CMM Ecuador / Improving Human Resources Capacity in Cybersecurity in Ecuador
Cybil code: G0452
From: Mar 2019
Themes & Topics
The aim of the project is to support Ecuador’s national cybersecurity policy formation as part of a wider aim of increasing policy makers’ holistic understanding of cybersecurity in Latin America and the Caribbean. NRD Cyber Security was selected to implement this project and to support Ecuador’s national cybersecurity policy formation by:
- Assessing the current situation, gaps and challenges in cybersecurity in Ecuador;
- Planning specific improvements to the government’s cybersecurity readiness; and
- Supporting the National Cybersecurity Strategy formation process.
One of their first steps was to conduct a national incident response capacity review to provide tailored recommendations as to the direction in which Ecuador’s incident response capacity should evolve.
Two NRD Cyber Security experts visited Quito and over four days and held consultations with Ecuador public, private and academic incident response organisations. The aim of the consultations was to identify cyber-incident handling maturity gaps in Ecuador, the most relevant services needed to improve security of the government services, what capabilities and technologies would ensure proper implementation of those services and assess whether legal, organisational and operational environment would ensure proper enhancement of incident response capacities. The experts used three specific methodologies to identify cyber-incident response maturity and capability gaps:
- the SIM3 methodology was used to identify maturity gaps in terms of national incident response team organisation, staffing, tools and processes;
- the FIRST.Org Service Framework was used to help identify additional potential services that Ecuador’s national incident response team should provide; and
- The SOC-CMM methodology was used to prioritise Ecuador’s government incident response services and technologies needed to implement required services.
As a result of consultations, NRD Cyber Security experts drafted a report for the Government of Ecuador with the assessment of the current cyber incident-response capacities in Ecuador at national, governmental, sector and company level. They also provided recommendations on how government incident response capacity could be enhanced, building on capacities that they already have.
The cyber incident response capacity assessments and recommendations were integrated into the cybersecurity improvement plan for Ecuador. A separate roadmap for establishing a government Security Operations Centre (SOC) was prepared.
The Cybil project repository is being continuously updated, and the information it contains is either publicly available, or consent for publication was given by the owner. Please contact the portal manager with any additional information or corrections. Whilst every reasonable effort is made to keep the content of this inventory accurate and up to date, no warranty or representation of any kind, express or implied, is made in relation to the accuracy, completeness or adequacy of the information contained in these pages.