As part of its engagement with the national cybersecurity ecosystem, the General Directorate of Information Systems Security (DGSSI) conducted an awareness and information-sharing initiative on Law 05-20 concerning cybersecurity and its draft implementing regulations for the benefit of various cybersecurity stakeholders in the Kingdom.
Given the restrictions related to the COVID-19 pandemic, this initiative was conducted in the form of four (04) webinar sessions. Each of these sessions was targeted at a specific audience, according to the following schedule.
| Session | Target Audience | Topics Covered |
|---|---|---|
| 1st Session 04.02.2021 | ANRT and Telecommunications Operators (IAM, INWI, ORANGE) | - Procedures for incident reporting and management - Technical and organizational measures for risk management - Procedures for the implementation and operation of technical systems for monitoring security events affecting information systems |
| 2nd Session 05.02.2021 | Bank Al-Maghrib and the Banking Sector | - Sensitive information systems: classification, approval, and outsourcing - Strengthening security functions - Reporting and managing security incidents |
| 3rd Session 08.02.2021 | Audit Providers, Cybersecurity Service Providers, and Digital Service Providers (PASSI audit firms or PASSI candidates) | - Qualification criteria for audit providers and cybersecurity service providers - Audit procedures - Incidents with significant impact on the provision of services by digital service providers |
| 4th Session 09.02.2021 | Government and Public Organizations | - Information systems security governance - Role and responsibilities of the Chief Information Security Officer (CISO) - Classification of information assets and information systems - Approval of sensitive information systems - Outsourcing of sensitive information systems - Strengthening security functions - Reporting and managing security incidents - Establishment of Security Operations Centers (SOC) |
Led by DGSSI officials, the various sessions of this webinar aimed to inform concerned stakeholders about rules and measures introduced by Law 05-20 and to explain the related aspects, including :
- Cybersecurity governance bodies ;
- Certification of sensitive information systems ;
- Classification of information assets ;
- Qualification criteria for audit service providers and cybersecurity service providers ;
- Procedures for conducting information systems security audits ;
- Specific provisions to telecommunications operators.
Comments and suggestions gathered during these webinars were taken into account for finalization of the implementing decree of Law 05-20, before it was communicated to the General Secretariat of the Government.
To report any criminal digital content, including threats to the security of individuals and groups, praise or incitement of terrorism, and violations of the rights and freedoms of children, please use the following platform : www.e-blagh.ma
DGSSI2024 All rights reserved