Home / Qué hacemos / Common Secure: soluciones de ciberseguridad para las Naciones Unidas
Common Secure: soluciones de ciberseguridad para las Naciones Unidas
En el mundo digitalizado actual, la ciberseguridad es una cuestión de suma importancia para las Naciones Unidas y para las organizaciones internacionales. El CICENU ofrece una amplia gama de soluciones de ciberseguridad Common Secure para reforzar la posición del sistema de las Naciones Unidas en el ámbito cibernético.
Los servicios Common Secure del CICENU abarcan la supervisión y la gobernanza de la ciberseguridad, así como un conjunto completo de componentes operacionales que brindan apoyo a 80 asociados en la preparación, respuesta y mitigación de los riesgos asociados a las ciberamenazas mediante un enfoque común en materia de ciberseguridad.
Los delincuentes cibernéticos colaboran cada vez más entre ellos, por lo que los profesionales de la ciberseguridad deben redoblar el intercambio de inteligencia e información para seguirles el ritmo. Los miembros de Common Secure pueden idear un sistema de las Naciones Unidas destinado a recopilar y compartir información con el objetivo de que nuestros organismos permanezcan seguros y alerta.
Tima Soni, Jefa de la División de Ciberseguridad del CICENU
La Dependencia Común de Inspección de las Naciones Unidas (DCI) ha recomendado los servicios del CICENU en su informe La ciberseguridad en las organizaciones del sistema de las Naciones Unidas (JIU/REP/2021/3). El DCI es un órgano de supervisión independiente y externo que lleva a cabo evaluaciones, inspecciones e investigaciones en las Naciones Unidas. En 2021 examinó el uso de las prácticas de ciberseguridad en las Naciones Unidas y animó a todos sus organismos a aprovechar la capacidad y los conocimientos técnicos del CICENU para reforzar la posición del sistema de las Naciones Unidas en materia cibernética.
Certificaciones UNICC
UNICC está certificado con ISO 27001 y es ganador del premio de seguridad de la información CSO50 de 2020 y 2017.
UNICC’s Information Security Management System (ISMS) framework mitigates the risk of exposure of an organisation to the high risk of negative reputational impact, loss of valuable information, exposure to malicious acts as well as sophisticated and complex cyber-attacks.
The Common Secure Operations Centre (CSOC) involves a specialized unit that monitors, analyses, and responds to cybersecurity events using a combination of technology processes and solutions. The CSOC is staffed with skilled cybersecurity practitioners.
This service functions to share timely, relevant and actionable physical and cybersecurity threat and incident information. This enhances the ability of the United Nations to prepare for, respond to, and mitigate risks associated with these threats.
Security Information and Event Management (SIEM) solutions and services are typically part of an organizational security operations regime. They provide real-time analysis of security alerts generated by applications and network hardware.
UNICC’s vulnerability management services provide continuous identification and remediation of vulnerabilities and configuration flaws through a combination of processes and technologies that its Information Security specialists can leverage.
Penetration testing consists of actively exploiting vulnerabilities in order to prove (or disprove) real -world attack vectors against an organization’s digital assets, data, staff, and/or physical security. It allows to identify weaknesses in information security controls.
UNICC’s Digital Forensics and Incident Response (DFIR) services provide well-defined and industry standard incident handling procedures and programs for analyzing incident-related data and for determining appropriate responses to any organizational security incident.
UNICC offers strategic advisory services to help an organization set up a state-of-the-art, effective information security awareness strategy, an industry-leading cloud-based learning lab and communications support including deliverables with messages, bulletins, posters and portal support.
UNICC’s PKI digital identity services are broadly divided into three categories: internal UN system-wide PKI services for secure communications between Agencies, hosting and managing of organizational PKI infrastructures and publicly-trusted PKI services complemented with a full range of certificate types.
UNICC provides an electronic signature solution in partnership with DocuSign, with automation technology to confirm the irrefutable validity of every signature in any process workflow, backed up by a comprehensive audit trail.
The Secure Authentication Service provides a connection for enterprise solutions, platforms and applications to authenticate users against their own organizational identity management directory. With minimum modification (the service supports modern authentication protocols), any app can be registered to use the service.
This service helps UN Partners to understand their current ZTA maturity level by reviewing the current organization enterprise architecture, products and technologies and provide a high-level roadmap that enables a ZTA to better protect their critical assets.
UNICC offers a holistic assessment service using the ISO 27001 standard as a reference framework to determine effectiveness of the organisation’s information security capabilities.
With the constant updates and enhancements in the cyber security capabilities made available by Microsoft, UNICC Clients can leverage UNICC’s cybersecurity expertise to perform an overall security assessment of the risks influencing the M365 environment.
These services are focused on providing cybersecurity architecture review and assessment of organizations’ Azure or AWS environments. The assessment leverages Microsoft Azure or AWS security best practices and Cloud Security Alliance (CSA) controls matrix for technical and security architecture review.
UNICC’s Infrastructure and Network Support services span across infrastructure, platform and applications from the delivery of fully managed components to the utilization and analytics of tools as well as techniques.
This service is focused on providing cybersecurity network architecture review and assessment of organizations corporate IT environment. The assessment leverages security best practices and ISO 27001 security control framework for technical and security architecture review.
UNICC Business Continuity/Disaster Recovery (BC/DR) Planning, or Organisational Resilience Management Services, is a comprehensive management and support system for Clients seeking to improve their organizational resiliency and ability to react to events that affect critical services or functions.
Governance and CISO Support
UNICC’s Information Security Management System (ISMS) framework mitigates the risk of exposure of an organisation to the high risk of negative reputational impact, loss of valuable information, exposure to malicious acts as well as sophisticated and complex cyber-attacks.
Centro de Operaciones de Seguridad
The Common Secure Operations Centre (CSOC) involves a specialized unit that monitors, analyses, and responds to cybersecurity events using a combination of technology processes and solutions. The CSOC is staffed with skilled cybersecurity practitioners.
Threat Intelligence Network
This service functions to share timely, relevant and actionable physical and cybersecurity threat and incident information. This enhances the ability of the United Nations to prepare for, respond to, and mitigate risks associated with these threats.
Security Incident and Event Management
Security Information and Event Management (SIEM) solutions and services are typically part of an organizational security operations regime. They provide real-time analysis of security alerts generated by applications and network hardware.
Vulnerability Management
UNICC’s vulnerability management services provide continuous identification and remediation of vulnerabilities and configuration flaws through a combination of processes and technologies that its Information Security specialists can leverage.
Pruebas de penetración
Penetration testing consists of actively exploiting vulnerabilities in order to prove (or disprove) real -world attack vectors against an organization’s digital assets, data, staff, and/or physical security. It allows to identify weaknesses in information security controls.
Phishing Simulation
UNICC’s phishing simulation services enable Partner Agencies to test effectiveness of their information security awareness programme.
Incident Response and Forensics
UNICC’s Digital Forensics and Incident Response (DFIR) services provide well-defined and industry standard incident handling procedures and programs for analyzing incident-related data and for determining appropriate responses to any organizational security incident.
Information Security Awareness
UNICC offers strategic advisory services to help an organization set up a state-of-the-art, effective information security awareness strategy, an industry-leading cloud-based learning lab and communications support including deliverables with messages, bulletins, posters and portal support.
PKI Digital Identity
UNICC’s PKI digital identity services are broadly divided into three categories: internal UN system-wide PKI services for secure communications between Agencies, hosting and managing of organizational PKI infrastructures and publicly-trusted PKI services complemented with a full range of certificate types.
Electronic Signature Services
UNICC provides an electronic signature solution in partnership with DocuSign, with automation technology to confirm the irrefutable validity of every signature in any process workflow, backed up by a comprehensive audit trail.
Secure AuthN Federated Authentication
The Secure Authentication Service provides a connection for enterprise solutions, platforms and applications to authenticate users against their own organizational identity management directory. With minimum modification (the service supports modern authentication protocols), any app can be registered to use the service.
Zero Trust Architecture (ZTA) Maturity Assessment
This service helps UN Partners to understand their current ZTA maturity level by reviewing the current organization enterprise architecture, products and technologies and provide a high-level roadmap that enables a ZTA to better protect their critical assets.
Cybersecurity Resilience Maturity Assessment
UNICC offers a holistic assessment service using the ISO 27001 standard as a reference framework to determine effectiveness of the organisation’s information security capabilities.
M365 Cybersecurity Services
With the constant updates and enhancements in the cyber security capabilities made available by Microsoft, UNICC Clients can leverage UNICC’s cybersecurity expertise to perform an overall security assessment of the risks influencing the M365 environment.
Cybersecurity Architecture Assessment
These services are focused on providing cybersecurity architecture review and assessment of organizations’ Azure or AWS environments. The assessment leverages Microsoft Azure or AWS security best practices and Cloud Security Alliance (CSA) controls matrix for technical and security architecture review.
Common Vendor Security Risk Assessment Services
This service helps organizations maintain due diligence with supply chains by holistically assessing the risk introduced by third parties.
Infrastructure and Network Support
UNICC’s Infrastructure and Network Support services span across infrastructure, platform and applications from the delivery of fully managed components to the utilization and analytics of tools as well as techniques.
Cybersecurity Network Architecture Assessment
This service is focused on providing cybersecurity network architecture review and assessment of organizations corporate IT environment. The assessment leverages security best practices and ISO 27001 security control framework for technical and security architecture review.
Organizational Resilience Management Services
UNICC Business Continuity/Disaster Recovery (BC/DR) Planning, or Organisational Resilience Management Services, is a comprehensive management and support system for Clients seeking to improve their organizational resiliency and ability to react to events that affect critical services or functions.
Common Secure Conference
El CICENU organiza una Conferencia anual Common Secure con el objetivo de reunir a sus asociados del ámbito de la seguridad de la información para ampliar el círculo de confianza del sistema de las Naciones Unidas, compartir conocimientos sobre prácticas cibernéticas y ofrecer comentarios sobre los servicios Common Secure del CICENU.