Directive DRAFT Network and Information Technology Security
European Directive DRAFT Network and Information Technology SecurityEuropean Directive DRAFT Network and Information Technology Security
European Directive DRAFT Network and Information Technology Security
 

More from Miguel A. Amutio

Código de interoperabilidad - Introducción
Código de interoperabilidad - IntroducciónCódigo de interoperabilidad - Introducción
Código de interoperabilidad - Introducción
Miguel A. Amutio
 
Quien hace el Esquema Nacional de Seguridad ENS
Quien hace el Esquema Nacional de Seguridad ENSQuien hace el Esquema Nacional de Seguridad ENS
Quien hace el Esquema Nacional de Seguridad ENS
Miguel A. Amutio
 
El nuevo ENS ante la ciberseguridad que viene
El nuevo ENS ante la ciberseguridad que vieneEl nuevo ENS ante la ciberseguridad que viene
El nuevo ENS ante la ciberseguridad que viene
Miguel A. Amutio
 
La preservación digital de datos y documentos a largo plazo: 5 retos próximos
La preservación digital de datos y documentos a largo plazo: 5 retos próximosLa preservación digital de datos y documentos a largo plazo: 5 retos próximos
La preservación digital de datos y documentos a largo plazo: 5 retos próximos
Miguel A. Amutio
 
INAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedades
INAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedadesINAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedades
INAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedades
Miguel A. Amutio
 

More from Miguel A. Amutio (20)

Conference THE FUTURE IS DATA Panel: Leaders of the European Open Data Maturi...
Conference THE FUTURE IS DATA Panel: Leaders of the European Open Data Maturi...Conference THE FUTURE IS DATA Panel: Leaders of the European Open Data Maturi...
Conference THE FUTURE IS DATA Panel: Leaders of the European Open Data Maturi...
 
Mejora de la adecuación de los sistemas de la Administración General del Esta...
Mejora de la adecuación de los sistemas de la Administración General del Esta...Mejora de la adecuación de los sistemas de la Administración General del Esta...
Mejora de la adecuación de los sistemas de la Administración General del Esta...
 
Código de interoperabilidad - Introducción
Código de interoperabilidad - IntroducciónCódigo de interoperabilidad - Introducción
Código de interoperabilidad - Introducción
 
El Centro Europeo de Competencias en Ciberseguridad
El Centro Europeo de Competencias en CiberseguridadEl Centro Europeo de Competencias en Ciberseguridad
El Centro Europeo de Competencias en Ciberseguridad
 
V Encuentros CCN ENS. Novedades, retos y tendencias
V Encuentros CCN ENS. Novedades, retos y tendenciasV Encuentros CCN ENS. Novedades, retos y tendencias
V Encuentros CCN ENS. Novedades, retos y tendencias
 
Quien hace el Esquema Nacional de Seguridad ENS
Quien hace el Esquema Nacional de Seguridad ENSQuien hace el Esquema Nacional de Seguridad ENS
Quien hace el Esquema Nacional de Seguridad ENS
 
Quien hace el ENI
Quien hace el ENIQuien hace el ENI
Quien hace el ENI
 
Contexto Europeo de Ciberseguridad
Contexto Europeo de CiberseguridadContexto Europeo de Ciberseguridad
Contexto Europeo de Ciberseguridad
 
El nuevo ENS ante la ciberseguridad que viene
El nuevo ENS ante la ciberseguridad que vieneEl nuevo ENS ante la ciberseguridad que viene
El nuevo ENS ante la ciberseguridad que viene
 
CryptoParty 2022. El Esquema Nacional de Seguridad para principiantes
CryptoParty 2022. El Esquema Nacional de Seguridad para principiantesCryptoParty 2022. El Esquema Nacional de Seguridad para principiantes
CryptoParty 2022. El Esquema Nacional de Seguridad para principiantes
 
Medidas del Estado para garantizar la seguridad en la Administración Pública
Medidas del Estado para garantizar la seguridad en la Administración PúblicaMedidas del Estado para garantizar la seguridad en la Administración Pública
Medidas del Estado para garantizar la seguridad en la Administración Pública
 
La preservación digital de datos y documentos a largo plazo: 5 retos próximos
La preservación digital de datos y documentos a largo plazo: 5 retos próximosLa preservación digital de datos y documentos a largo plazo: 5 retos próximos
La preservación digital de datos y documentos a largo plazo: 5 retos próximos
 
INAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedades
INAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedadesINAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedades
INAP- SOCINFO. El nuevo Esquema Nacional de Seguridad: principales novedades
 
Presente y futuro de la administración electrónica
Presente y futuro de la administración electrónicaPresente y futuro de la administración electrónica
Presente y futuro de la administración electrónica
 
El nuevo Esquema Nacional de Seguridad. Jornadas CRUE TIC La Laguna
El nuevo Esquema Nacional de Seguridad. Jornadas CRUE TIC La LagunaEl nuevo Esquema Nacional de Seguridad. Jornadas CRUE TIC La Laguna
El nuevo Esquema Nacional de Seguridad. Jornadas CRUE TIC La Laguna
 
IV Encuentro ENS - El nuevo Esquema Nacional de Seguridad
IV Encuentro ENS - El nuevo Esquema Nacional de SeguridadIV Encuentro ENS - El nuevo Esquema Nacional de Seguridad
IV Encuentro ENS - El nuevo Esquema Nacional de Seguridad
 
Revista SIC. El nuevo esquema nacional de seguridad
Revista SIC. El nuevo esquema nacional de seguridadRevista SIC. El nuevo esquema nacional de seguridad
Revista SIC. El nuevo esquema nacional de seguridad
 
El nuevo Esquema Nacional de Seguridad
El nuevo Esquema Nacional de SeguridadEl nuevo Esquema Nacional de Seguridad
El nuevo Esquema Nacional de Seguridad
 
Actualización del ENS. Presentación CCN-CERT / SGAD
Actualización del ENS. Presentación CCN-CERT / SGADActualización del ENS. Presentación CCN-CERT / SGAD
Actualización del ENS. Presentación CCN-CERT / SGAD
 
Implementation of the European Interoperability framework in Spain
Implementation of the European Interoperability framework in SpainImplementation of the European Interoperability framework in Spain
Implementation of the European Interoperability framework in Spain
 

Recently uploaded

Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Sareena Khatun
 
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Sareena Khatun
 
Premium Prayagraj ❤️🍑 6378878445 👄🫦Independent Escort Service
Premium Prayagraj ❤️🍑 6378878445 👄🫦Independent Escort ServicePremium Prayagraj ❤️🍑 6378878445 👄🫦Independent Escort Service
Premium Prayagraj ❤️🍑 6378878445 👄🫦Independent Escort Service
vershagrag
 
Call Girls Umbergaon / 8250092165 Genuine Call girls with real Photos and Number
Call Girls Umbergaon / 8250092165 Genuine Call girls with real Photos and NumberCall Girls Umbergaon / 8250092165 Genuine Call girls with real Photos and Number
Call Girls Umbergaon / 8250092165 Genuine Call girls with real Photos and Number
Sareena Khatun
 
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
HyderabadDolls
 
Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In MumbaiVasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Priya Reddy
 
Our nurses, our future. The economic power of care.
Our nurses, our future. The economic power of care.Our nurses, our future. The economic power of care.
Our nurses, our future. The economic power of care.
Christina Parmionova
 
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
gajnagarg
 
independent Call Girls Tiruvannamalai 9332606886Call Girls Advance Cash On D...
independent Call Girls Tiruvannamalai 9332606886Call Girls Advance Cash On D...independent Call Girls Tiruvannamalai 9332606886Call Girls Advance Cash On D...
independent Call Girls Tiruvannamalai 9332606886Call Girls Advance Cash On D...
Sareena Khatun
 
Call Girl Service in West Tripura 9332606886Call Girls Advance Cash On Deliv...
Call Girl Service in West Tripura 9332606886Call Girls Advance Cash On Deliv...Call Girl Service in West Tripura 9332606886Call Girls Advance Cash On Deliv...
Call Girl Service in West Tripura 9332606886Call Girls Advance Cash On Deliv...
ruksarkahn825
 
Call girls Service Budhwar Peth - 8250092165 Our call girls are sure to provi...
Call girls Service Budhwar Peth - 8250092165 Our call girls are sure to provi...Call girls Service Budhwar Peth - 8250092165 Our call girls are sure to provi...
Call girls Service Budhwar Peth - 8250092165 Our call girls are sure to provi...
Sareena Khatun
 
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
kumargunjan9515
 

Recently uploaded (20)

Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
 
Time, Stress & Work Life Balance for Clerks with Beckie Whitehouse
Time, Stress & Work Life Balance for Clerks with Beckie WhitehouseTime, Stress & Work Life Balance for Clerks with Beckie Whitehouse
Time, Stress & Work Life Balance for Clerks with Beckie Whitehouse
 
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
 
Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)
 
Premium Prayagraj ❤️🍑 6378878445 👄🫦Independent Escort Service
Premium Prayagraj ❤️🍑 6378878445 👄🫦Independent Escort ServicePremium Prayagraj ❤️🍑 6378878445 👄🫦Independent Escort Service
Premium Prayagraj ❤️🍑 6378878445 👄🫦Independent Escort Service
 
Call Girls Umbergaon / 8250092165 Genuine Call girls with real Photos and Number
Call Girls Umbergaon / 8250092165 Genuine Call girls with real Photos and NumberCall Girls Umbergaon / 8250092165 Genuine Call girls with real Photos and Number
Call Girls Umbergaon / 8250092165 Genuine Call girls with real Photos and Number
 
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
 
Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In MumbaiVasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
 
Our nurses, our future. The economic power of care.
Our nurses, our future. The economic power of care.Our nurses, our future. The economic power of care.
Our nurses, our future. The economic power of care.
 
2024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 312024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 31
 
The NAP process & South-South peer learning
The NAP process & South-South peer learningThe NAP process & South-South peer learning
The NAP process & South-South peer learning
 
PPT Item # 7&8 6900 Broadway P&Z Case # 438
PPT Item # 7&8 6900 Broadway P&Z Case # 438PPT Item # 7&8 6900 Broadway P&Z Case # 438
PPT Item # 7&8 6900 Broadway P&Z Case # 438
 
Financing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCCFinancing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCC
 
The Outlook for the Budget and the Economy
The Outlook for the Budget and the EconomyThe Outlook for the Budget and the Economy
The Outlook for the Budget and the Economy
 
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
 
independent Call Girls Tiruvannamalai 9332606886Call Girls Advance Cash On D...
independent Call Girls Tiruvannamalai 9332606886Call Girls Advance Cash On D...independent Call Girls Tiruvannamalai 9332606886Call Girls Advance Cash On D...
independent Call Girls Tiruvannamalai 9332606886Call Girls Advance Cash On D...
 
Call Girl Service in West Tripura 9332606886Call Girls Advance Cash On Deliv...
Call Girl Service in West Tripura 9332606886Call Girls Advance Cash On Deliv...Call Girl Service in West Tripura 9332606886Call Girls Advance Cash On Deliv...
Call Girl Service in West Tripura 9332606886Call Girls Advance Cash On Deliv...
 
Finance strategies for adaptation. Presentation for CANCC
Finance strategies for adaptation. Presentation for CANCCFinance strategies for adaptation. Presentation for CANCC
Finance strategies for adaptation. Presentation for CANCC
 
Call girls Service Budhwar Peth - 8250092165 Our call girls are sure to provi...
Call girls Service Budhwar Peth - 8250092165 Our call girls are sure to provi...Call girls Service Budhwar Peth - 8250092165 Our call girls are sure to provi...
Call girls Service Budhwar Peth - 8250092165 Our call girls are sure to provi...
 
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
 

The National Security Framework of Spain

  • 1. 0 The National Security Framework (ENS - Esquema Nacional de Seguridad) 29th Plenary Meeting of the NIS Cooperation Group 29th November 2023 Miguel A. Amutio Deputy DG for Cybersecurity Planning and Coordination General Secretariat for Digital Government Secretary of State for Digitization and Artificial Intelligence Ministry for Digital Transformation
  • 2. 1 2010 2014 -16 2017 National Security Strategy 2017 Regulation eIDAS GDPR NIS Directive Updated ENS Technical Security Instructions • Compliance with ENS • Annual Repport Administrative Laws 39/2015, 40/2015 ICT Strategy – Shared Services Declaration (includes Shared Managed Security Services) National Security Framework National Interoperability Framework 2018 ENS Instructions • Auditing • Notification of incidents CoCENS Council for Certification of ENS NIS transposition Law Data Protection (Adding to GDPR) Regulation Critical Infrastructure Protection National Cybersecurity Strategy 2013 Risk Analysis Methodology Magerit v3 2011-13 2019 Cybersecurity Regulation National Guide on Notification of Cyberincidents National Cybersecurity Strategy 2019 Ministers Council Agreement on the Cybersecurity Operations Center of the General State Administration EU Digital Strategy EU Strategy for Data EU on AI White Paper EU Cybersecurity Package España Digital 2025 National Cybersecurity Forum Regulation ECCC Development of NIS Transposition Plan for Digitization of Public Administrations 2021 – 20215 Recovery Plan (Next generation EU funding) Ministers Council Agreement Action Plan on Cybersecurity 2020 2021 2022 RDL 7/2022 Security 5G Cybersecurity National Plan New National Security Framework Proposal Regulation Cybersecurity EUIBAS Proposal Regulation information security EUIBAS Council Conclusions on protection of supply chain Directive 2022/2555 NIS2 Regulation 2022/2554 DORA Directive 2022/2557 CER European Cybersecurity Skills Framework (ECSF) 2022 2023 Communication Cyber Skills Academy Adequacy Decision EU-US Data Privacy Framework Proposal Cybersolidarity Act Proposal modification Cybersecurity Act Adenda Recovery Plan Cybersecurity A collective and multidisciplinary effort, sustained along the time Source: Miguel A. Amutio
  • 3. 2 A global approach to cybersecurity Source: Miguel A.Amutio Legal framework Governance Cooperation Community Capabilities Services Solutions Interaction Evolution Digital Government ▪ National Cybersecurity: ▪ CNCS ▪ FNCS ▪ Digital Government ▪ General State ▪ eGov Sectorial Commission ▪ ENS - CoCENS + Funding Certified Products (Catalogue CPSTIC) Strategic context: National (ENCS 2019), European
  • 4. 3 National Security Framework Big decisions, why and how (1/2) Around 2006, when drafting the eGovernment Law, on the basis of previous experience, it was decided to develop a security instrument tailored to the protection needs of information and services provided BY and provided TO Public Administrations (though not limited to the specific need of eGovernment at the time). It should be embedded in the administrative legislation. Aligned with the National and European strategic and legal framework. And it should be the reference for: • Data Protection • Protection of Critical Infrastructures, as well as Essential Services (at least for the ones managed by the Public Sector)
  • 5. 4 National Security Framework Big decisions, why and how (2/2) The National Security Framework was created by the eGovernment Law in 2007. The ENS was first implemented by a Royal Decree in 2010, to be aplicable by all Public Administrations, as a result of a public effort by the public and private sectors. It was included in the Administrative Laws of 2015 which superseded the previous administrative and eGovernment legislation. It was updated in 2015 in the light of experience and evolution of National and European legislation (e.g. eIDAS, etc.) The ENS was revamped in 2022: • To be aligned with the current National and European strategic and legal framework. • To introduce flexibility that facilitates implementation for specific contexts (e.g. Local Entities, etc.). • To respond to cybersecurity need and trends.
  • 6. 5 National Security Framework More big decisions It was decided to include Public Administration within Strategic Sectors in the legislation for the Protection of Critical Infrastructures. In the transposition of NIS1: • It was decided to align the identification of essential services and their operators with the procedures defined for the designation of Operators of Critical Infrastructures. • The security obligations of essential service operators and digital service providers refer to the National Security Framework (ENS) as a reference. In the COMMISSION IMPLEMENTING REGULATION (EU) 2015/1501 of 8 September 2015 on the interoperability framework pursuant to Article 12(8) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market, article 10 states: Information assurance and security standards: 1. Node operators of nodes providing authentication shall prove that, in respect of the nodes participating in the interoperability framework, the node fulfils the requirements of standard ISO/IEC 27001 by certification, or by equivalent methods of assessment, or by complying with national legislation.
  • 7. 6 National Security Framework Embedded in Administrative Legislation “The National Security Framework aims to establish the security policy within the scope of this Law, and it is constituted by the basic principles and minimum requirements that adequately guarantee the security of the information processed.” (Ar. 156) Security, a general principle of action by Public Administrations “The Public Administrations will interact with each other and with their linked or dependent bodies, public organizations and entities through electronic means, which ensure the interoperability and security of the systems and solutions adopted by each of them, they will guarantee the protection of data, and they will preferably facilitate the joint provision of services to interested parties.” (Art. 3.2) Law 40/2015 on the Legal Regime of the Public Sector Rights of citizens To the protection of personal data, and, in particular, to the security and confidentiality of the data in the files, systems and applications of the Public Administrations. Art. 13 h) Law 39/2015 on the Common Administrative Procedure of Public Administrations
  • 8. 7 National Security Framework General objectives Create the necessary conditions of trust through measures to guarantee security, enabling citizens and Public Sector entities to exercise their rights and fulfil their duties. Promote: • Continuous management of security. • Prevention, detection and response to cyber threats and cyber attacks. • Homogeneous approach to security that facilitates cooperation in the provision of services by means of a common language and elements appropriate to the Public Sector. Provide leadership on best practices. Facilitate interoperability of data and services supporting the National Interoperability Framerwork.
  • 9. 8 An overview (RD 311/2022) • General provisions, object, scope of application, … (arts. 1 – 4) • Basic principles, which serve as a guide. (arts. 5 – 11) • Security policy and minimum requirements, mandatory compliance. (arts. 12 – 28) • Categorization of systems for the adoption of proportionate security measures (arts. 28, 40, 41, Annexes I and II) • Procurement of security products and services. Use of certified products. Role of the Certification Body (OC-CCN) (art. 19 and Annex II) • Use of common infrastructure and services (art. 29) • Specific compliance profiles (art. 30) • The security audit that verifies compliance with the ENS. (art. 31 and A-III) • Annual Report on the Security Status (art. 32) • Response to security incidents (arts. 33 and 34) • Compliance with the ENS (arts. 35 to 38) • Permanent updating (art. 39) • Training (D.a. 1st) • Technical security instructions (D.a. 2nd) • Security guides (D.a. 2nd) • Systems adaptation (d.t.u) -> 24 months • Annex I. System security categories • Annex II. Security measures • Annex III. Security audit • Annex IV. Glossary 41 Articles 4 Annexes English version available (*) (*) Link to the English version: https://administracionelectronica.gob.es/dam/jcr:eb23ff83-ebdb-487e-abd2- 8654f837794f/RD_311-2022_of-3_May_ENS.pdf Link to the official version in Spanish: https://www.boe.es/eli/es/rd/2022/05/03/311
  • 10. 9 ▪ The whole Public Sector in Spain. ▪ Systems that handle classified information. ▪ Providers of services and solutions to entities of the Public Sector. ▪ Public sector entities and third parties providing services to them, in the processing and protection of personal data. ▪ And… ▪ The calls for procurement will include the requirements to ensure compliance with the ENS (extended to the supply chain on the basis of risk analysis). ▪ Providers should have a security policy. ▪ Providers of outsourced services shoud have a Point of Contact for the security of information handled and services provided, and for incident management. It is aplicable to…
  • 11. 10 Compliance Monitoring Annual Report - Support, Guides and Tools Legal base Scope ✓Public Sector Classified Information Technical Instructions ✓Royal Decree 3/2010 ✓Updated 2015 ✓Royal Decree 311/2022 Administrative laws 40/2015 y 39/2015 ✓ Annual Report ✓ Compliance with the ENS ✓ Audit ✓ Notification of incidentes ✓ Certifiers accredited by ENAC ✓ Certified entities (public/private) ✓ Council for the Certification of ENS (CoCENS) ✓> 100 Guides CCN-STIC Series 800 - ✓> 23 Solutions by References ✓ 9 Editions of the Annual Report ✓ Law 3/2018 (add to GDPR) ✓ Transposition of NIS - RD-l 12/2018 - RD 43/2021 ✓ ✓ Providers Supply Chain (on the basis of Risk analisys) ✓ Development Specific Profiles > 10 Specific Profiles for: - Local Entities - Cloud environments - Others ✓
  • 12. 11 Organizational framework 4 Security policy Security regulations Security procedures Authorization process Operational framework 33 Protection measures 36 Planning (5) Access control (6) Operation (10) External resources (4) Cloud services (1) Continuity of service (4) System monitoring (3) Facilities and infrastrucure (7) Staff management (4) Protection of equipment (4) Protection of communications (4) Protection of information media (5) Protection of IT applications (2) Protection of information (6) Protection of services (4) Source: ENS Infographics Organizational framework: measures related to the global organization of security. Operational framework: measures to be taken to protect the operation of the system as an integral set of components for an end. Protection measures: focus on protecting specific assets, depending on their nature and the quality required by the level of security of the dimensions concerned. Proportionate to 3 categories (High, Medium, Low) and 5 security dimensions (Confidentiality [C], Integrity [I], Accountability [Acc], Authenticity [Auth], Availability [A]) Security Measures (I/IV)
  • 13. 12 Organizational framework: measures related to the global organization of security. Operational framework: measures to be taken to protect the operation of the system as an integral set of components for an end. Protection measures: focus on protecting specific assets, depending on their nature and the quality required by the level of security of the dimensions concerned. Security Measures (II/IV) The security measures provided by ENS satisfy the measures by NISCG In relation to article 21, with added value (coding, levels, reinforcements)
  • 14. 13 Organizational framework: measures related to the global organization of security. Operational framework: measures to be taken to protect the operation of the system as an integral set of components for an end. Protection measures: focus on protecting specific assets, depending on their nature and the quality required by the level of security of the dimensions concerned. Security Measures (III/IV) The security measures provided by ENS satisfy the measures by NISCG In relation to article 21, with added value (coding, levels, reinforcements)
  • 15. 14 Security measures, their requirements, and reinforcements are coded to facilitate both implementation and auditing. Example: Security Measures (IV/IV)
  • 16. 15 ✓ Specific compliance profiles (art. 30): They will include the set of security measures that, because of the mandatory risk analysis, are suitable for a specific security category. ✓ Profiles seek to introduce the ability to adjust the ENS requirements to the specific needs of certain: • Groups: Local Entities, Universities, Paying Agencies,… • Technological areas: cloud services,… Examples: ✓ CCN-STIC-881A. Perfil de Cumplimiento Específico Universidades ✓ CCN-STIC 883A Perfil de Cumplimiento Específico Ayuntamientos pequeños (menos de 5.000 habitantes) ✓ CCN-STIC 883B Perfil Cumplimiento Específico Ayuntamientos de menos de 20.000 habitantes ✓ CCN-STIC 883C Perfil de Cumplimiento Específico Ayuntamientos de entre 20.000 y 75.000 habitantes ✓ CCN-STIC 883D Perfil de Cumplimento Específico Diputaciones ✓ CCN-STIC-884 Perfil de cumplimiento específico para Azure Servicio de Cloud Corporativo ✓ CCN-STIC-885 Perfil de cumplimiento específico para Office 365 Servicio de Cloud Corporativo ✓ CCN-STIC-886 Perfil de cumplimiento específico para Sistemas Cloud Privados y Comunitarios ✓ CCN-STIC-887 Perfil de cumplimiento específico para AWS Servicio de Cloud Corporativo ✓ CCN-STIC-888 Perfil de Cumplimiento Específico para Google Cloud Servicio de Cloud Corporativo Responding to specific needs
  • 17. 16 Procedure and roles, in the light of experience and on the basis of the roles defined in the transposition of NIS1. Role of CISRTs: • CCN-CERT, notified by entities of the Public Sector, and national coordinator • INCIBE-CERT, notified by entities of the Private Sector • ESPDEF-CERT, notified by entities in the scope of National Defense Role of the General Secretariat for Digital Government, SGAD, provider of common and shared services, in collaboration with the CCN-CERT. Role of the Ministry of Interior (Cybersecurity Coordination Office, OCC), involved when an essential operator who has been designated as a critical operator suffers an incident. Response to cybersecurity incidentes
  • 18. 17 Use of certified products on the basis of proportionality. Role of the Catalogue of Information and Communication Technology Security Products and Services (CPSTIC) recognized. It offers a set of reference products whose security functionalities have been certified. The instruments for central procurement refer to the ENS for security requirements and to the means to show the compliance. Procurement of security products e.g. DYNAMIC SYSTEM FOR PROCUREMENT OF SYSTEM, DEVELOPMENT AND APPLICATION SOFTWARE SUPPLIES, OF THE STATE CENTRALIZED PROCUREMENT SYSTEM - SDA 25 The specifications for the procurement include: - Security requirements - How to show the compliance with the security requirements by means of the reference to: - National Security Framework (ENS) - Catalogue of Information and Communication Technology Security Products and Services (CPSTIC) or equivalent - Reference to (coming) European certification schemas
  • 19. 18 Those in scope should show compliance with the ENS. Public Sector Entities, service providers or solution providers: same procedures and documents. Certification entities Accreditation by in accordance with UNE-EN ISO/IEC 17065, for certification of systems within the scope of application of the ENS. Declaration of Compliance Applicable to Basic category information systems. Self-assessment for the declaration. Certification of Compliance Mandatory application to information systems of Medium or High categories and voluntary application in Basic category. Audit for certification. Labels Compliance ✓ It allows the unification of criteria of certifying entities through the ENS Certification Council (CoCENS). ✓ At any time, any person or entity can consult the status of a Certification of Compliance with the ENS, in a centralized portal maintained by the CCN based on the information provided by the certification entities.
  • 20. 19 Monitoring - Annual Report ▪ Article 32. Security status report ▪ Security Measurement: 4.7.2 Metric System [op.mon.2] There is a tool for collecting and consolidating data for the State of Security Report Main contents of the report: - General information about organisms - Risk management - Organizational security information - Economic and human resources - Security measures of Annex II of the ENS.In - formation about interconnections - Security application (authentication methods, outsourced services, change management, continuity of services, training, awareness...) - Incident management (number and response times). - Audits and certifications. Versions of the report: Global and by context 177 218 877 55 Participation by type of organism Year 2022 General State Admin Regions Local Bodies Universities 768 898 933 1008 1327 886 1078 1187 1283 1747 500 800 1100 1400 1700 2000 2018 2019 2020 2021 2022 Developments in participation Included in the report Registered in Governance 1327 bodies + 30% compared to 2021 Some figures of 9 edition:
  • 21. 20 A global approach to cybersecurity Source: Miguel A.Amutio Legal framework Governance Cooperation Community Capabilities Services Solutions Interaction Evolution Digital Government ▪ National Cybersecurity: ▪ CNCS ▪ FNCS ▪ Digital Government ▪ General State ▪ eGov Sectorial Commission ▪ ENS - CoCENS + Funding Certified Products (Catalogue CPSTIC) Strategic context: National (ENCS 2019), European
  • 22. 21 General State Administration Gobernanza y Cooperación TIC Working Groups (…ENS, COCS) Sectorial Commission for eGovernment Public Administrations Working Groups (…WG Security) CIO (SGAD) Council for the Certification of ENS Established: 2018 Presidence: CCN Members: SGAD, ENAC, accredited certifies of the ENS Mission: Implementation of the certification of the compliance with the ENS + Community Cooperation, Governance, Community
  • 23. 22 A global approach to cybersecurity Source: Miguel A.Amutio Legal framework Governance Cooperation Community Capabilities Services Solutions Interaction Evolution Digital Government ▪ National Cybersecurity: ▪ CNCS ▪ FNCS ▪ Digital Government ▪ General State ▪ eGov Sectorial Commission ▪ ENS - CoCENS + Funding Certified Products (Catalogue CPSTIC) Strategic context: National (ENCS 2019), European
  • 24. 23 Capacities, services and solutions ✓ COCS provides SOC horizontal cybersecurity services. ✓ It facilitates compliance with the ENS. ✓ > 100 entities within its scope (General State Administration) ✓ Catalogue of solutions provided by the CCN-CERT. ✓ Audit, detection, SIEM, CTI exchange, … ✓ They facilitate the implementation of the ENS. ✓ National Network of SOCs. ✓ Collaboration and exchange of information between the SOCs of the Spanish public sector. ✓ 141 Members, 89 public entities, 52 providers (31 Gold, 21 Informed) ✓ Promotion of cybersecurity capacities in regional governments and local entities.
  • 25. 24 European Crossborder Platform for the Exchange of Cyberintelligence info ✓ EU funding DIGITAL ✓ Cybersecurity Work Prgramme ✓ Cross-border platforms for pooling data on Cybersecurity threats between several Member States ✓ Call for Expression of Interest to select entities in Member States and other elligible countries willing to deploy and manage cross-border SOC platforms. ENSOC Architecture
  • 26. 25 A global approach to cybersecurity Source: Miguel A.Amutio Legal framework Governance Cooperation Community Capabilities Services Solutions Interaction Evolution Digital Government ▪ National Cybersecurity: ▪ CNCS ▪ FNCS ▪ Digital Government ▪ General State ▪ eGov Sectorial Commission ▪ ENS - CoCENS + Funding Certified Products (Catalogue CPSTIC) Strategic context: National (ENCS 2019), European
  • 27. 26 Funding Agreement of the Council of Ministers on Urgent Measures on Cybersecurity (25.05.2021) Line 2 - Action 5 Meausure 9 April 2019 July 2020 October 2021 January 2021 May 2021 Funding Next Generation EU Funding from Nex Generation EU through the Plan for Recovery, Transformation and Resilience: ✓ Cybersecurity Operations Center of the General State Administration (COCS) ✓ Solutions provided by CCN-CERT required by the COCS ✓ Improvement of the implementation of the ENS in the General State Administration. ✓ Cybersecurity capacities in other Public Administrations, Regional Governments, and, particularly, Local Entities, as well as improvement of the implementation of the ENS. ✓ Other investments in cybersecurity.
  • 28. 27 • Regulation 910/2014 eIDAS • Regulation 2016/679 GDPR • Regulation 2019/881 Cybersecurity Act • Regulation 2021/887 ECCC • Directive 2016/1148 NIS • Regulation 2018/1724 Single Digital Gateway • Regulation 2022/2554 DORA • Directive 2022/2555 NIS2 • Directiva 2022/2557 resilience of critical entities (CER) • Regulation 2022/868 Data Governance Act • Council Conclusions on security of the Supply Chain • EU Policy on Cyber Defence • Adequacy Decision EU-US Data Privacy Framework • Proposal Regulation Artificial Intelligence • Proposal Regulation Data Act • Proposal Regulation Europa Interoperable • Proposal Cyberresilience Act (CRA) • Proposal Regulation eIDAS2 • Proposal Regulation on Cybersecurity of EU Institutions • Proposal Regulation on information security of EU Institutions • Proposals European Certification Schemes (EUCC, EUCS) • Proposal Cybersolidarity Act • Proposal modification Cybersecurity Act (No exhaustivo) • Multi Stakeholder Platform for ICT Standards • CIO Network • Expert Group on Interoperability • Group Coordination SDG • European Blockchain Services Infrastructure • eIDAS Expert Group • … • European Cybersecurity Competence Center (ECCC) • Network of NCCs • Group Cooperation NIS • CyCLONe – European Cyber Crises Liaison Organisation Network • Joint Cyber Unit – Cooperation of Cybersecurity Communities • International Cooperation on Cybersecurity standards and specifications • Cooperation with third countries, … • Trans-European TESTA Network • CEF Building Blocks, … • ENISA • CERT-EU (for EUIBAS) • CSIRT Network, … • Next Generation EU • Digital Europe Programme - Cybersecurity • Horizon Europe • Other instruments for funding Cooperation Governance Community Legal Framework Operational capacities Services Solutions Funding ▪ Alignment ▪ Transposition ▪ Implementation ▪ Participation ▪ Contribution to factsheets, etc. EU Cybersecurity Context
  • 29. 28 Photo by Annie Spratt on Unsplash Measures for Risk management • Security policies • Incident management (prevention, detection and response) • Continuity of activities • Supply chain security • Security in acquisition, development and maintenance of networks and systems. Supply chain • Policies and procedures to evaluate the effectiveness of measures. • Basic cyber hygiene practices and cybersecurity training. • Policies and procedures relating to cryptography and encryption • Human resources security,… • Specific vulnerabilities of supplier and service providers. The ENS positions Spain in a favorable condition for the agile implementation of the transposition of the NIS2 Directive. Enlarged scope: Public Administration (General State, Regional Govs; Local Entities, to be determined) Main obligations for entities in the scope: Public Administrations, in the scope of NIS2
  • 30. 29 Conclusions ✓ The ENS provides basic principles and security requirements, proportionality through categorization, updated security measures, flexibility mechanisms through specific profiles, plus accreditation and compliance mechanisms through a certification scheme with ENAC, as well as monitoring through the Annual Report on the state of security, along with more than 100 support guides and a collection of support tools provided by the CCN-CERT. ✓ Applicable to the whole public sector, systems that handle classified information, and providers of solutions and services. ✓ Global approach which engages legal framework; governance cooperation and community; capacities, solutions and services; and funding. ✓ Aligned with cybersecurity context, tailored to digital government including aspects not treated in standards, but coherent with international standards. ✓ It is flexible. At the same time enables harmonization of criteria. Continuously tuned to the evolution of threat on information systems. The ENS satisfy the measures proposed by NISCG for article 21. ✓ 13 years of experience. ✓ A sound basis for the implementation of NIS2 in Spain.
  • 32. 31 Many thanks 29th Plenary Meeting of the NIS Cooperation Group 29th November 2023