Jidaw Systems
(MASTERCOMPUTERS)


Republic of Tunisia Ministry of Communication Technologies National Agency for Computer Security

French Version

A Tunisian leading strategy in the field of Computer Security

A historical overview:

From late 1999 the Republic of Tunisia embodied its leading policy in the field of computer security through the creation of an administrative organism that presents a unity of management having a purpose to fulfill the project of computer security development.

Thus, during the council of Ministers held on January 31st, 2003, the President of Republic announced the creation of the National Agency for Computer Security, approving the obligation for periodic audit in security, launching a corpus of certified information security experts, and delivering high level trainings for experts in this field. 

 

The creation of the National Agency for Computer Security:

The National Agency for Computer Security is in charge:

-        to look after the execution of the national orientations and the general strategy in information systems and networks security,

-        to follow the execution of plans and programmes related to the computer security in the public sector,

-        to insure the coordination between the intervenants in this field, and

-        to insure the technological awakening in the computer security field and to establish norms that are specific to the computer security and to elaborate technical guides for this purpose and to procede to their publication .

 

The National Agency for Computer Security set up the Cert-TCC (Computer Emergency Response Team - Tunisian Coordination Center) which is an organization dedicated in providing help and support in information security.

Cert-TCC: Computer Emergency Response Team - Tunisian Coordination Center:

The Cert-TCC plays the same functions as the worldwide known CERTs just as the Carnegie-Mellon University CERT.

 

The Cert-TCC missions are as follows:

 

  • assistance providing in terms of computer security via a call center and a free number: 80 100 267 available 24/7 and via electronic mail at incident@ansi.tn for any (confidential) incident declaration; 
  • informing national and regional community about security incidents and threads (viruses, vulnerabilities, …);
  • sensitizing national community about computer security problems and informing them about risks run and about the solutions and the right behavior to enforce their systems' security;
  • helping web users have the correct use of technologies and system and providing the best practices for the protection of the information systems; 
  • promoting the availability of high level training in the various branches of the information system security; 
  • facilitating the communication between professionals and experts working in the field of the information system security, and taking care to ensure a synergy between the various actors, via, amongst other things, the establishment of demonstrations and discussion forums and the contribution to the emergence of associations specialized in computer security; 
  • making sure of the existence of the suitable means to ensure the protection of the Tunisian cybernetic space;  and
  • helping the national, regional and international community in identifying the vulnerabilities of products and systems, especially concerning the Arabized or Arab products.

 

The compulsory and periodic audit in the field of computer security:  

-        The Risk Assessment operation shall be carried out by experts, whether natural or legal persons, previously certified by the National Computer Security Agency. It shall be laid down by decree the conditions and procedures governing the certification of such experts.  

-        The computer systems and networks coming under various public institutions are subject to a compulsory and periodic Risk Assessment of their information systems security, with the exception of computer systems and networks that belong to the Ministry of National Defense and the Ministry of the Interior and Local Development.  

-        Anyone who operates a computer system or a network, whether a public or a private institution, must immediately inform the National Computer Security Agency of any attacks, intrusions and other disruptions liable to hinder the functioning of another computer system or network so that the Agency can take the necessary measures to tackle them. The operator shall comply to the measures decided upon by the National Computer Security Agency in order to put end to such disruptions.  

-        The employees of the National Agency for Computer Security and the Auditors are responsible about the preservation of the confidentiality of any information they came to know in the exercise of their functions. It shall be liable to the sanctions stipulated in Article 254 of the Penal Code anyone who discloses, participates in, or incites to, the disclosure of such information.  

-        In the cases mentioned in the foregoing article, and in order to protect information systems and networks, the National Computer Security Agency may purpose the isolation of the concerned computer system or network pending cessation of the disruptions. The isolation shall be pronounced by the Minister in charge of Communication Technologies.

 

This report was compiled for the African Information Security Association (AISA) by Mr. Nabil SAHLI CEO of the National Agency for Computer Security, Tunisia and his deputy, Mr. Naoufel FRIKHA, who are the AISA contact representatives for Tunisia.

Join the African Information Security Association (AISA)

Learn more about the International Conference on Computer Security and Cybercrime in Africa held on March 28-30, 2006

Read the 2006 Computer Security and Cybercrime in Africa Conference Report

Read the communiqué on the 2006 International Conference on Computer Security and Cybercrime in Africa

Objectives of the African Information Security Association (AISA)

AISA Country Secretariats

More Information Security Resources

 

What Do you Have to Say? Post Your Comments about this Content Resource Here.

 

 

Comments

comments powered by Disqus

 


Innovation is integral to Sustainability

Read more

Samsung Galaxy Grand Prime: Important Features and Sincere Impressions

Read more

Girls in ICT Day Events and Activities

Read more

Self Worth, New Year

Read more

Girls in ICT Day Events and Activities

Read more

Level of OSS deployment and usage in Nigeria

Read more

Students face the Reality

Read more

Self Worth, New Year

Read more

DISRUPT THE STATUS QUO!

     
1.

Ideas are not enough. You must be action oriented to improve your future.

 

 
2.

Don't just think but act. You get results not only from thinking but from acting.

 

 
3.

You have ideas. You want to achieve. You want opportunity.

 

 
4.

But what are you still doing in your comfort zone? The comfort zone is a dangerous place.

 

 
5.

"I wanted to", "I was going to" cannot put on a light bulb, not to talk of moving you forward.

 

 
6.

Aren't you tired of hoping and criticizing? Stop defending status quo that locks you down.

 

 
7.

GO on the offensive now with IT Education and Empowerment.

 

 
8.

What is the use of ideas without action?

 

 
9.

Start becoming the achiever you deserve to be.

 

 
10.

MAKE SURE THERE IS NO STANDING ROOM FOR EXCUSES.