Security Triage una valutazione della sicurezza efficiente e compatibile con il ciclo aziendale, l'esperienza di Poste Italiane

Size: px
Start display at page:

Download "Security Triage una valutazione della sicurezza efficiente e compatibile con il ciclo aziendale, l'esperienza di Poste Italiane"

Transcription

1 Sicurezza Ciberne-ca Nazionale: consapevolezza e autovalutazione Security Triage una valutazione della sicurezza efficiente e compatibile con il ciclo aziendale, l'esperienza di Poste Italiane Fabio Massacci & M. Giacalone, R. Mammoliti, F. Paci, R. Perugino, C. Selli Trento, 10 ottobre

2 Security Triage una gestione della sicurezza efficiente e compatibile con il ciclo aziendale, l'esperienza di Poste Italiane v. 1.3a 2

3 Sicurezza Ciberne-ca Nazionale: consapevolezza e autovalutazione Organizzatori e sponsor evento Sponsor e sostenitori di ISACA VENICE Chapter Con il patrocinio di 3

4 Fabio Massacci Fabio Massacci è professore ordinario di Ingegneria dell'informazione all'univ. di Trento. Per UNITN è stato delegato del rettore per la Direzione Informatica per 7 anni e vice-director for education per l Italia dell'european Institute of Technology - ICT Labs. Collabora all'innovation Lab di Poste Italiane a Trento. Ha più di 150 pubblicazioni (h-index >30) e gestisce numerosi progetti di ricerca tra accademia-industria su security management, security economics, e sull'impatto dei progetti di ricerca sull'innovazione. E' socio ISACA dal 2008 ed ha scritto sull'isaca Journal su security management e compliance. 4

5 ABSTRACT Poste Italiane is a large corpora-on offering integrated services in banking and savings, postal services, and mobile communica-on. Every year, it receives thousands of change requests for its ICT services. Applying to each and every request a security assessment ``by the book' (being it COBIT, ISO27001, BSI, IAS etc.) is simply not possible. We report the experience by Poste Italiane of a lean methodology to iden-fy security requirements that can be inserted in the produc-on cycle of a normal company. The process is based on surveying the overall IT architectures Security surveying and then a lean dynamic process Security Triage to evaluate individual change requests, so that important changes get the asen-on they need, minor changes can be quickly implemented, and compliance and security obliga-ons are met. 5

6 Poste Italiane Largest Italian Employer banking, financial services, logis4c 19 Billion Euro turnaround, employees Security and Compliance Regula-ons European Banking Regula4on, EU Privacy Laws, Credit Cards PCI, Criminal Laws (PI serves legal no4ces), etc. etc. Thousands Services, Apps and Servers Every month 150+ change requests to IT Dept. Every year change requests 6

7 An Example Internal Web Site for Tracking Parcels Includes an authen4cated web- app to monitor single events Requests (together with 200 other changes) 1. Create a Dashboard on the screen 2. Add a field about nature of parcel (e.g. private customer, parking fine, legal no4ce, etc.) 3. Create a buton to export Dashboard result to excel Apparently not a major security problem 7

8 Change Implications are not obvious Internal Web Site for Tracking Parcels Includes an authen4cated web- app to monitor single events à not a big security problem Requests (together with 200 other changes) 1. Create a Dashboard on the screen 2. Add field about nature of parcel ( private customer, parking fine, legal no4ce, credit card ) 3. Create a buton to export Dashboard result to excel They do no have the same implica-ons! (2) makes data relevant to Judicial Proceedings profile à whole slate of security regula4ons applies 8

9 Security Assessment by the book (Security) Assessment is essen-al Proper Requirements analysis saves significant money Security should be considered from the early phases Bla bla, Blu Blu, ISO 27001, NIST , COBIT, BSI, IAS, EBIOS, Input: Effort + Assessment Method Iden4fy Assets à Threats and Risks à Security Controls Ouput: Security Requirements for IT Systems Ques-on: does Security Assessment always empirically deliver value? 9

10 Back of the Envelope Computation change requests x ISO questions x 300 on process/people + 16 on information on applications on Sw components on infrastructures on facilities 3minute each > minutes Divide 60min x 40 hours week x 48 weeks = 52 Full- -me equivalent/year à just for asking (and the work?) 10 10

11 Security Analysis by the book (ISO 27001, COBIT, BSI etc.) cannot empirically deliver value at the pace of change Get over it! but what is the alternative? v. 1.3a 11

12 Key Ideas NOT every change request deserves equally good (Security) Requirement analysis Triage, noun, medicine the assignment of degrees of urgency to wounds or illnesses to decide the order of treatment of a large number of pa4ents or casual4es. Survey, verb, architecture examine and record the area and features of (a large area of land) so as to construct a map, plan, or descrip4on. 12

13 Security Triage + Survey Security Survey (off- line = lengthy) Build map of IT architecture (more than UML diagram!) à assign business/security perimeter (heart a(ack, stroke, mild concussion etc.) à iden4fy rela4ve requirements (adrenaline shot, NMR scan, paracetamol, etc.) Security Triage (on- the- fly = quick) Make high level ques4ons on change requests à assess cri4cal features (chest pain, slurred speech, etc.) à decide order of security treatment (Red = Full SRE) 13

14 Questions for the Triage For every change requests security experts support change owner Ask what kind of of data you have and whether a compromise in ú Confiden4ality, Integrity, Availability (how lbig), Lead to an impact on Reputa4on, Financial losses, commercial hedge (against compe44on), legal obliga4ons, opera4onal efficiency FEW simple ques-ons for the change owner E.g. X hour of down4me (availability) may lead to a minor/ major/significant/business cri4cal loss of reputa4on Security experts determine security perimeters and cri-cality (1-5) based on answers 14

15 Empirical Measures Does it saves -me? Does it correctly iden-fy perimeters? That s not obvious à the actual ques-ons makes a huge difference If change owners don t understand ques4ons they are call back the security team to answer If you ask wrong ques4ons Change owner may 4ck no security analysis needed Wilcoxon- test says yes Mean of Effort to Perform the Security Assessment High D05 D16 ISRM D17 D04 D08 D06 D09 C5 C1 D12 D03 D10 D18 High Medium D13 D20 D15 C2 C3 Medium D21 C4 Low D01 D14 Medium Low D11 D22 D19 D07 DEPT ANALYSIS IMPACT Factors 15

16 Key Takeaways (Security) Triage determines which requests get high quality Assessment and which ones default one (Security) Survey background for decision (avoid overkilling and underes4ma4ng) providing template assessment dynamically updated ader each change requests It empirically works! And can be adopted on every change requests Pilot: from days/request à 5 days/request and shrinking 16

17 Grazie per l attenzione! Poste Italiane S&T htp://www.poste.it DistreTo Cybersecurity ú htp://www.distretocybersecurity.it University of Trento - Security htp://securitylab.disi.unitn.it Seconomics Project ú htp://www.seconomicsproject.eu 17

Le sfide per il Sistema della Ricerca Trentino nell ambito della gestione dell Identità Digitale

Le sfide per il Sistema della Ricerca Trentino nell ambito della gestione dell Identità Digitale Le sfide per il Sistema della Ricerca Trentino nell ambito della gestione dell Identità Digitale Alessandro Armando Security & Trust Research Unit Fondazione Bruno Kessler Identità Digitale: il ruolo della

More information

Risks and Countermeasures in the Public Cloud

Risks and Countermeasures in the Public Cloud Risks and Countermeasures in the Public Cloud Alessandro Vallega fond member of AIEA Security Business Development, Oracle Italy Oracle Community for Security Director Clusit Board of Directors Paragliding

More information

Cyber Risk Management with COBIT 5

Cyber Risk Management with COBIT 5 Cyber Risk Management with COBIT 5 Marco Salvato CISA, CISM, CGEIT, CRISC, COBIT 5 Approved Trainer 1 Agenda Common definition of Cyber Risk and related topics Differences between Cyber Security and IS

More information

Client Side Cross Site Scripting

Client Side Cross Site Scripting Client Side Cross Site Scripting 1 Client Side Cross Site Scripting CLIENT SIDE XSS - DI PAOLA 2 Soluzioni e sicurezza per applicazioni mobile e payments Consorzio Triveneto, azienda leader nei sistemi

More information

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO

More information

Serialization and Good Distribution Practices: Regulatory Impacts, Opportunities and Criticalities for Manufacturers and Drugs Distribution Chain

Serialization and Good Distribution Practices: Regulatory Impacts, Opportunities and Criticalities for Manufacturers and Drugs Distribution Chain Serialization and Good Distribution Practices: Regulatory Impacts, Opportunities and Criticalities for Manufacturers and Drugs Distribution Chain INTRODUCTION ISPE Italian Affiliate Bologna, April 17th

More information

Un esperienza di successo IDEAS: il progetto Advanced Grant MULTITHERMAN

Un esperienza di successo IDEAS: il progetto Advanced Grant MULTITHERMAN Un esperienza di successo IDEAS: il progetto Advanced Grant MULTITHERMAN Prof. Luca Benini -DEIS Bologna, 24 settembre 2012 Materiale riservato Alma Mater Studiorum Università di Bologna Deciding to try

More information

e INTESA: L'uso di sistemi italiani di telemedicina e loro Integrazione nel Sistema Sanitario Nazionale" L. Guerriero e R. Bedini

e INTESA: L'uso di sistemi italiani di telemedicina e loro Integrazione nel Sistema Sanitario Nazionale L. Guerriero e R. Bedini "ermete e INTESA: L'uso di sistemi italiani di telemedicina e loro Integrazione nel Sistema Sanitario Nazionale" L. Guerriero e R. Bedini Istituto di Fisiologia Clinica CNR, Pisa e-rmete Progetto e-r.me.te.

More information

DEHEMS project. Description of the Professional Domains ENGINEERING. Country: Italy

DEHEMS project. Description of the Professional Domains ENGINEERING. Country: Italy DEHEMS project Description of the Professional Domains ENGINEERING Country: Italy 1 1 Which study fields/study areas are covered by this professional domain? The engineering professional domain is related

More information

NIST Email Security Improvements. William C. Barker and Scott Rose October 22, 2015 M3AAWG 35 th General Meeting

NIST Email Security Improvements. William C. Barker and Scott Rose October 22, 2015 M3AAWG 35 th General Meeting NIST Email Security Improvements William C. Barker and Scott Rose October 22, 2015 M3AAWG 35 th General Meeting Presenters Scott Rose Computer Scientist, NIST ITL William (Curt) Barker Guest Researcher,

More information

Think like an MBA not a CISSP

Think like an MBA not a CISSP Think like an MBA not a CISSP Embracing University Culture to Achieve Security Initiatives' Matt Malone Security Services Director 512-650-0179 Matt.Malone@SLAITconsulting.com Goals Security is a business

More information

24 novembre 2014. Relatrici: Monica Proto e Carmela Cornacchia CNR-IMAA. Sportello APRE Basilicata/TeRN

24 novembre 2014. Relatrici: Monica Proto e Carmela Cornacchia CNR-IMAA. Sportello APRE Basilicata/TeRN BANDI DI INTERESSE in H2020 (SC2) 24 novembre 2014 Relatrici: Monica Proto e Carmela Cornacchia CNR-IMAA Sportello APRE Basilicata/TeRN Food security, sustainable agriculture and forestry, marine and maritime

More information

APC-Pro sa Computer Service

APC-Pro sa Computer Service Configuring, Managing and Troubleshooting Microsoft Exchange Service Pack 2 (10135B) Durata: 5 giorni Orario: 8:30 12:00 / 13:30-17.00 Costo per persona: CHF 1 900.-- (Min. 5 partecipanti) Obiettivi di

More information

Poste Italiane ICT Measurement

Poste Italiane ICT Measurement Poste Italiane ICT Measurement Paolo Baldelli DCPT Process and Technologies Central Department Poste Italiane S.p.A. 1 Direzione Centrale Processi e Tecnologie Agenda! Poste Italiane : the Company and

More information

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework Don t screw with my chain, dude! Jon Boyens Computer Security Division IT Laboratory November

More information

How Do You Secure An Environment Without a Perimeter?

How Do You Secure An Environment Without a Perimeter? How Do You Secure An Environment Without a Perimeter? Using Emerging Technology Processes to Support InfoSec Efforts in an Agile Data Center PTC Briefing January 18, 2015 About the Presenters CHARLA GRIFFY-BROWN

More information

Guide: How to fill out your Enrollment Application form for Master Degree courses

Guide: How to fill out your Enrollment Application form for Master Degree courses Guide: How to fill out your Enrollment Application form for Master Degree courses This guide is meant to help you fill out your enrollment application form for Master Degree courses Laurea Magistrale.

More information

scale per l arredamento d interni stairs for interior design www.scalainteriors.com

scale per l arredamento d interni stairs for interior design www.scalainteriors.com scale per l arredamento d interni stairs for interior design www.scalainteriors.com scale per l arredamento d interni stairs for interior design www.scalainteriors.com Collezione Scala. Una varietà di

More information

CALL FOR PROPOSAL. 5. For the purposes of this call for proposals, the following definitions apply:

CALL FOR PROPOSAL. 5. For the purposes of this call for proposals, the following definitions apply: Article 1 Subject Matter and Definitions CALL FOR PROPOSAL 1. The SIR Programme (Scientific Independence of young Researchers) is designed to support young researchers in the early stage of their independent

More information

Building an Effec.ve Cloud Security Program

Building an Effec.ve Cloud Security Program Building an Effec.ve Cloud Security Program Laura Posey Senior Security Strategist, Microso3 Corpora6on Co- Chair, CSA CAIQ Programming Chair, NY Metro CSA Chapter Is Cloud worth it? Yes! Pla?orm for Innova.on

More information

Cybersecurity@RTD Program Overview and 2015 Outlook

Cybersecurity@RTD Program Overview and 2015 Outlook Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration

More information

The new OWASP standard for the Web Application Penetration Testing

The new OWASP standard for the Web Application Penetration Testing Application Security: internet, mobile ed oltre The new OWASP standard for the Web Application Penetration Testing Matteo Meucci Venezia, 3 October 2014 1 Application Security: internet, mobile ed oltre

More information

ICT PSP: regole e consigli per la partecipazione

ICT PSP: regole e consigli per la partecipazione ICT PSP: regole e consigli per la partecipazione Iacopo De Angelis NCP ICT PSP APRE APRE Chi è Centro di ricerca no-profit, creato nel 1990 con il patrocinio del Ministero della Ricerca e della Commissione

More information

HIPAA Breaches, Security Risk Analysis, and Audits

HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC What cons?tutes PHI? HIPAA provides a list of 18 iden?fiers that cons?tute PHI. Any one of these iden?fiers

More information

70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network (Corso MS-2823)

70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network (Corso MS-2823) 70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network (Corso MS-2823) A chi si rivolge: amministratori di sistemi o ingegneri di sistemi che dispongono delle competenze

More information

The Open Archive at the University of Verona. Maria Gabaldo May 26, 2011

The Open Archive at the University of Verona. Maria Gabaldo May 26, 2011 The Open Archive at the University of Verona Maria Gabaldo May 26, 2011 My Research Office Research Office Organisation Direction and Coordination UNIT 1: National and International PhD Office UNIT 3:

More information

BUILD YOUR CYBERSECURITY SKILLS WITH NRB

BUILD YOUR CYBERSECURITY SKILLS WITH NRB BUILD YOUR CYBERSECURITY SKILLS WITH NRB BECOME A PECB CERTIFIED ISO 27001 AUDITOR OR INSTRUCTOR NRB established a partnership with the Professional Evaluation and Certification Board (PECB) to enrich

More information

Sicurezza Data Center 22 giugno 2015. Fabio Paravani Regional Account Manager

Sicurezza Data Center 22 giugno 2015. Fabio Paravani Regional Account Manager Sicurezza Data Center 22 giugno 2015 Fabio Paravani Regional Account Manager A world safe for exchanging digital information CEO Founded Headquarters Employees Offices 2012 Sales Eva Chen 1988, United

More information

E U R O P E A N C U R R I C U L U M V I T A E F O R M A T PERSONAL INFORMATION

E U R O P E A N C U R R I C U L U M V I T A E F O R M A T PERSONAL INFORMATION E U R O P E A N C U R R I C U L U M V I T A E F O R M A T PERSONAL INFORMATION Name Address Telephone Luca Nocco Via Agostini Della Seta, 8, Pisa (56121), Italy. + 39 050 981407 (ab.) + 39 347 7823875

More information

La soluzione Vmware View per l End User Computing (EUC) Alan Calegari System Engineer & Pre-Sales Specialist

La soluzione Vmware View per l End User Computing (EUC) Alan Calegari System Engineer & Pre-Sales Specialist La soluzione Vmware View per l End User Computing (EUC) Alan Calegari System Engineer & Pre-Sales Specialist Il Cloud sta cambiando gli ambienti informatici Data Apps Computing Public Cloud Data Apps Computing

More information

Integrazione di un ERP in un Sistema Informatico esistente. [3] S. Shankarnarayanan: "ERP Systems -- Using IT to gain a competitive advantage"

Integrazione di un ERP in un Sistema Informatico esistente. [3] S. Shankarnarayanan: ERP Systems -- Using IT to gain a competitive advantage 7. BIBLIOGRAFIA [1] I. Jacobson: "The Object Advantage Business Process Reingeneering with Object Tecnology" - Addison Wesley, 1995 [2] Sudhakar Ram: "Enterprise Resource Planning" http://www.expressindia.com/newads/bsl/plan.htm

More information

Tutta la formazione che cerchi, su misura per te.

Tutta la formazione che cerchi, su misura per te. Implementing and Administering Internet Information Services (IIS) 6.0 MOC2576-3 Giorni - 1.190.000 + iva Prerequisiti Almeno due anni di esperienza nell amministrazione di sistemi basati su Windows Servers:

More information

Marie Skłodowska Curie Individual Fellowships. Scientific Research and Technological Transfer Division University of Trento May 29 th 2014

Marie Skłodowska Curie Individual Fellowships. Scientific Research and Technological Transfer Division University of Trento May 29 th 2014 Marie Skłodowska Curie Individual Fellowships Scientific Research and Technological Transfer Division University of Trento May 29 th 2014 DSRSTT PROGRAMMA 9.30-10.00 Principali caratteristiche bandi Marie

More information

Compliance Applicata. Milano, 7 febbraio 2007. Dr. Jean Paul Ballerini Sr. Technology Solutions Expert

Compliance Applicata. Milano, 7 febbraio 2007. Dr. Jean Paul Ballerini Sr. Technology Solutions Expert Compliance Applicata Milano, 7 febbraio 2007 Dr. Jean Paul Ballerini Sr. Technology Solutions Expert Legislazione e Normative Terrorism Act 2000 Sarbanes Oxley Act FSA CMA HIPAA Here is another one Obscene

More information

Enterprise Risk Management: Strategie e Soluzioni a confronto

Enterprise Risk Management: Strategie e Soluzioni a confronto Enterprise Risk Management: Strategie e Soluzioni a confronto - Milano 25 Settembre 2008 Fabio Battelli, CISSP, CISA Practice Manager - Advisory Services Symantec Consulting Services Symantec Global Services

More information

Computer Emergency Response Team of Poste Italiane ESSoS 15 - Engineering Secure Software and Systems March 4-6, 2015 Milan, Italy

Computer Emergency Response Team of Poste Italiane ESSoS 15 - Engineering Secure Software and Systems March 4-6, 2015 Milan, Italy Mobile Application VERIfication Cluster Platform Computer Emergency Response Team of Poste Italiane ESSoS 15 - Engineering Secure Software and Systems March 4-6, 2015 Milan, Italy Authors Poste Italiane

More information

studio di architettura progettazione e design FilipponiArchitettura

studio di architettura progettazione e design FilipponiArchitettura Filipponi Architecture s Studio, based in Rome, operates since 1957 in trade of building, renovation and interior decoration and. To combine different experiences and to ensure the best production process,

More information

Websense TRITON. Ferdinando Mancini Sr. Sales Engineer

Websense TRITON. Ferdinando Mancini Sr. Sales Engineer Websense TRITON Raggiungere un elevato livello di integrazione di soluzioni e piattaforme grazie ad una nuova ed unica suite dedicata alla sicurezza dei contenuti Ferdinando Mancini Sr. Sales Engineer

More information

WSECU Cyber Security Journey. David Luchtel VP IT Infrastructure & Opera:ons

WSECU Cyber Security Journey. David Luchtel VP IT Infrastructure & Opera:ons WSECU Cyber Security Journey David Luchtel VP IT Infrastructure & Opera:ons Objec:ve of Presenta:on Share WSECU s journey Overview of WSECU s Security Program approach Overview of WSECU s self- assessment

More information

CC Security : European contribute?

CC Security : European contribute? CC Security : European contribute? Security : critical Cloud World CERT - "Computer Emergency Response Team" What cloud is not! A new paradigm not a new technology Not a product nor a system... rather

More information

S24 Virtualiza.on Security from the Auditor Perspec.ve

S24 Virtualiza.on Security from the Auditor Perspec.ve S24 Virtualiza.on Security from the Auditor Perspec.ve Rob Clyde, CEO, Adap.ve Compu.ng; former CTO, Symantec David Lu, Senior Product Manager, Trend Micro Hemma Prafullchandra, CTO/SVP Products, HyTrust

More information

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Agenda Importance of Common Cloud Standards Outline current work undertaken Define

More information

Corso: Administering Microsoft SQL Server 2012 Databases Codice PCSNET: MSQ2-1 Cod. Vendor: 10775 Durata: 5

Corso: Administering Microsoft SQL Server 2012 Databases Codice PCSNET: MSQ2-1 Cod. Vendor: 10775 Durata: 5 Corso: Administering Microsoft SQL Server 2012 Databases Codice PCSNET: MSQ2-1 Cod. Vendor: 10775 Durata: 5 Obiettivi Pianificare e installare SQL Server. Descrive i database di sistema, la struttura fisica

More information

Telecom Italia - Nuovo Portale Fornitori. Operation Manual for Self-registration. New Suppliers Portal. Self-registration Guide 07/11/2011

Telecom Italia - Nuovo Portale Fornitori. Operation Manual for Self-registration. New Suppliers Portal. Self-registration Guide 07/11/2011 New Suppliers Portal Self-registration Guide 07/11/2011 Stato del documento revision e data sintesi dei cambiamenti (approvato da) V1.0 24/06/11 Prima versione Sintesi dei cambiamenti lista dei principali

More information

The B2G electronic invoicing in Italy 1 year later

The B2G electronic invoicing in Italy 1 year later July 2015 The B2G electronic invoicing in Italy 1 year later Dr Umberto Zanini www.umbertozanini.com @umbertozanini Copyright 2015 Umberto Zanini Implementation timescales 6 June 2013 6 December 2013 6

More information

Payment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment

Payment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment Payment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment Retail establishments have always been a favorite target of thieves and shoplifters, but today s worst criminals

More information

REST (Representa.onal State Transfer) Ingegneria del So-ware e Lab. Università di Modena e Reggio Emilia Do<. Marzio Franzini

REST (Representa.onal State Transfer) Ingegneria del So-ware e Lab. Università di Modena e Reggio Emilia Do<. Marzio Franzini REST (Representa.onal State Transfer) Ingegneria del So-ware e Lab. Università di Modena e Reggio Emilia Do

More information

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy By David J Lineman

More information

LA FILIERA SW DEL DISTRETTO HIGH TECH le Aziende presentano i loro prodotti e progetti

LA FILIERA SW DEL DISTRETTO HIGH TECH le Aziende presentano i loro prodotti e progetti LA FILIERA SW DEL DISTRETTO HIGH TECH le Aziende presentano i loro prodotti e progetti Valorizzare le sinergie della rete per creare valore aggiunto 15 Aprile 2014 APA Confartigianato Monza Flavio VENTRE

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy

More information

Milano (Italia) Light Nova Lighting

Milano (Italia) Light Nova Lighting Milano (Italia) Light Nova Lighting Light Nova is one of Neri s most innovative products in terms of lighting performance and design. Designed by our team and tested in our labs, it combines a vintage

More information

Corso: Mastering Microsoft Project 2010 Codice PCSNET: MSPJ-11 Cod. Vendor: 50413 Durata: 3

Corso: Mastering Microsoft Project 2010 Codice PCSNET: MSPJ-11 Cod. Vendor: 50413 Durata: 3 Corso: Mastering Microsoft Project 2010 Codice PCSNET: MSPJ-11 Cod. Vendor: 50413 Durata: 3 Obiettivi Comprendere la disciplina del project management in quanto si applica all'utilizzo di Project. Apprendere

More information

Corso: Microsoft Project Server 2010 Technical Boot Camp Codice PCSNET: AAAA-0 Cod. Vendor: - Durata: 5

Corso: Microsoft Project Server 2010 Technical Boot Camp Codice PCSNET: AAAA-0 Cod. Vendor: - Durata: 5 Corso: Microsoft Project Server 2010 Technical Boot Camp Codice PCSNET: AAAA-0 Cod. Vendor: - Durata: 5 Obiettivi Comprendere la terminologia Project Server e i componenti principali del sistema Descrivere

More information

Evento di apertura dell edizione edizione 2006

Evento di apertura dell edizione edizione 2006 IeLM * International elearning Master Evento di apertura dell edizione edizione 2006 Roma, Sala Conferenze - CNIPA, 6 aprile 2006 IeLM - Patrocini e sponsor CNIPA e MIT: patrocinio MIUR: supporto per l

More information

The following symbols are used in the tables: the event exists, but some figures are unknown for whatever reason.

The following symbols are used in the tables: the event exists, but some figures are unknown for whatever reason. General instructions Conventional symbols The following symbols are used in the tables: Line (-) a) the event does not exist; b) the event exists and is measured, but no cases have been recorded. Three

More information

Milano (Italia) Light Nova Lighting

Milano (Italia) Light Nova Lighting Milano (Italia) Light Nova Lighting Light Nova is one of Neri s most innovative products in terms of lighting performance and design. Designed by our team and tested in our labs, it combines a vintage

More information

Intelligent Motorola Portable Radio Energy System

Intelligent Motorola Portable Radio Energy System IMPRES Smart Energy System Intelligent Motorola Portable Radio Energy System IMPRES Marketing Presentation IMPRES Battery - Intelligent Date produzione batteria Data inizio primo uso IMPRES Numero di carica

More information

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...

More information

Workshop on: Efficient service distribution in next generation cloud networks

Workshop on: Efficient service distribution in next generation cloud networks Tuesday 10 February 2015, Time:9-13.00 Room SOFTEL, Floor I, Ed. 3/A DIETI - Via Claudio, 21 NAPOLI Workshop on: Efficient service distribution in next generation cloud networks Schedule 9 am -10 am Dr.

More information

National policy for the flood risk management plans (FD implementation)

National policy for the flood risk management plans (FD implementation) National policy for the flood risk management plans (FD implementation) Giuseppina Monacelli, Barbara Lastoria ISPRA Italian National Institute for Environmental Protection and Research ISPRA: Italian

More information

Alberto Meneghini! Security Leader, IBM Italia! IBM Security. 2015 IBM Corporation. 12015 IBM Corporation

Alberto Meneghini! Security Leader, IBM Italia! IBM Security. 2015 IBM Corporation. 12015 IBM Corporation Alberto Meneghini! Security Leader, IBM Italia! 12015 IBM Corporation Esistono istituzioni finanziarie che sanno cosa significa essere attaccate ed altre che neppure lo immaginano. In quale vi riconoscete?!

More information

Tecnologia e Applicazioni Internet 2008/9

Tecnologia e Applicazioni Internet 2008/9 Tecnologia e Applicazioni Internet 2008/9 Lezione 4 - Rest Matteo Vaccari http://matteo.vaccari.name/ matteo.vaccari@uninsubria.it What is REST? Roy Fielding Representational State Transfer Roy T. Fielding

More information

USER GUIDE BIOFUEL PRODUCERS

USER GUIDE BIOFUEL PRODUCERS USER GUIDE BIOFUEL PRODUCERS Application used to fill out and submit applications for the accreditation of "favored" biofuel production plants - Decree of the Minister for Economic Development dated February

More information

Procedure deliberative per il compimento di operazioni con soggetti collegati

Procedure deliberative per il compimento di operazioni con soggetti collegati COMMENTS TO THE DISCUSSION PAPER OF THE BANK OF ITALY S DISPOSIZIONI DI VIGILANZA PRUDENZIALE PER LE BANCHE SISTEMA DEI CONTROLLI INTERNI, SISTEMA INFORMATIVO E CONTINUITÀ OPERATIVA Deutsche Bank SpA Procedure

More information

Report Book: Retina Network Security Scanner Unlimited

Report Book: Retina Network Security Scanner Unlimited REPORT BOOK Report Book: Retina Network Security Scanner Unlimited Version 5.20 January 2015 1 Table of Contents Retina Network Security Scanner Unlimited... 3 Report Title: Remediation Report... 3 Report

More information

SAP FORUM 2014 Hana Cloud Portal: Il cloud come ti serve

SAP FORUM 2014 Hana Cloud Portal: Il cloud come ti serve SAP FORUM 2014 Hana Cloud Portal: Il cloud come ti serve Dario Tripolisi Milano, 30/10/2014 Agenda Altevie Technologies Progetto «Pirelli Hana Cloud Portal» La piattaforma Cloud SAP SuccessFactors Extension

More information

10 Steps to Preparedness

10 Steps to Preparedness 10 Steps to Preparedness Key Take- Aways Review basics of disaster recovery and con2nuity of opera2ons. Understand what you can do to prepare your pool and its members for an unplanned interrup2on. Ini2ate

More information

Govern IT! Possible ways for R+D+i on Computer and Management Sciences, together

Govern IT! Possible ways for R+D+i on Computer and Management Sciences, together Govern IT! Possible ways for R+D+i on Computer and Management Sciences, together Professor Carlos Juiz Universitat de les Illes Balears UIB, Spain Industrial experience Programmer TUI (1989-90), Systems

More information

Belgrade 12 December 2011. Luke Brucato Manager CRIF Certification Services l.brucato@crif.com

Belgrade 12 December 2011. Luke Brucato Manager CRIF Certification Services l.brucato@crif.com Belgrade 12 December 2011 Luke Brucato Manager CRIF Certification Services l.brucato@crif.com Agenda Why does property valuation matter? The EC Mortgage Credit Directive Proposal impact on the bank What

More information

IT Change Management Process Training

IT Change Management Process Training IT Change Management Process Training Before you begin: This course was prepared for all IT professionals with the goal of promo9ng awareness of the process. Those taking this course will have varied knowledge

More information

Introduction to Information Security Management

Introduction to Information Security Management Introduction to Information Security Management CIS 8080 Security and Privacy of Information and Information Systems Richard Baskerville Georgia State University 1 Principles Information Security Management

More information

HIPAA Basics. Health Insurance Portability and Accountability Act of 1996

HIPAA Basics. Health Insurance Portability and Accountability Act of 1996 HIPAA Basics Health Insurance Portability and Accountability Act of 1996 HIPAA: What Is HIPAA? Protects the privacy of healthcare informa@on for all Americans, including the individuals you support Protects

More information

Industrial Control Systems Security. Denny Gregianin_Sales Area Manager

Industrial Control Systems Security. Denny Gregianin_Sales Area Manager Industrial Control Systems Security Denny Gregianin_Sales Area Manager VEM in Numbers 5 29 170 800 495 5000 Dipendenti e Fatturato Design & Delivery NOC SOC HR & Quality Operations Custom Application Development

More information

Vendor Management Panel Discussion. Managing 3 rd Party Risk

Vendor Management Panel Discussion. Managing 3 rd Party Risk Vendor Management Panel Discussion Managing 3 rd Party Risk Vendor Risk at its Finest Vendor Risk at its Finest CVS Care Mark Corporation announced that it had mistakenly sent letters to approximately

More information

KEY TRENDS AND DRIVERS OF SECURITY

KEY TRENDS AND DRIVERS OF SECURITY CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures

More information

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls

More information

Legacy Archiving How many lights do you leave on? September 14 th, 2015

Legacy Archiving How many lights do you leave on? September 14 th, 2015 Legacy Archiving How many lights do you leave on? September 14 th, 2015 1 Introductions Wendy Laposata, Himforma(cs Tom Chase, Cone Health 2 About Cone Health More than 100 loca=ons 6 hospitals, 3 ambulatory

More information

APC-Pro sa Computer Service

APC-Pro sa Computer Service Configuring, Managing and Maintaining Windows Server 2008-based Servers (6419B) Durata: 5 giorni Orario: 8:30 12:00 / 13:30-17.00 Costo per persona: CHF 1 900.-- (Min. 5 partecipanti) Obiettivi di formazione

More information

Dall Information Security alla Cyber Security, e ritorno

Dall Information Security alla Cyber Security, e ritorno Dall Information Security alla Cyber Security, e ritorno (Come migliorare la sicurezza dell azienda attraverso un efficace governo degli incidenti) Luca Bechelli (CLUSIT) Marco Di Leo (HP) Fabio Vernacotola

More information

DBA Group Srl Web Based Applications & Software Solutions

DBA Group Srl Web Based Applications & Software Solutions DBA Group Srl Web Based Applications & Software Solutions About DBA Group DBA GROUP DBA Group Srl is a holding company based in Italy consisting of enterprises operating in Civil Engineering, Plant Design,

More information

THE FIVE NEW PCI COMPLIANCE RULES YOU NEED TO KNOW

THE FIVE NEW PCI COMPLIANCE RULES YOU NEED TO KNOW THE FIVE NEW PCI COMPLIANCE RULES YOU NEED TO KNOW By Stephen Cobb, ESET senior security researcher. If your business accepts credit or debit cards, then you know that PCI DSS stands for Payment Card Industry

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity January 2016 cyberframework@nist.gov Improving Critical Infrastructure Cybersecurity It is the policy of the United States to enhance the security

More information

Hawaii s Phased Plan for Alignment and Implementa7on of NGA s A Call to Ac-on for Cybersecurity

Hawaii s Phased Plan for Alignment and Implementa7on of NGA s A Call to Ac-on for Cybersecurity Hawaii s Phased Plan for Alignment and Implementa7on of NGA s A Call to Ac-on for Cybersecurity Sanjeev Sonny Bhagowalia Governor s Chief Advisor on Technology and Cybersecurity State of Hawaii 11 Defini7on:

More information

Harmonizing Your Compliance and Security Objectives. Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology

Harmonizing Your Compliance and Security Objectives. Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology Harmonizing Your Compliance and Security Objectives Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology Make sure efforts serve multiple purposes Use standards to guide effort Repeatable

More information

La ricerca Socio-Economica e Umanistica in Horizon 2020

La ricerca Socio-Economica e Umanistica in Horizon 2020 La ricerca Socio-Economica e Umanistica in Horizon 2020 Monique Longo, APRE NCP SocietalChallenge 6 Europein a changingworld Inclusive, Innovative and Reflective Societies [MISSION] Content Horizon 2020:

More information

Workshop on: Efficient service distribution in next generation cloud networks

Workshop on: Efficient service distribution in next generation cloud networks Tuesday 10 February 2015, Time:9-13.00 Room SOFTEL, Floor I, Ed. 3/A DIETI - Via Claudio, 21 NAPOLI Workshop on: Efficient service distribution in next generation cloud networks Schedule 9 am -10 am Dr.

More information

PCI VERSION 2.0 AND RISK MANAGEMENT. Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management

PCI VERSION 2.0 AND RISK MANAGEMENT. Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management PCI VERSION 2.0 AND RISK MANAGEMENT Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management Objec&ve: Protect cardholder data (CHD) wherever it resides Applica&on: All card

More information

ISWA Main Sponsors: David Newman. President of ISWA. Reflections on The Circular Economy

ISWA Main Sponsors: David Newman. President of ISWA. Reflections on The Circular Economy ISWA Main Sponsors: David Newman President of ISWA Reflections on The Circular Economy Energy, limited resources? It s about costs and emissions, not supplies Limited primary resources? Pulp prices 2008-2013

More information

Put the Magic in Your Email Marke4ng

Put the Magic in Your Email Marke4ng Put the Magic in Your Email Marke4ng April 8, 2015 Michelle Novak mnovak@presslaff.com Your Inland Wizards Put the Magic in Your Email Marke4ng Stop blas9ng messages and start crea9ng compelling engaging

More information

Dal PDM al PLM, architettura tradizionale e piattaforma Cloud : l'integrazione facilitata dalla nuova tecnologia

Dal PDM al PLM, architettura tradizionale e piattaforma Cloud : l'integrazione facilitata dalla nuova tecnologia Dal PDM al PLM, architettura tradizionale e piattaforma Cloud : l'integrazione facilitata dalla nuova tecnologia Riccardo Ceccanti Sales Manager Man and Machine Software Srl Di cosa parleremo: Man and

More information

Information Security and Risk Management

Information Security and Risk Management Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management

More information

Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering Internetworking II: MPLS, Security, and Traffic Engineering 3035/GZ01 Networked Systems Kyle Jamieson Department of Computer Science University College London Last Fme: Internetworking IP interconnects

More information

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework ) 10 October 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Experience with the Framework for Improving Critical Infrastructure

More information

CURRICULUM VITAE. Simone Poledrini. Home. Via Eremita, n2 - Perugia, address:

CURRICULUM VITAE. Simone Poledrini. Home. Via Eremita, n2 - Perugia, address: CURRICULUM VITAE Simone Poledrini Personal details Office Department of Economics Home Via Eremita, n2 - Perugia, address: University of Perugia address: 06100, Italy Via Pascoli - Perugia, 06123, Italy

More information

1 Actuate Corpora-on 2013. Big Data Business Analy/cs

1 Actuate Corpora-on 2013. Big Data Business Analy/cs 1 Big Data Business Analy/cs Introducing BIRT Analy3cs Provides analysts and business users with advanced visual data discovery and predictive analytics to make better, more timely decisions in the age

More information

Next Step Publishing. Federico Ruberti Fake Press. Roma, 7 dicembre 2010, Digital Cafè, Più libri più liberi 2010.

Next Step Publishing. Federico Ruberti Fake Press. Roma, 7 dicembre 2010, Digital Cafè, Più libri più liberi 2010. Next Step Publishing Federico Ruberti Fake Press Roma, 7 dicembre 2010, Digital Cafè, Più libri più liberi 2010. Fake Press Think-tank italiano e internazionale che investiga, sviluppa e realizza modelli

More information

Trends in Information Technology (IT) Auditing

Trends in Information Technology (IT) Auditing Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan

More information

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

LogInspect 5 Product Features Robust. Dynamic. Unparalleled. LogInspect 5 Product Features Robust. Dynamic. Unparalleled. Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics, eg: Top 10

More information