Advertise Here!Call +234 (0) 8035007778
Republic of Tunisia Ministry of Communication Technologies National Agency for Computer Security
A Tunisian leading strategy in the field of Computer Security
A historical overview:
From late 1999 the Republic of Tunisia embodied its leading policy in the
field of computer security through the creation of an administrative
organism that presents a unity of management having a purpose to fulfill
the project of computer security development.
Thus, during the council of Ministers held on January 31st,
2003, the President of Republic announced the creation of the National
Agency for Computer Security, approving the obligation for periodic
audit in security, launching a corpus of certified information security
experts, and delivering high level trainings for experts in this field.
The creation of the National
Agency for Computer Security:
The National Agency for Computer Security is in charge:
- to look after the execution of
the national orientations and the general strategy in information
systems and networks security,
- to follow the execution of
plans and programmes related to the computer security in the public
- to insure the coordination
between the intervenants in this field, and
- to insure the technological
awakening in the computer security field and to establish norms that are
specific to the computer security and to elaborate technical guides for
this purpose and to procede to their publication .
The National Agency for Computer Security set up the Cert-TCC (Computer
Emergency Response Team - Tunisian Coordination Center) which is an
organization dedicated in providing help and support in information
Cert-TCC: Computer Emergency Response Team - Tunisian Coordination
The Cert-TCC plays the same functions as the worldwide known CERTs just
as the Carnegie-Mellon University CERT.
The Cert-TCC missions are as follows:
- assistance providing in
terms of computer security via a call center and a free number: 80 100 267 available 24/7 and via electronic mail at email@example.com for any (confidential) incident declaration;
- informing national and
regional community about security incidents and threads (viruses,
- sensitizing national
community about computer security problems and informing them about
risks run and about the solutions and the right behavior to enforce
their systems' security;
- helping web users have
the correct use of technologies and system and providing the best
practices for the protection of the information systems;
- promoting the
availability of high level training in the various branches of the
information system security;
- facilitating the
communication between professionals and experts working in the field
of the information system security, and taking care to ensure a
synergy between the various actors, via, amongst other things, the
establishment of demonstrations and discussion forums and the
contribution to the emergence of associations specialized in
- making sure of the
existence of the suitable means to ensure the protection of the
Tunisian cybernetic space; and
- helping the national,
regional and international community in identifying the
vulnerabilities of products and systems, especially concerning the
Arabized or Arab products.
The compulsory and periodic audit in the field of computer security:
- The Risk Assessment operation shall
be carried out by experts, whether natural or legal persons, previously
certified by the National Computer Security Agency. It shall be laid
down by decree the conditions and procedures governing the certification
of such experts.
- The computer systems and networks
coming under various public institutions are subject to a compulsory and
periodic Risk Assessment of their information systems security, with the
exception of computer systems and networks that belong to the Ministry
of National Defense and the Ministry of the Interior and Local
- Anyone who operates a computer system
or a network, whether a public or a private institution, must
immediately inform the National Computer Security Agency of any attacks,
intrusions and other disruptions liable to hinder the functioning of
another computer system or network so that the Agency can take the
necessary measures to tackle them. The operator shall comply to the
measures decided upon by the National Computer Security Agency in order
to put end to such disruptions.
- The employees of the National Agency
for Computer Security and the Auditors are responsible about the
preservation of the confidentiality of any information they came to know
in the exercise of their functions. It shall be liable to the sanctions
stipulated in Article 254 of the Penal Code anyone who discloses,
participates in, or incites to, the disclosure of such information.
- In the cases mentioned in the
foregoing article, and in order to protect information systems and
networks, the National Computer Security Agency may purpose the
isolation of the concerned computer system or network pending cessation
of the disruptions. The isolation shall be pronounced by the Minister in
charge of Communication Technologies.
This report was compiled for the African Information Security Association (AISA) by Mr. Nabil SAHLI CEO of the National Agency for Computer Security, Tunisia and his deputy, Mr. Naoufel FRIKHA, who are the AISA contact representatives for Tunisia.
What Do you Have to Say? Post Your Comments about this Content Resource Here.
DISRUPT THE STATUS QUO!
Ideas are not enough. You must be action oriented to improve your future.
Don't just think but act. You get results not only from thinking but from acting.
You have ideas. You want to achieve. You want opportunity.
But what are you still doing in your comfort zone? The comfort zone is a dangerous place.
"I wanted to", "I was going to" cannot put on a light bulb, not to talk of moving you forward.
Aren't you tired of hoping and criticizing? Stop defending status quo that locks you down.
GO on the offensive now with IT Education and Empowerment.
What is the use of ideas without action?
Start becoming the achiever you deserve to be.
MAKE SURE THERE IS NO STANDING ROOM FOR EXCUSES.