Home / Blog / Filter / Blog
Subscribe to CERTSI - Blog RSS

Blog

Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
Post related to: Policies
International cyberresilience frameworks for critical infrastructures

International cyberresilience frameworks for critical infrastructures

Posted on 09/16/2021, by INCIBE
This article reviews some of the most representative cybersecurity and cyberresilience frameworks that can be found in Spain, Europe, the US and the UK, and whose adoption can help organisations to further improve their cybersecurity protection capabilities.
GOOSE

Security in the GOOSE protocol

Posted on 08/06/2020, by INCIBE
After the articles “IEC 61850 Standard, all for one and one for all” and “Multicast security in IEC 61850”, it is useful to add more information about the cybersecurity guidelines set out in the IEC 62351 standard with respect to the GOOSE protocol. An explanation will be made of the operation of the protocol, the weaknesses it presents and the appropriate security measures to protect it against possible attackers.
IMC ANTICIPATING

ANTICIPATING: one of the four goals of cyberresilience

Posted on 06/11/2020, by INCIBE
Anticipating is one of the four aims of cyberresilience. It consists of maintaining a state of informed readiness, in order to prevent essential services from being compromised in the event of a cyberattack. To measure the objectives of this aim, its three functional domains are analysed: cybersecurity policies, risk management and cybersecurity training.
Cyber-resilience

Cyber-resilience: the key to overcoming incidents

Posted on 05/14/2020, by INCIBE
The goal of cyber-resilience for an organization, whether or not it belongs to a strategic sector, whether or not it provides one of these digital services, is to maintain its primary purpose and integrity in the face of a cybersecurity threat or attack to an ideal level. Continuous detection processes must be established given that total prevention will never be guaranteed.
CVSS3.1

Measuring the severity of vulnerabilities: changes in CVSS 3.1

Posted on 08/01/2019, by Hugo Rodríguez Santos (INCIBE)
The open and most-widely-used framework for communication and vulnerability scoring, the CVSS (Common Vulnerability Scoring System), has been updated, incorporating improvements in its new version 3.1 with respect to the previous one. This standard assesses the severity of computer systems vulnerabilities and assigns them a score of 0 to 10.

Pages