- Open Data and Transparency
- Open government
Improvements to the graphs of tax rates, debt and PMP of the transparency portal
Cyber security is key in the digital transformation of local administrations. To evaluate it, the Digital Maturity Index (IMD) uses the indicators calculated annually by the Cybersecurity Agency of Catalonia (ACC). This year, the ACC has changed its evaluation methodology and we have new indicators for a more complete assessment of the security of local entities.
Until last year, the IMD measured cyber security vulnerability based on the level of exposure to vulnerabilities calculated by the ACC. This indicator was obtained by periodically scanning the Internet-accessible services of local entities using a series of automated vulnerability detection tests without performing any intrusion.
This year the ACC has provided us with a new indicator: the security rating. In addition, we have used the certification information in the National Security Scheme (ENS) published by the National Cryptographic Center.
The first new indicator is the Bitsight Marketplace Solution Cybersecurity Rating, which measures the cybersecurity performance of organizations using data from different sources and generates a score that classifies entities into three categories:
Bitsight conducts an objective and continuous assessment of IT security evaluating aspects such as the presence of vulnerabilities, but also the implementation of security practices or the response to security incidents, others. This assessment improves local authorities' understanding of cyber security compared to the previous indicator.
According to this tool, in 2023, 64% of the 751 local entities evaluated they got a high cyber security rating, 33% intermediate and only 3% low.
The second new indicator assesses whether the local entity has a certificate of compliance with the ENS. The ENS establishes the requirements to guarantee the security of the public administration, i having this certificate demonstrates commitment to safety standards legal
The year 2023 only 9 local entities in Catalonia had a certificate of compliance from the ENS for their management services, beyond the use of certified technological solutions.
The Essential Security Requirements Compliance Profile and the µCeENS methodology allow organizations with difficulties to adapt to the ENS to obtain certification. In this sense, it is necessary to highlight the initiative of the Consell Comarcal del Baix Penedès, in collaboration with the Diputació de Tarragona, to implement this reduced and adapted version of the ENS in municipalities with less than 20.000 inhabitants of the region.
The IMD Cyber Security Indicator is the weighted sum of the two ACC indicators, with a weighting factor of 0,5 for each. The Cyber Security Rating indicator is worth 1 for Advanced, 0,75 for Intermediate, and 0,25 for Basic. The ENS Certificate indicator is worth 1 if the entity has the certificate and 0 otherwise.
By 2023, we only have the Bitsight security rating for 100% of local entities in the range of more than 50.000 inhabitants. For this reason, in the rest of the population bands, only the ENS compliance certificate has been taken into account, with a weighting factor equal to 1.