About

The ILR SERIMA (SEcurity RIsk MAnagement) Platform, also called the NIS Incident Notification Platform (or NISINP), is developed and maintained by the NC3-LU team in the framework of the Informed Governance Project..

SERIMA is a cybersecurity platform built on open-source technology and freely accessible to users. The platform is intended for organizations with security obligations, enabling them to report their security measures and incidents to the (ILR). SERIMA currently offers several modules, including:

  • Incident Notification Module

  • Risk Analysis Module, based on MONARC

The Incident Notification Module is designed for organizations that are legally required to report incidents, but it can also be used by those wishing to report incidents voluntarily.

This module is accessible to anyone, including both registered users and those who do not yet have an account. New users (IncidentUsers) can create an account directly on the SERIMA platform. Access to the other modules requires an account.

Operators subject to the NIS or EECC directives are provided with an account by the (ILR). Entities that will fall under NIS2 will receive an account from the Institute once NIS2 comes into force and after they complete their self-registration. Additional modules are under development, such as:

  • Security Objectives Module

  • Report Generation Module

  • Dependencies Module

  • Self-Learning Module

The platform is dedicated to national regulators and operators of essential services (Energy, Transport, etc.) in the context of NIS 2. Different regulations are supported. This project is led by NC3-LU and developed in partnership with ILR and IBPT.

Purpose

The platform enables communication between operators (or end users) and various authorities in the event of incidents. In case of an incident, the operator must notify the authorities within 24 hours and provide a detailed report about the incident.

The authority collects the related information and stores data in its database. In this sense, the platform is used as a communication channel, whereas the content of the information is the incident itself.