In July, the Luxembourg Regulatory Institute (ILR) launched a new risk analysis platform, "SERIMA" (SEcurity RIsk MAnagement). Developed jointly by LIST and I.R.I.S. Financial Services, this platform allows operators to carry out a risk analysis to assess risks in the electronic communications sector. It has been designed in such a way that it can be extended in the future to other areas and in particular to the sectors covered by the NIS Directive. SERIMA will also serve as a platform for incident notifications.
The risk analysis platform, SERIMA, meaning SEcurity RIsk Management, is a tool that allows you to assess the risks associated with cyber security and take measures, if necessary, to reduce exposure to threats and to protect your activity, as well as its users, against service interruptions and security breaches.
Developed by I.R.I.S. Financial Services in collaboration with LIST, SERIMA, which takes into account European recommendations on telecommunications security, is based on software for the evaluation and management of the security and integrity of telecommunications networks. The platform will initially be used only by operators in the electronic communications sector. As part of the NIS Law, it will gradually be extended to the energy, transport, health, digital infrastructure, and the supply and distribution of drinking water sectors. In this context, ILR's Network and Information Systems ’Security (NISS) department has set up working groups to properly configure the platform by sector.
SERIMA is a revised (and evolving) version of the TISRIM risk management tool, originally developed by LIST at the request of ILR. Thanks to financial support from the FNR (National Research Fund), TISRIM has been perfected and adapted to new challenges. This multi-sector and multi-regulation platform will be deployed and marketed by I.R.I.S. under the name GRCC (Governance, Risk and Compliance Center), this is also outside Luxembourg.
ILR would like to point out that companies providing public communications networks or publicly accessible electronic communications services are also required to report incidents to ILR's NISS service in the future via the new SERIMA platform.