20 Aniversario Centro Criptológico Nacional

CCN-CERT

CCN-CERT

WE WORK TO STRENGTHEN LA CYBERSECURITY IN SPAIN

We help improve the Public Administration's prevention, detection, and response capabilities to cyber threats. We promote the creation of a unique cyber shield for Spain.

Know more

CCN-CERT

ANTICIPATION

We make our cybersecurity solutions available to the Administration for better protection of information and Spanish public services.

Know more

CCN-CERT

UNIT OF ACTION

We coordinate the national response to security incidents. In critical situations, we provide human and technical support at national and international levels to limit the impact of incidents.

Know more

CCN-CERT

CYBER INTELLIGENCE

We detect active cyber threats. We investigate the tactics, techniques and procedures of threat actors to warn of actions against national interests.

Know more

CCN-CERT

COMMUNITY

We promote public-private collaboration. We lead the exchange of technical information on cyber threats.

Know more

Published: 26 October 2015

There is a number of procedures to report an incident to the CCN-CERT:

LUCIA tool for those organizations participating in the National Security Scheme.
Via email

Please write a detailed description of the incident and contact information (at least an email address and a telephone number). In this case, the message needs to be encrypted and identity authenticated. Please find our PGP/GPG key in our web site.

More information

Compartir información, crear comunidad: cómo la notificación de incidentes contribuye a mejorar la ciberseguridad nacional (infografía)

Published: 26 October 2015

The information below is made up of excerpts from a number of CCN-STIC Guides and incident management related documents. The Security Policy of any organization should comply with these guidelines, and consider the following aspects:

Why is it necessary to report an incident?
Incident classification according to the nature and origin of the threat, the profile of the affected user, the number and type of affected systems and its potential impact.
Level of threat of cyber incidents: critical, very high, high, medium, low. Please find below:
- Priority incidents for CCN-CERT
- Guide CCN-STIC 817
Impact of the cyber incident: low (limited damage), medium (serious damage) and high (very serious damage).
Causes of the cyber incident.
Cases in which incident reporting to CCN-CERT is compulsory, if detected in the Public Administration. Please find below:
- Is it compulsory to report certain incidents to the CCN-CERT?

Further information

Royal Decree 3/2010, of 8 January, regulating the National Security Scheme (articles 24 and 37)
Guide CCN-STIC 403 Management of Security Incidents
CCN-STIC 817 Management of Security Incidents
Claves para la gestión de ciberincidentes (infografía)

Published: 21 October 2015

The CCN-CERT, as the National Government CERT, partners with Spanish public bodies and companies of strategic interest to detect, report, evaluate, counter, handle and learn from information security incidents or cyber incidents that may affect their systems.

Throughout this process —which always ensures strict confidentiality between the parties—, the CCN-CERT provides technical and operational support to detect, react, contain and defeat incidents. A preventive approach is also implemented, and a team of experts investigates the techniques, trends, solutions and the most appropriate procedures to counter incidents, including methodologies to gather and analyze data and events, and procedures to assess the risk level and to determine priority.

The CCN-CERT also operates as a Cyber Incident Information Exchange Node in the Information Systems of the Public Administrations, and as the main coordinator of information exchange among the relevant entities.

As the National Government CERT, it participates in international forums attended by counterparts from a number of countries, which provides it with very valuable information to manage any incident efficiently and swiftly.

Published: 21 October 2015

CCN-STIC-401 Glossary and abbreviations

Document	Released	Updated	Descargar
CCN-STIC-401 Glosario y Abreviaturas	Jul 2014	Ago 2015	Descargar
CCN-STIC-401 Glosario y Abreviaturas (HTML)	Jul 2014	Ago 2015	Ver

Published: 21 October 2015

WE WORK TO STRENGTHEN LA CYBERSECURITY IN SPAIN

We help improve the Public Administration's prevention, detection, and response capabilities to cyber threats. We promote the creation of a unique cyber shield for Spain.

ANTICIPATION

We make our cybersecurity solutions available to the Administration for better protection of information and Spanish public services.

UNIT OF ACTION

We coordinate the national response to security incidents. In critical situations, we provide human and technical support at national and international levels to limit the impact of incidents.

CYBER INTELLIGENCE

We detect active cyber threats. We investigate the tactics, techniques and procedures of threat actors to warn of actions against national interests.

COMMUNITY

We promote public-private collaboration. We lead the exchange of technical information on cyber threats.

Incident reporting

Incident Management Guidelines

Incident Management

Glossary of terms (CCN-STIC 401)

Document

Released

Updated

Descargar

FAQ

ENS

More Articles …