81. Brazil 29.87

81st National Cyber Security Index
38th Global Cybersecurity Index
66th ICT Development Index
72nd Networked Readiness Index
Population 206.1million
Area (km2) 8.5million
GDP per capita ($) 16.2thousand
NCSI FULFILMENT PERCENTAGE
NCSI Update Data source
7 Sep 2017 Public data collection
NCSI DEVELOPMENT TIMELINE 3 years All data

Version 7 Sep 2017

GENERAL CYBER SECURITY INDICATORS
BASELINE CYBER SECURITY INDICATORS
  • 5. Protection of digital services 0/5 0%
    0
    5 0%
    • 5.1. Cyber security responsibility for digital service providers 0
      0
      1
      Requirements
      Criteria

      According to legislation, digital service providers (except micro and small enterprises): (1) must manage cyber/ICT risks or (2) must implement established cyber/information security requirements.

      Accepted references

      Legal act

      Evidence
    • 5.2. Cyber security standard for the public sector 0
      0
      1
      Requirements
      Criteria

      Public sector digital service providers must implement (1) cyber/ICT security requirements (defined by legislation) or (2) a widely recognised security standard.

      Accepted references

      Legal act

      Evidence
    • 5.3. Competent supervisory authority 0
      0
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise public and private digital service providers regarding the implementation of cyber/information security requirements.

      Accepted references

      Official website or legal act

      Evidence
  • 6. Protection of essential services 0/6 0%
    0
    6 0%
    • 6.1. Operators of essential services are identified 0
      0
      1
      Requirements
      Criteria

      There is a legal act that allows to identify operators of essential services.

      Accepted references

      Legal act

      Evidence
    • 6.2. Cyber security requirements for operators of essential services 0
      0
      1
      Requirements
      Criteria

      According to the legislation, operators of essential services must manage cyber/ICT risks.

      Accepted references

      Legal act

      Evidence
    • 6.3. Competent supervisory authority 0
      0
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise operators of essential services, regarding cyber/information security requirements.

      Accepted references

      Official website or legal act

      Evidence
    • 6.4. Regular monitoring of security measures 0
      0
      1
      Requirements
      Criteria

      Operators of essential services must regularly (at least once every 3 years) provide evidence of the effective implementation of cyber/information security policies (e.g. audit result, documentation, specific report).

      Accepted references

      Legal act

      Evidence
  • 7. E-identification and trust services 3/9 33%
    3
    9 33%
    • 7.1. Unique persistent identifier 0
      0
      1
      Requirements
      Criteria

      The government provides a unique persistent identifier to all citizens, residents, and legal entities. For example, the identifier remains the same after document expiration and name change.

      Accepted references

      Legal act

      Evidence
    • 7.2. Requirements for cryptosystems 0
      0
      1
      Requirements
      Criteria

      Requirements for cryptosystems in the field of trust services are regulated.

      Accepted references

      Legal act

      Evidence
    • 7.3. Electronic identification 0
      0
      1
      Requirements
      Criteria

      Electronic identification is regulated.

      Accepted references

      Legal act

      Evidence
    • 7.4. Electronic signature 0
      0
      1
      Requirements
      Criteria

      E-signature is regulated

      Accepted references

      Legal act

      Evidence
    • 7.5. Timestamping 0
      0
      1
      Requirements
      Criteria

      Timestamping is regulated.

      Accepted references

      Legal act

      Evidence
    • 7.6. Electronic registered delivery service 0
      0
      1
      Requirements
      Criteria

      Electronic registered delivery service between state entities, citizens and private sector entities is regulated. The service provides legally binding data exchange and guarantees the confidentiality and integrity of information.

      Accepted references

      Legal act

      Evidence
    • 7.7. Competent supervisory authority 3
      3
      3
      Requirements
      Criteria

      There is an authority responsible for the supervision of qualified trust service providers.

      Accepted references

      Official website or legal act

      Evidence

      Article 1. The Brazilian Public Key Infrastructure ("ICP-Brasil") is hereby established to guarantee the authenticity, integrity and legal validity of documents in electronic form, support applications and accredited applications using digital certificates, as well as the realization of secure electronic transactions. Article 2. ICP-Brasil, whose organization will be defined in a regulation, will be composed of a policy management authority and the chain of certification authorities composed of the Root Certification Authority (Root CA), the Certification Authorities (CA) and the Registration Authorities (RA). Article. 4 The ICP-Brasil Steering Committee's responsibilities are: II - establish the policy, criteria and technical standards for the accreditation of CAs, RAs and other service providers supporting ICP-Brasil, at all levels of the certification chain; IV - ratify, audit and supervise the Root CA and its service providers.

  • 8. Protection of personal data 0/4 0%
    0
    4 0%
INCIDENT AND CRISIS MANAGEMENT INDICATORS