The information below is made up of excerpts from a number of CCN-STIC Guides and incident management related documents. The Security Policy of any organization should comply with these guidelines, and consider the following aspects:
- Why is it necessary to report an incident?
- Incident classification according to the nature and origin of the threat, the profile of the affected user, the number and type of affected systems and its potential impact.
- Level of threat of cyber incidents: critical, very high, high, medium, low. Please find below:
◦ Priority incidents for CCN-CERT
◦ Guide CCN-STIC 817 - Impact of the cyber incident: low (limited damage), medium (serious damage) and high (very serious damage).
- Causes of the cyber incident.
- Cases in which incident reporting to CCN-CERT is compulsory, if detected in the Public Administration. Please find below:
◦ Is it compulsory to report certain incidents to the CCN-CERT?
Further information
- Royal Decree 3/2010, of 8 January, regulating the National Security Scheme (articles 24 and 37)
- Guide CCN-STIC 403 Management of Security Incidents
- CCN-STIC 817 Management of Security Incidents
- Claves para la gestión de ciberincidentes (infografía)
