Pierluigi Paganini August 01, 2016

The Italian model with regard to issues of cyber security and intelligence is in the process of evolution through a NATIONAL FRAMEWORK.

The economic and technological systems of Western countries are highly dependent on CyberSpace, they require more and more accurate risk analysis and management of threats relate to a significant increase in cyber attacks and their complexity. The Italian model with regard to issues of cyber security and intelligence is in the process of evolution through a NATIONAL FRAMEWORK. The

The Italian model with regard to issues of cyber security and intelligence is in the process of evolution through a NATIONAL FRAMEWORK. The current Framework presented in February 2016 by On.Minniti and Professor Baldoni actualizes two important facts:

• Italy has introduced an innovative reference model that represents an accelerator of the National Strategic Plan for Cyber Security at which all companies and government agencies are invited to attend.
• The reference model draws on the American NIST Framework (National Institute of Standards and Technology) for the improvement of critical infrastructure Cybersecurity, made of 5 main functions:

1. Identify function is linked to the understanding of the business environment, the assets that support critical business processes and their associated risks. In fact, this understanding allows an organization to define online resources and investment with the risk management strategy and business objectives. The Category within this Function are: Asset Management; business environment; governance; Risk assessment; risk management strategy.
2. Protect function is associated with the implementation of those measures for the protection of business and enterprise asset processes, regardless of their digital nature. The inside of this Function Category are: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.
3. Detect function is associated with the definition and implementation of appropriate activities for the timely detection of computer security incidents. The Category within this Function are: Anomalies and Events; Security Continuous Monitoring; Processes and Detection
4. Respond function is related to the definition and implementation of appropriate activities to intervene when a computer security incident was detected. The goal is to limit the impact caused by an accident potential computer security. The inside of this Function Category are: Planning; Communications; Analysis; mitigation; and Improvements.
5. Recover function is associated with the definition and implementation of activities for the management of the plans and activities for the restoration of processes and services impacted by an accident. The goal is to ensure the resilience of the systems and infrastructure and, in case of accident, support the timely recovery of business operations. The inside of this Function Category are: Recovery Planning; Improvements; and Communication

NIST models transposing the Standards ISO 27001 Information Security Management System
and  Standards ISO 31000 Risk Management.

The Italian model, falls on the American model, in Italian actually providing integration between different types of standards, corporate organizational structures, and their types and manage the associated risks.

Choosing from US Framework it was made considering that the response to cyber threats should provide an alignment internationally as well as at the country level system. This also to allow multinational companies to align their processes for managing cyber security more easily on an international scale.

The current model is however not exhaustive as it does not emphasize preventive measure dynamic attacks with countermeasures in industrial espionage contexts to companies and research centers. To this end, we need a communication and research process with the involvement of the civil and military intelligence structures (DIS, AISI, AISE) both on national scenarios both on transnational scenarios. This involvement needs to reference standards to support specific protocols between public and private organizations and intelligence structures in the event of terrorist attacks or industrial espionage or simply redefining induced in crisis scenarios of new geopolitical boundaries in Italian strategic sectors such as: RESEARCH, DEFENSE, ENERGY, TELECOMMUNICATIONS, AGRIBUSINESS, TOURISM, HIGH FASHION.
It is also necessary to create suitable operating centers for security and intelligence (Cyber Security Operational Center CSOC) dealing with security issues in a strategic, tactical and operational national and transnational, and where they will be analyzed and related to Dynamic Data Mining Techniques millions of data.

About the Author: Prof. Francesco Corona

Cyber Intelligence expert – Security Affairs Writer.
Teacher and member of the Scientific Committee of the Master in Security and Cybersecurity at LINK CAMPUS UNIVERSITY Rome (http://www.unilink.it/cuap-sicurezza-informatica-cyber-security-security-manager/ ),for over thirty years working in the security sector and she perfected their knowledge in professional activities and US foreign courses. He stood out in teaching activities for the specialized training to technical and telematic CyberSecurity at SISDE (AISI) participating in numerous tables of discussion and planning of national security plans for critical infrastructure and the protection of Made in Italy. Author of numerous articles in security wrote for the magazine of the Intelligence GNOSIS services.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Italian Cybersecurity National Framework, Cyber Security)