Spain steps up controls over cyber crime
By drawing up its National Cyber-security Incident Notification and Management Guide, Spain has become the first country in the European Union to have a single framework for the notification and management of cyber-security incidents.
The Spanish National Cyber-security Incident Notification and Management Guidelines are a technical document that creates a benchmark in terms of notifying and managing cyber-security incidents within Spanish territory. It provides information security managers with guidelines on reporting cyber-security incidents at public authorities, critical infrastructures and strategic operators under their control, as well as all other entities governed by Spanish Royal Decree-Law 12/2018 on network and information system security.
The Guide, which consist of eight chapters and four annexes, establish a detailed notification model based on a series of impact criteria contained in the document and classify incidents into five levels of danger: critical, very high, high, average and low. One of the main advancements made through this system is its “one-stop point of contact” for the notification of these incidents. This seeks to increase efficiency in the processing of information and to streamline results.
The document lists 38 types of potential incidents in 10 different categories. These are accompanied by a series of descriptions and practical examples aimed at steering communication and supporting the analysis, containment and eradication of the cyber-security incident.