Members
Miembros
Two CIBERIA project partners, SCAYLE and Cidaut, recently met to advance on the development of the documentation required in the framework of cybersecurity audits, with a particular focus on public administration. This meeting marks a key step in the collaboration between the two entities, which seek not only to strengthen the digital defences of public institutions, but also to align their strategies with the latest European regulations.
During the meeting, they focused on the analysis and review of the documentation to be submitted by the audited companies, with special emphasis on the assessment of their cybersecurity needs and the degree of compliance with their technology strategies. This phase is essential to ensure that the audits are conducted comprehensively, covering both technical and organisational aspects.
In preparing these documents, SCAYLE and Cidaut drew on previous experience in cybersecurity audits, using proven methodologies as a reference. Among them, they highlighted audits based on black box and white box pentesting, two approaches that allow to assess security from different perspectives. While black box pentesting simulates an external attack without prior knowledge of the system, white box pentesting allows for more detailed testing with access to the internal information of the infrastructure. In addition, web security audits were taken into account, a critical area due to the increasing number of threats and attacks targeting web applications.
One of the highlights of the meeting was the identification of synergies between the two organisations, which will allow for the optimisation of common resources and contacts to carry out audits more efficiently. Plans were also discussed to extend the coverage of the audits to a larger number of auditees in the public sector. As part of this process, the implementation of surveys targeting cybersecurity officers was planned in order to obtain detailed information on their strategies and vulnerabilities.
A crucial aspect of this process is compliance with the NIS2 directive, the new European cybersecurity regulation, which requires Member States to strengthen their digital defence capabilities and ensure the resilience of critical infrastructures. The NIS2 directive introduces new obligations for both public and private sector organisations, with the aim of improving coordination and response to cybersecurity incidents.
SCAYLE, the Supercomputing Centre of Castilla y León, is a public entity supported by the regional government and the University of León, whose main objective is to promote research and development in the field of ICT, thus boosting the technological competitiveness of the region. Cidaut, a technology centre with a long track record in applied research, specialises in improving business competitiveness through the generation of knowledge and technological innovation.