The Universitat de València is the 3rd Spanish university obtaining the ENS Certification (National Protection Map), which guarantees the protection of the information and of the electronic servers offered by the academic institution. This certification is given by the Centro Criptológico Nacional, which depends on the Ministry of Defence. In Spain, only the University of Granada and the Universitat Jaime I of Castelló enjoy this accreditation.
The main objective of the ENS is to create the necessary conditions to trustingly use the electronic media. This is carried out through some measures taken in order to guarantee the protection of information and of the electronic servers, which allows the citizenship and the public administrations to exercise their rights and their obligation’s compliance using this means. Another objective is to establish security policies when using media, under the Spanish 11/1007 Act for an accurate protection of information.
In addition, the initiative pretends to introduce the common elements which shall guide the public administration’s actions regarding the protection of the communication technology. It also pretends to facilitate a common language for the public administrations, and the communication of the security requirements in the Industry.
To sum up, the purpose is to give a homogeneous treatment of the security which facilitates the cooperation in the provision of services of the electronic administration when there is more than one entity implied.
In December of 2018, the Universitat de València successfully presented the ENS certification through an audit on comprehensive security of the Information Systems, which obtained a favourable report. Now the challenges are the increase of the awareness and training of the staff, the improvement in detection and automation of the communication of incidences in audits of technical security with new vectors of attack and detected systems.
As mentioned in the rules regulating the ENS in the field of Electronic Administration, the generalisation of information society largely depends on the trust that the contact though electronic means generate in citizens. In the field of public administrations, the right to communicate with them through electronic means implies a series of obligations which require the incorporation of peculiarities demanding a safety application of these technologies.
The ENS conceives the security as a comprehensive activity, in which punctual actions or conjunctural treatments could not be considered.
Links:
