SERIMA - Global Cybersecurity Platform
SERIMA (SEcurity RIsk MAnagement)
SERIMA is a global cybersecurity platform based on open source technology that is free to use.
This platform is available to entities subject to security obligations. It allows them to notify the Institute of their security measures and incidents.
SERIMA includes various modules, including:
- Risk analysis module, based on MONARC
- Incident notification module
Other modules are currently being developed, including:
- Security objectives module
- Report generation module
- Dependencies module
- Self-learning module
SERIMA modules
Platform fully configurable by authorities
- Multi-regulation
- Multi-regulator
- National platform
- Multi-sector
- Interactive
- Multi-language
The Luxembourgish portal is available in French, German, and English.
Incident notification module
The incident notification module is intended for entities that are legally required to report incidents. It can also be used by entities wishing to report an incident on a voluntary basis.
If you are unsure whether an incident meets the notification criteria, it is always best to report it to the Institute. Reporting an incident will not result in any penalties and demonstrates transparency. Conversely, failure to report an incident that meets the legal criteria may result in penalties.
Legal basis and criteria for incident reporting
Incident reporting is part of the obligations related to:
- Law of May 28, 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of July 6, 2016 concerning measures to ensure a high common level of security of network and information systems in the European Union.
- Law of December 17, 2021 on electronic communications networks and services
To find out which incidents must be reported to the ILR, please refer to the regulations defining the criteria and thresholds for your sector or sub-sector of activity. (For example: gas energy, electricity energy, road transport, rail transport, air transport, digital infrastructure, electronic communications, health, drinking water)
Partnership
Guides and documentation
Please find here a user guide for SERIMA
Please find here the documentation for Monarc
SERIMA training
The Institute organises training courses on the use of SERIMA for entities subject to security obligations.
The dates of future training sessions are announced on our website and in the newsletter. (Please subscribe to our newsletter to stay informed.)
Access and Support
The incident notification module is accessible to everyone. It can be used by both registered users and those who do not yet have an account. The latter can create an account directly on the website.
For the other modules, an account is required. Operators affected by the NIS or the EECC have an account set up by the Institute. Entities that will be affected by NIS2 will be given an account, which will be made available to them by the Institute after both the entry into force of NIS2 and their self-registration.
For any support, please contact serima(at)ilr(dot)lu or (+352) 28 228 380.