Republic of Tunisia

Ministry of Communication Technologies

National Agency for Computer Security  

French Version

A Tunisian leading strategy in the field of Computer Security

  A historical overview:

From late 1999 the Republic of Tunisia embodied its leading policy in the field of computer security through the creation of an administrative organism that presents a unity of management having a purpose to fulfill the project of computer security development.

Thus, during the council of Ministers held on January 31^st, 2003, the President of Republic announced the creation of the National Agency for Computer Security, approving the obligation for periodic audit in security, launching a corpus of certified information security experts, and delivering high level trainings for experts in this field. 

The creation of the National Agency for Computer Security:

The National Agency for Computer Security is in charge:

-        to look after the execution of the national orientations and the general strategy in information systems and networks security,

-        to follow the execution of plans and programmes related to the computer security in the public sector,

-        to insure the coordination between the intervenants in this field, and

-        to insure the technological awakening in the computer security field and to establish norms that are specific to the computer security and to elaborate technical guides for this purpose and to procede to their publication .

The National Agency for Computer Security set up the Cert-TCC (Computer Emergency Response Team – Tunisian Coordination Center) which is an organization dedicated in providing help and support in information security.

Cert-TCC: Computer Emergency Response Team – Tunisian Coordination Center:

The Cert-TCC plays the same functions as the worldwide known CERTs just as the Carnegie-Mellon University CERT.

The Cert-TCC missions are as follows:

• assistance providing in terms of computer security via a call center and a free number: 80 100 267 available 24/7 and via electronic mail at incident@ansi.tn for any (confidential) incident declaration; 
• informing national and regional community about security incidents and threads (viruses, vulnerabilities, …);
• sensitizing national community about computer security problems and informing them about risks run and about the solutions and the right behavior to enforce their systems’ security;
• helping web users have the correct use of technologies and system and providing the best practices for the protection of the information systems; 
• promoting the availability of high level training in the various branches of the information system security; 
• facilitating the communication between professionals and experts working in the field of the information system security, and taking care to ensure a synergy between the various actors, via, amongst other things, the establishment of demonstrations and discussion forums and the contribution to the emergence of associations specialized in computer security; 
• making sure of the existence of the suitable means to ensure the protection of the Tunisian cybernetic space;  and
• helping the national, regional and international community in identifying the vulnerabilities of products and systems, especially concerning the Arabized or Arab products.

The compulsory and periodic audit in the field of computer security:  

-        The Risk Assessment operation shall be carried out by experts, whether natural or legal persons, previously certified by the National Computer Security Agency. It shall be laid down by decree the conditions and procedures governing the certification of such experts.  

-        The computer systems and networks coming under various public institutions are subject to a compulsory and periodic Risk Assessment of their information systems security, with the exception of computer systems and networks that belong to the Ministry of National Defense and the Ministry of the Interior and Local Development.  

-        Anyone who operates a computer system or a network, whether a public or a private institution, must immediately inform the National Computer Security Agency of any attacks, intrusions and other disruptions liable to hinder the functioning of another computer system or network so that the Agency can take the necessary measures to tackle them. The operator shall comply to the measures decided upon by the National Computer Security Agency in order to put end to such disruptions.  

-        The employees of the National Agency for Computer Security and the Auditors are responsible about the preservation of the confidentiality of any information they came to know in the exercise of their functions. It shall be liable to the sanctions stipulated in Article 254 of the Penal Code anyone who discloses, participates in, or incites to, the disclosure of such information.  

-        In the cases mentioned in the foregoing article, and in order to protect information systems and networks, the National Computer Security Agency may purpose the isolation of the concerned computer system or network pending cessation of the disruptions. The isolation shall be pronounced by the Minister in charge of Communication Technologies.

This report was compiled for the African Information Security Association (AISA) by Mr. Nabil SAHLI CEO of the National Agency for Computer Security, Tunisia and his deputy, Mr. Naoufel FRIKHA, who are the AISA contact representatives for Tunisia.

Join the African Information Security Association (AISA)

Learn more about the International Conference on Computer Security and Cybercrime in Africa held on March 28-30, 2006

Read the 2006 Computer Security and Cybercrime in Africa Conference Report

Read the communiqué on the 2006 International Conference on Computer Security and Cybercrime in Africa

Objectives of the African Information Security Association (AISA)

AISA Country Secretariats

More Information Security Resources

Page Top

HOME	ABOUT US	COMMENTS	CONTACT US	BOOK SALES
HELP	E-LEARNING	CERTIFICATION	TRAINING	PREVIOUS JOBS
	PRIVACY	DISCLAIMER	SITEMAP

Subscribe to the FREE IT Career Newsletter with valuable information bringing you practical, how-to tips and articles.