Seu Electrònica/Seu ElectrònicaUniversitat de València Logo del portal

Security and interoperability

Information security

The Spanish law (Reial Decret 3/2010, de 8 de gener), which regulates the National Security Scheme (ENS) within the Spanish Electronic Administration, aims at creating the necessary trust conditions for the usage of electronic means. This is achieved through actions guaranteeing systems security, data, communications, and electronic services, so that it is facilitated the optimal and secure use of basic ITC means, which are the basis of electronic administrations, of the best exercise of rights and the fulfilment of rights affecting everyone.

The ENS aims, in short, to implement a trusty environment in which information systems provide their services and store data in accordance with their functional specifications, without interruptions, modifications beyond control, nor the information being accessible for unauthorised persons. Trusting, therefore, the equipment and networks will have the capacity to resist accidents or illicit or malicious actions that compromise the availability, authenticity, integrity and confidentiality of the data transmitted or stored and that of the services these networks and systems offer or make accessible.

In this scenario, security not only concerns each system protection or the disproportionate control of the individual actions, but also requires a process of study and analysis evaluating every element as part of a whole, as well as the maximum coordination between different groups, from different functional or technical perspectives and also standardising the procedures applied in each case. It is also essential to follow the criteria and controls that the Spanish considers as essential. According to the Scheme and the experience, security is transversal and integral, leaving no room for ad hoc or undocumented actions. It should be remembered the weakness of a system is determined by its weakest point and this is often the result of poor coordination between individually adequate measures which are poorly coordinated.

To summarise the philosophy of the ENS, its central element is the implementation of a series of basic common principles and minimum requirements by autonomous administrations, town councils and universities. The aim is to ensure the whole of Spain equally understands the risks and solutions and that it has homogeneous quality levels, in accordance with the principle that the security of an organisation is only reliable when it is shared with the rest of the organisations. Coordinating our Office with the ENS always involves paying attention to these principles.

Basic principles and minimum requirements in the ENS:

The basic principles are the foundations which must determine all actions aimed at securing information and services.

a) Integral security.

b) Risk management.

c) Prevention, reaction and recovery.

d) Periodic reassessment.

e) Safety as a differentiating function.

The minimum requirements, which must be fulfilled, are the necessary requirements to ensure information and services.

f) Organisation and implementation of the safety process.

g) Analysis and management of risks.

h) Personnel management.

i) Professionalism.

j) Authorisation and access control.

k) Protection of installations.

l) Acquisition of products.

m) Security by default.

n) System integrity and updating.

o) Protection of the information stored and in transit.

p) Prevention against other interconnected information systems.

q) Activity log.

r) Security incidents.

s) Business continuity.

t) Continuous improvement of the security process.

UV ENS Certificate

In process of renewal, the certificate of compliance with the ENS by the University of Valencia is the following one:

 https://www.uv.es/websiuv/ens/CERT_ENS.jpg