Share

News regarding IT matters

News regarding IT matters

By Mariano Peruzzotti and Valentina Gonzáles Medina.

This edition includes a brief comment about Communication “A” 7266 of the Central Bank of Argentina on guidelines for security incidents response and recovery, the creation of the Advisory Committee for the Development and Implementation of Secure Applications and the signature of an Agreement between the Legal and Technical Secretariat of the Argentine Presidency and the National Disability Agency which guarantees access for people with disabilities to .AR Internet sites.

  • Communication “A” 7266 of the Central Bank of Argentina on guidelines for security incidents response and recovery.

Communication “A” 7266 of the Central Bank of Argentina approved the guidelines for security incidents response and recovery aimed at reducing risks upon financial stability and promoting the cyber resilience of the financial ecosystem. Under the Communication, the term “response” comprises activities that react to a detected or reported cyber attack while “recovery” refers to the activities carried out in order to restore the systems, services or operations that were compromised due to the security incident.

The guidelines are addressed to financial institutions, payment service providers that offer payment accounts and financial market infrastructures. These entities shall effectively analyze the implementation of the guidelines and there are allowed to choose to implement the most appropriate practices for their business models considering their size, complexity or risks in relation to the financial ecosystem.

Due to their broad kind of their provisions, the guidelines can be adapted and adopted by any organization within the financial system, IT and/or communication service providers and other sectors.

The guidelines include aspects concerning:

(i) Government: defines, inter alia, a framework for decision-making, allocate roles and responsibilities;

(ii) Planification and preparation for an incident: involves the implementation of policies, plans, procedures, strategies, communication plans and channels, among other issues;

(iii) Analysis: involves forensic analysis, the assessment on criticality and impact of the security incident and the investigation of the causes;

(iv) Mitigation: implies actions aimed at preventing the aggravation of the situation and mitigating or eliminating the consequences of the incidents;

(v) Restorage and recovery: involves the restorage of systems and assets affected by a security incident;

(vi) Coordination and communication: includes the notification of the incident to the relevant authorities, the communication to the public and the exchange of information among organizations;

(vii) Continuous improvement: covers actions to improve the response and recovery activities and capacities based on the experiences.

Each of these measures has a primary function depending on the moment of the security incident life cycle: before, during or after its occurrence.

  • Creation of the Advisory Committee for the Development and Implementation of Secure Applications.

Provision 06/2021 of the Office of the President’s Chief of Staff created the Advisory Committee for the Development and Implementation of Secure Applications (“Committee”).

The main purpose of the Committee will be to provide advice to the Undersecretary of Information and Communication Technologies and the National Cybersecurity Directorate on the drafting of guidelines and protocols concerning principles and best practices related to security in software and apps used by the public sector.

The reason for the creation of the Committee is related to the increase number of software developed by the public bodies and agencies that are used for administrative procedures of citizens. The use of digital technologies has become essential in the public sector.

For this reason, the implementation, from the outset, of security measures that reduce the possibility of attacks on digital infrastructures and on personal data of these systems is crucial.

  • Execution of an Agreement that guarantees website accessibility.

On May 20, 2021, an agreement was signed between the Legal and Technical Secretariat of the Argentine Presidency and the National Disability Agency which guarantees website accessibility to .AR domains.

The execution of this agreement seeks to promote the incorporation of website accessibility guidelines to those domains registered with NIC Argentina, as well as to articulate campaigns, courses, training and awareness materials with public and private sectors.

It should be noted that Law No. 26.653 and complementary regulations provides rules on website accessibility that applies mainly to the public sector.

For further information please contact: mperuzzotti@ojambf.com

Share post: