National Framework of Reference for Cybersecurity presented at Eurotux Ecosystem
At a time when news of attacks and threats to organizations of all kinds multiply, cybersecurity is naturally one of the highlighted themes at Eurotux Ecosystem, held in Matosinhos, Portugal, on October 29th, 2019, with the presentation of the National Framework of Reference for Cybersecurity (QNRCS)
Following the increasing European regulation regarding cybersecurity, the National Cybersecurity Centre (CNCS) developed the QNRCS. This document was the focus of the intervention of security and privacy consultant, Henrique Necho, at Eurotux Ecosystem. The Chief Information Security Officer (CISO) presented the main guidelines of the QNRCS, as well as its operational details to the event’s participants.
The QNRCS aims to be a guide for cybersecurity, intended for public or private entities, being based on norms, standards, and best practices (for example, ISO 27001). More than a set of rules, the QNRCS provides a practical approach to the problem of cybersecurity, including useful recommendations for organizations to comply with applicable legislation, but also so they can prepare for responsible risk management and minimize the impacts of eventual incidents.
The QNRCS was developed around five security goals: Identify, Protect, Detect, Respond, and Recover. It includes 102 controls and proposes a life-cycle perspective for an organization’s cybersecurity management, taking into consideration, human, technological, and procedural aspects. It recommends a procedural implementation guided by risk management, allowing organizations to make informed and prioritized decisions in the context of cybersecurity.
As such, the QNRCS aims to help organizations identify potential risks, providing them with the necessary tools for complying with the “minimum security requirements of networks and information systems, and notification of incidents”, as noted by the CNCS in the document’s presentation. To this effect, it includes recommendations for implementing a wide-ranging cybersecurity strategy, in addition to helping to comply with legislation, such as the General Data Protection Regulation (GDPR), namely regarding the obligation of notifying any security or personal data violations.
In a wider scope, the QNRCS has the ambition of enhancing a homogenous response of the national IT sector to cyber-threats, promoting nation-wide trust when using cyberspace and user security. It constitutes a useful guide to safeguard companies and organizations from threats, keeping their reputations intact and legal and/or financial troubles at bay, namely, avoiding convictions and considerable damage payments in court.
The digital security of our network of clients and partners is a priority for Eurotux. Without a high level of maturity in Cybersecurity, there can be no guarantee of an effective and sustainable economic development.
Sustaining business continuity, mitigating risks, and managing the reputation of an organization, are key areas where we can help.
