{"id":58907,"date":"2022-02-21T13:43:00","date_gmt":"2022-02-21T12:43:00","guid":{"rendered":"https:\/\/eiposgrados.com\/?p=58907"},"modified":"2022-02-21T13:46:28","modified_gmt":"2022-02-21T12:46:28","slug":"comparative-security-measures-ens-iso-27001","status":"publish","type":"post","link":"https:\/\/eiposgrados.com\/eng\/dpo-blog\/comparative-security-measures-ens-iso-27001\/","title":{"rendered":"Comparison of security measures: ENS vs. ISO 27001"},"content":{"rendered":"<h2 class=\"gb-headline gb-headline-16916bbe gb-headline-text\"><strong>ISO 27001<\/strong><\/h2>\n\n\n\n<p>The <strong>ISO 27001 standard<\/strong> It is a voluntary, certifiable international standard for any information security management system. Its compliance is evidenced erga omnes through a certification, issued by an authorized auditor and after an audit with satisfactory results. The requirements of the UNE-ISO\/IEC 27001 Standard, as with other management systems, are <strong>applicable to all types of organizations<\/strong>, regardless of its nature, size or sector of activity.<\/p>\n\n\n\n<h2 class=\"gb-headline gb-headline-cc43948a gb-headline-text\"><strong>National Security Scheme<\/strong><\/h2>\n\n\n\n<p>For his part, the <strong>National Security Scheme<\/strong>, better known by its acronym, ENS, is a legal provision, mandatory <strong>for information systems within the scope of application of Law 40\/2015<\/strong>, of October 1, on the Legal Regime of the Public Sector. Its compliance is evidenced erga omnes through a declaration of legal conformity, also after an audit with satisfactory results.<\/p>\n\n\n<h2 class=\"gb-headline gb-headline-31f9ee03 gb-headline-text\">ENS and ISO 27001<span id=\"docs-internal-guid-d447d922-7fff-9c50-1222-883b0564b34e\" style=\"font-weight:normal;\"><p dir=\"ltr\" style=\"line-height:1.2;text-align: justify;margin-top:0pt;margin-bottom:0pt;\"><\/span><\/h2>\n\n\n<p>Although both mechanisms are different, many of the <strong>security measures<\/strong> are <strong>identical or complementary<\/strong>. That is why, in this post, we will focus on those measures that require greater effort between both security frameworks in order to clarify some doubts that arise when certifying companies that wish to carry out complementary audits with both security frameworks. security.&nbsp;<\/p>\n\n\n\n<p>Firstly, the ENS includes a series of controls to guarantee the continuity of the service compared to ISO 27001, which is a framework that does not address this issue, since ISO 22301 is there for this, an international business continuity management standard.<\/p>\n\n\n\n<p>Regarding the \u201cPlanning\u201d section of the ENS, it should be noted that a specific control is added for the acquisition of new components, while ISO27001 reflects it in a very dispersed way.<\/p>\n\n\n\n<p>Regarding \u201cAccess Controls\u201d, ISO 27001 practically only addresses passwords and shared secrets in general. However, the ENS establishes several authentication modes and modulates their use depending on the system category.<\/p>\n\n\n\n<p>Regarding the \u201cExploitation\u201d section, the ENS includes several controls on security configuration and its management. For its part, ISO 27001 does not contemplate them.<\/p>\n\n\n\n<p>Likewise, you must pay attention to the \u201cInformation Protection\u201d section of the ENS; since ISO 27001 does not refer to \u201cTime Stamps\u201d or \u201cDocument Cleaning\u201d.<\/p>\n\n\n\n<p>Finally, the \u201cProtection of Services\u201d section is not included in ISO 27001, so it must be covered in its entirety by the ENS.<\/p>\n\n\n\n<p><em>Fountain:<\/em><\/p>\n\n\n\n<p><a href=\"https:\/\/www.ccn-cert.cni.es\/series-ccn-stic\/800-guia-esquema-nacional-de-seguridad\/543-ccn-stic-825-ens-iso27001\/file.html\" target=\"_blank\" rel=\"noopener\">CCN-STIC 825 Guide<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>The ENS and ISO 27001 security measures are different although they present identical or complementary security measures. We tell you in this post. <\/p>","protected":false},"author":117,"featured_media":58909,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[330],"tags":[],"class_list":["post-58907","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-dpo"],"acf":[],"_links":{"self":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/58907","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/users\/117"}],"replies":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/comments?post=58907"}],"version-history":[{"count":0,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/58907\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media\/58909"}],"wp:attachment":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media?parent=58907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/categories?post=58907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/tags?post=58907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}