CESICAT organises its activity through a cybersecurity governance model which it uses to develop protection, prevention and resilience functions for the Government of Catalonia’s information systems and ICT infrastructures. These functions, together with the cybersecurity governance, make up the organisation’s value chain, clearly oriented towards greater maturity in terms of cybersecurity, and always bearing risks and business impact in mind.
This maturity is based on three structural pillars of cybersecurity governance: technological security, determining the risks deriving from the security position of information systems and infrastructures; organisational security, through which decision-making is organised, and regulatory security concerning all aspects of compliance with the regulations governing the activity.
This strategic approach is complemented with the prioritisation of the actions intended to achieve the Government of Catalonia’s chief objectives concerning cybersecurity, particularly overseeing the information systems that support the authority’s most critical activities.
The cybersecurity strategy deployed by CESICAT at the Government of Catalonia can also be extended to the organisation’s other spheres of action.