Security Triage una valutazione della sicurezza efficiente e compatibile con il ciclo aziendale, l'esperienza di Poste Italiane
|
|
- Bernadette Nicholson
- 8 years ago
- Views:
Transcription
1 Sicurezza Ciberne-ca Nazionale: consapevolezza e autovalutazione Security Triage una valutazione della sicurezza efficiente e compatibile con il ciclo aziendale, l'esperienza di Poste Italiane Fabio Massacci & M. Giacalone, R. Mammoliti, F. Paci, R. Perugino, C. Selli Trento, 10 ottobre
2 Security Triage una gestione della sicurezza efficiente e compatibile con il ciclo aziendale, l'esperienza di Poste Italiane v. 1.3a 2
3 Sicurezza Ciberne-ca Nazionale: consapevolezza e autovalutazione Organizzatori e sponsor evento Sponsor e sostenitori di ISACA VENICE Chapter Con il patrocinio di 3
4 Fabio Massacci Fabio Massacci è professore ordinario di Ingegneria dell'informazione all'univ. di Trento. Per UNITN è stato delegato del rettore per la Direzione Informatica per 7 anni e vice-director for education per l Italia dell'european Institute of Technology - ICT Labs. Collabora all'innovation Lab di Poste Italiane a Trento. Ha più di 150 pubblicazioni (h-index >30) e gestisce numerosi progetti di ricerca tra accademia-industria su security management, security economics, e sull'impatto dei progetti di ricerca sull'innovazione. E' socio ISACA dal 2008 ed ha scritto sull'isaca Journal su security management e compliance. 4
5 ABSTRACT Poste Italiane is a large corpora-on offering integrated services in banking and savings, postal services, and mobile communica-on. Every year, it receives thousands of change requests for its ICT services. Applying to each and every request a security assessment ``by the book' (being it COBIT, ISO27001, BSI, IAS etc.) is simply not possible. We report the experience by Poste Italiane of a lean methodology to iden-fy security requirements that can be inserted in the produc-on cycle of a normal company. The process is based on surveying the overall IT architectures Security surveying and then a lean dynamic process Security Triage to evaluate individual change requests, so that important changes get the asen-on they need, minor changes can be quickly implemented, and compliance and security obliga-ons are met. 5
6 Poste Italiane Largest Italian Employer banking, financial services, logis4c 19 Billion Euro turnaround, employees Security and Compliance Regula-ons European Banking Regula4on, EU Privacy Laws, Credit Cards PCI, Criminal Laws (PI serves legal no4ces), etc. etc. Thousands Services, Apps and Servers Every month 150+ change requests to IT Dept. Every year change requests 6
7 An Example Internal Web Site for Tracking Parcels Includes an authen4cated web- app to monitor single events Requests (together with 200 other changes) 1. Create a Dashboard on the screen 2. Add a field about nature of parcel (e.g. private customer, parking fine, legal no4ce, etc.) 3. Create a buton to export Dashboard result to excel Apparently not a major security problem 7
8 Change Implications are not obvious Internal Web Site for Tracking Parcels Includes an authen4cated web- app to monitor single events à not a big security problem Requests (together with 200 other changes) 1. Create a Dashboard on the screen 2. Add field about nature of parcel ( private customer, parking fine, legal no4ce, credit card ) 3. Create a buton to export Dashboard result to excel They do no have the same implica-ons! (2) makes data relevant to Judicial Proceedings profile à whole slate of security regula4ons applies 8
9 Security Assessment by the book (Security) Assessment is essen-al Proper Requirements analysis saves significant money Security should be considered from the early phases Bla bla, Blu Blu, ISO 27001, NIST , COBIT, BSI, IAS, EBIOS, Input: Effort + Assessment Method Iden4fy Assets à Threats and Risks à Security Controls Ouput: Security Requirements for IT Systems Ques-on: does Security Assessment always empirically deliver value? 9
10 Back of the Envelope Computation change requests x ISO questions x 300 on process/people + 16 on information on applications on Sw components on infrastructures on facilities 3minute each > minutes Divide 60min x 40 hours week x 48 weeks = 52 Full- -me equivalent/year à just for asking (and the work?) 10 10
11 Security Analysis by the book (ISO 27001, COBIT, BSI etc.) cannot empirically deliver value at the pace of change Get over it! but what is the alternative? v. 1.3a 11
12 Key Ideas NOT every change request deserves equally good (Security) Requirement analysis Triage, noun, medicine the assignment of degrees of urgency to wounds or illnesses to decide the order of treatment of a large number of pa4ents or casual4es. Survey, verb, architecture examine and record the area and features of (a large area of land) so as to construct a map, plan, or descrip4on. 12
13 Security Triage + Survey Security Survey (off- line = lengthy) Build map of IT architecture (more than UML diagram!) à assign business/security perimeter (heart a(ack, stroke, mild concussion etc.) à iden4fy rela4ve requirements (adrenaline shot, NMR scan, paracetamol, etc.) Security Triage (on- the- fly = quick) Make high level ques4ons on change requests à assess cri4cal features (chest pain, slurred speech, etc.) à decide order of security treatment (Red = Full SRE) 13
14 Questions for the Triage For every change requests security experts support change owner Ask what kind of of data you have and whether a compromise in ú Confiden4ality, Integrity, Availability (how lbig), Lead to an impact on Reputa4on, Financial losses, commercial hedge (against compe44on), legal obliga4ons, opera4onal efficiency FEW simple ques-ons for the change owner E.g. X hour of down4me (availability) may lead to a minor/ major/significant/business cri4cal loss of reputa4on Security experts determine security perimeters and cri-cality (1-5) based on answers 14
15 Empirical Measures Does it saves -me? Does it correctly iden-fy perimeters? That s not obvious à the actual ques-ons makes a huge difference If change owners don t understand ques4ons they are call back the security team to answer If you ask wrong ques4ons Change owner may 4ck no security analysis needed Wilcoxon- test says yes Mean of Effort to Perform the Security Assessment High D05 D16 ISRM D17 D04 D08 D06 D09 C5 C1 D12 D03 D10 D18 High Medium D13 D20 D15 C2 C3 Medium D21 C4 Low D01 D14 Medium Low D11 D22 D19 D07 DEPT ANALYSIS IMPACT Factors 15
16 Key Takeaways (Security) Triage determines which requests get high quality Assessment and which ones default one (Security) Survey background for decision (avoid overkilling and underes4ma4ng) providing template assessment dynamically updated ader each change requests It empirically works! And can be adopted on every change requests Pilot: from days/request à 5 days/request and shrinking 16
17 Grazie per l attenzione! Poste Italiane S&T htp:// DistreTo Cybersecurity ú htp:// University of Trento - Security htp://securitylab.disi.unitn.it Fabio.Massacci@unitn.it Seconomics Project ú htp:// 17
Le sfide per il Sistema della Ricerca Trentino nell ambito della gestione dell Identità Digitale
Le sfide per il Sistema della Ricerca Trentino nell ambito della gestione dell Identità Digitale Alessandro Armando Security & Trust Research Unit Fondazione Bruno Kessler Identità Digitale: il ruolo della
More informationRisks and Countermeasures in the Public Cloud
Risks and Countermeasures in the Public Cloud Alessandro Vallega fond member of AIEA Security Business Development, Oracle Italy Oracle Community for Security Director Clusit Board of Directors Paragliding
More informationCyber Risk Management with COBIT 5
Cyber Risk Management with COBIT 5 Marco Salvato CISA, CISM, CGEIT, CRISC, COBIT 5 Approved Trainer 1 Agenda Common definition of Cyber Risk and related topics Differences between Cyber Security and IS
More informationClient Side Cross Site Scripting
Client Side Cross Site Scripting 1 Client Side Cross Site Scripting CLIENT SIDE XSS - DI PAOLA 2 Soluzioni e sicurezza per applicazioni mobile e payments Consorzio Triveneto, azienda leader nei sistemi
More informationSan Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP
Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO
More informationSerialization and Good Distribution Practices: Regulatory Impacts, Opportunities and Criticalities for Manufacturers and Drugs Distribution Chain
Serialization and Good Distribution Practices: Regulatory Impacts, Opportunities and Criticalities for Manufacturers and Drugs Distribution Chain INTRODUCTION ISPE Italian Affiliate Bologna, April 17th
More informationUn esperienza di successo IDEAS: il progetto Advanced Grant MULTITHERMAN
Un esperienza di successo IDEAS: il progetto Advanced Grant MULTITHERMAN Prof. Luca Benini -DEIS Bologna, 24 settembre 2012 Materiale riservato Alma Mater Studiorum Università di Bologna Deciding to try
More informatione INTESA: L'uso di sistemi italiani di telemedicina e loro Integrazione nel Sistema Sanitario Nazionale" L. Guerriero e R. Bedini
"ermete e INTESA: L'uso di sistemi italiani di telemedicina e loro Integrazione nel Sistema Sanitario Nazionale" L. Guerriero e R. Bedini Istituto di Fisiologia Clinica CNR, Pisa e-rmete Progetto e-r.me.te.
More informationNIST Email Security Improvements. William C. Barker and Scott Rose October 22, 2015 M3AAWG 35 th General Meeting
NIST Email Security Improvements William C. Barker and Scott Rose October 22, 2015 M3AAWG 35 th General Meeting Presenters Scott Rose Computer Scientist, NIST ITL William (Curt) Barker Guest Researcher,
More informationThe Different Types of Engineering Field Development Programs
DEHEMS project Description of the Professional Domains ENGINEERING Country: Italy 1 1 Which study fields/study areas are covered by this professional domain? The engineering professional domain is related
More informationThink like an MBA not a CISSP
Think like an MBA not a CISSP Embracing University Culture to Achieve Security Initiatives' Matt Malone Security Services Director 512-650-0179 Matt.Malone@SLAITconsulting.com Goals Security is a business
More information24 novembre 2014. Relatrici: Monica Proto e Carmela Cornacchia CNR-IMAA. Sportello APRE Basilicata/TeRN
BANDI DI INTERESSE in H2020 (SC2) 24 novembre 2014 Relatrici: Monica Proto e Carmela Cornacchia CNR-IMAA Sportello APRE Basilicata/TeRN Food security, sustainable agriculture and forestry, marine and maritime
More informationAPC-Pro sa Computer Service
Configuring, Managing and Troubleshooting Microsoft Exchange Service Pack 2 (10135B) Durata: 5 giorni Orario: 8:30 12:00 / 13:30-17.00 Costo per persona: CHF 1 900.-- (Min. 5 partecipanti) Obiettivi di
More informationPoste Italiane ICT Measurement
Poste Italiane ICT Measurement Paolo Baldelli DCPT Process and Technologies Central Department Poste Italiane S.p.A. 1 Direzione Centrale Processi e Tecnologie Agenda! Poste Italiane : the Company and
More informationInformation and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework
Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework Don t screw with my chain, dude! Jon Boyens Computer Security Division IT Laboratory November
More informationHow Do You Secure An Environment Without a Perimeter?
How Do You Secure An Environment Without a Perimeter? Using Emerging Technology Processes to Support InfoSec Efforts in an Agile Data Center PTC Briefing January 18, 2015 About the Presenters CHARLA GRIFFY-BROWN
More informationGuide: How to fill out your Enrollment Application form for Master Degree courses
Guide: How to fill out your Enrollment Application form for Master Degree courses This guide is meant to help you fill out your enrollment application form for Master Degree courses Laurea Magistrale.
More informationscale per l arredamento d interni stairs for interior design www.scalainteriors.com
scale per l arredamento d interni stairs for interior design www.scalainteriors.com scale per l arredamento d interni stairs for interior design www.scalainteriors.com Collezione Scala. Una varietà di
More informationCybersecurity@RTD Program Overview and 2015 Outlook
Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration
More informationCALL FOR PROPOSAL. 5. For the purposes of this call for proposals, the following definitions apply:
Article 1 Subject Matter and Definitions CALL FOR PROPOSAL 1. The SIR Programme (Scientific Independence of young Researchers) is designed to support young researchers in the early stage of their independent
More informationBuilding an Effec.ve Cloud Security Program
Building an Effec.ve Cloud Security Program Laura Posey Senior Security Strategist, Microso3 Corpora6on Co- Chair, CSA CAIQ Programming Chair, NY Metro CSA Chapter Is Cloud worth it? Yes! Pla?orm for Innova.on
More informationThe new OWASP standard for the Web Application Penetration Testing
Application Security: internet, mobile ed oltre The new OWASP standard for the Web Application Penetration Testing Matteo Meucci Venezia, 3 October 2014 1 Application Security: internet, mobile ed oltre
More informationHIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC What cons?tutes PHI? HIPAA provides a list of 18 iden?fiers that cons?tute PHI. Any one of these iden?fiers
More informationICT PSP: regole e consigli per la partecipazione
ICT PSP: regole e consigli per la partecipazione Iacopo De Angelis NCP ICT PSP APRE APRE Chi è Centro di ricerca no-profit, creato nel 1990 con il patrocinio del Ministero della Ricerca e della Commissione
More information70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network (Corso MS-2823)
70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network (Corso MS-2823) A chi si rivolge: amministratori di sistemi o ingegneri di sistemi che dispongono delle competenze
More informationThe Open Archive at the University of Verona. Maria Gabaldo May 26, 2011
The Open Archive at the University of Verona Maria Gabaldo May 26, 2011 My Research Office Research Office Organisation Direction and Coordination UNIT 1: National and International PhD Office UNIT 3:
More informationBUILD YOUR CYBERSECURITY SKILLS WITH NRB
BUILD YOUR CYBERSECURITY SKILLS WITH NRB BECOME A PECB CERTIFIED ISO 27001 AUDITOR OR INSTRUCTOR NRB established a partnership with the Professional Evaluation and Certification Board (PECB) to enrich
More informationSicurezza Data Center 22 giugno 2015. Fabio Paravani Regional Account Manager
Sicurezza Data Center 22 giugno 2015 Fabio Paravani Regional Account Manager A world safe for exchanging digital information CEO Founded Headquarters Employees Offices 2012 Sales Eva Chen 1988, United
More informationE U R O P E A N C U R R I C U L U M V I T A E F O R M A T PERSONAL INFORMATION
E U R O P E A N C U R R I C U L U M V I T A E F O R M A T PERSONAL INFORMATION Name Address Telephone Luca Nocco Via Agostini Della Seta, 8, Pisa (56121), Italy. + 39 050 981407 (ab.) + 39 347 7823875
More informationLa soluzione Vmware View per l End User Computing (EUC) Alan Calegari System Engineer & Pre-Sales Specialist
La soluzione Vmware View per l End User Computing (EUC) Alan Calegari System Engineer & Pre-Sales Specialist Il Cloud sta cambiando gli ambienti informatici Data Apps Computing Public Cloud Data Apps Computing
More informationIntegrazione di un ERP in un Sistema Informatico esistente. [3] S. Shankarnarayanan: "ERP Systems -- Using IT to gain a competitive advantage"
7. BIBLIOGRAFIA [1] I. Jacobson: "The Object Advantage Business Process Reingeneering with Object Tecnology" - Addison Wesley, 1995 [2] Sudhakar Ram: "Enterprise Resource Planning" http://www.expressindia.com/newads/bsl/plan.htm
More informationTutta la formazione che cerchi, su misura per te.
Implementing and Administering Internet Information Services (IIS) 6.0 MOC2576-3 Giorni - 1.190.000 + iva Prerequisiti Almeno due anni di esperienza nell amministrazione di sistemi basati su Windows Servers:
More informationHow To Protect Poste Italiane From Cyber Crime
Mobile Application VERIfication Cluster Platform Computer Emergency Response Team of Poste Italiane ESSoS 15 - Engineering Secure Software and Systems March 4-6, 2015 Milan, Italy Authors Poste Italiane
More informationHow To Get A Grant From The European Research Fund
Marie Skłodowska Curie Individual Fellowships Scientific Research and Technological Transfer Division University of Trento May 29 th 2014 DSRSTT PROGRAMMA 9.30-10.00 Principali caratteristiche bandi Marie
More informationEnterprise Risk Management: Strategie e Soluzioni a confronto
Enterprise Risk Management: Strategie e Soluzioni a confronto - Milano 25 Settembre 2008 Fabio Battelli, CISSP, CISA Practice Manager - Advisory Services Symantec Consulting Services Symantec Global Services
More informationCompliance Applicata. Milano, 7 febbraio 2007. Dr. Jean Paul Ballerini Sr. Technology Solutions Expert
Compliance Applicata Milano, 7 febbraio 2007 Dr. Jean Paul Ballerini Sr. Technology Solutions Expert Legislazione e Normative Terrorism Act 2000 Sarbanes Oxley Act FSA CMA HIPAA Here is another one Obscene
More informationstudio di architettura progettazione e design FilipponiArchitettura
Filipponi Architecture s Studio, based in Rome, operates since 1957 in trade of building, renovation and interior decoration and. To combine different experiences and to ensure the best production process,
More informationWebsense TRITON. Ferdinando Mancini Sr. Sales Engineer
Websense TRITON Raggiungere un elevato livello di integrazione di soluzioni e piattaforme grazie ad una nuova ed unica suite dedicata alla sicurezza dei contenuti Ferdinando Mancini Sr. Sales Engineer
More informationCC Security : European contribute?
CC Security : European contribute? Security : critical Cloud World CERT - "Computer Emergency Response Team" What cloud is not! A new paradigm not a new technology Not a product nor a system... rather
More informationWSECU Cyber Security Journey. David Luchtel VP IT Infrastructure & Opera:ons
WSECU Cyber Security Journey David Luchtel VP IT Infrastructure & Opera:ons Objec:ve of Presenta:on Share WSECU s journey Overview of WSECU s Security Program approach Overview of WSECU s self- assessment
More informationThe B2G electronic invoicing in Italy 1 year later
July 2015 The B2G electronic invoicing in Italy 1 year later Dr Umberto Zanini www.umbertozanini.com @umbertozanini Copyright 2015 Umberto Zanini Implementation timescales 6 June 2013 6 December 2013 6
More informationCorso: Administering Microsoft SQL Server 2012 Databases Codice PCSNET: MSQ2-1 Cod. Vendor: 10775 Durata: 5
Corso: Administering Microsoft SQL Server 2012 Databases Codice PCSNET: MSQ2-1 Cod. Vendor: 10775 Durata: 5 Obiettivi Pianificare e installare SQL Server. Descrive i database di sistema, la struttura fisica
More informationInterna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES
Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Agenda Importance of Common Cloud Standards Outline current work undertaken Define
More informationHow To Protect Virtualized Data From Security Threats
S24 Virtualiza.on Security from the Auditor Perspec.ve Rob Clyde, CEO, Adap.ve Compu.ng; former CTO, Symantec David Lu, Senior Product Manager, Trend Micro Hemma Prafullchandra, CTO/SVP Products, HyTrust
More informationTelecom Italia - Nuovo Portale Fornitori. Operation Manual for Self-registration. New Suppliers Portal. Self-registration Guide 07/11/2011
New Suppliers Portal Self-registration Guide 07/11/2011 Stato del documento revision e data sintesi dei cambiamenti (approvato da) V1.0 24/06/11 Prima versione Sintesi dei cambiamenti lista dei principali
More informationPCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1
PCI Policy Compliance Using Information Security Policies Made Easy PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy By David J Lineman
More informationPayment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment
Payment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment Retail establishments have always been a favorite target of thieves and shoplifters, but today s worst criminals
More informationREST (Representa.onal State Transfer) Ingegneria del So-ware e Lab. Università di Modena e Reggio Emilia Do<. Marzio Franzini
REST (Representa.onal State Transfer) Ingegneria del So-ware e Lab. Università di Modena e Reggio Emilia Do
More informationCorso: Mastering Microsoft Project 2010 Codice PCSNET: MSPJ-11 Cod. Vendor: 50413 Durata: 3
Corso: Mastering Microsoft Project 2010 Codice PCSNET: MSPJ-11 Cod. Vendor: 50413 Durata: 3 Obiettivi Comprendere la disciplina del project management in quanto si applica all'utilizzo di Project. Apprendere
More informationIntelligent Motorola Portable Radio Energy System
IMPRES Smart Energy System Intelligent Motorola Portable Radio Energy System IMPRES Marketing Presentation IMPRES Battery - Intelligent Date produzione batteria Data inizio primo uso IMPRES Numero di carica
More informationCorso: Microsoft Project Server 2010 Technical Boot Camp Codice PCSNET: AAAA-0 Cod. Vendor: - Durata: 5
Corso: Microsoft Project Server 2010 Technical Boot Camp Codice PCSNET: AAAA-0 Cod. Vendor: - Durata: 5 Obiettivi Comprendere la terminologia Project Server e i componenti principali del sistema Descrivere
More informationMilano (Italia) Light Nova Lighting
Milano (Italia) Light Nova Lighting Light Nova is one of Neri s most innovative products in terms of lighting performance and design. Designed by our team and tested in our labs, it combines a vintage
More informationLA FILIERA SW DEL DISTRETTO HIGH TECH le Aziende presentano i loro prodotti e progetti
LA FILIERA SW DEL DISTRETTO HIGH TECH le Aziende presentano i loro prodotti e progetti Valorizzare le sinergie della rete per creare valore aggiunto 15 Aprile 2014 APA Confartigianato Monza Flavio VENTRE
More informationEvento di apertura dell edizione edizione 2006
IeLM * International elearning Master Evento di apertura dell edizione edizione 2006 Roma, Sala Conferenze - CNIPA, 6 aprile 2006 IeLM - Patrocini e sponsor CNIPA e MIT: patrocinio MIUR: supporto per l
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationMilano (Italia) Light Nova Lighting
Milano (Italia) Light Nova Lighting Light Nova is one of Neri s most innovative products in terms of lighting performance and design. Designed by our team and tested in our labs, it combines a vintage
More informationICT OPERATING SYSTEM SECURITY CONTROLS POLICY
ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...
More informationThe following symbols are used in the tables: the event exists, but some figures are unknown for whatever reason.
General instructions Conventional symbols The following symbols are used in the tables: Line (-) a) the event does not exist; b) the event exists and is measured, but no cases have been recorded. Three
More informationProcedure deliberative per il compimento di operazioni con soggetti collegati
COMMENTS TO THE DISCUSSION PAPER OF THE BANK OF ITALY S DISPOSIZIONI DI VIGILANZA PRUDENZIALE PER LE BANCHE SISTEMA DEI CONTROLLI INTERNI, SISTEMA INFORMATIVO E CONTINUITÀ OPERATIVA Deutsche Bank SpA Procedure
More informationUSER GUIDE BIOFUEL PRODUCERS
USER GUIDE BIOFUEL PRODUCERS Application used to fill out and submit applications for the accreditation of "favored" biofuel production plants - Decree of the Minister for Economic Development dated February
More informationWorkshop on: Efficient service distribution in next generation cloud networks
Tuesday 10 February 2015, Time:9-13.00 Room SOFTEL, Floor I, Ed. 3/A DIETI - Via Claudio, 21 NAPOLI Workshop on: Efficient service distribution in next generation cloud networks Schedule 9 am -10 am Dr.
More informationTecnologia e Applicazioni Internet 2008/9
Tecnologia e Applicazioni Internet 2008/9 Lezione 4 - Rest Matteo Vaccari http://matteo.vaccari.name/ matteo.vaccari@uninsubria.it What is REST? Roy Fielding Representational State Transfer Roy T. Fielding
More informationSAP FORUM 2014 Hana Cloud Portal: Il cloud come ti serve
SAP FORUM 2014 Hana Cloud Portal: Il cloud come ti serve Dario Tripolisi Milano, 30/10/2014 Agenda Altevie Technologies Progetto «Pirelli Hana Cloud Portal» La piattaforma Cloud SAP SuccessFactors Extension
More informationReport Book: Retina Network Security Scanner Unlimited
REPORT BOOK Report Book: Retina Network Security Scanner Unlimited Version 5.20 January 2015 1 Table of Contents Retina Network Security Scanner Unlimited... 3 Report Title: Remediation Report... 3 Report
More information10 Steps to Preparedness
10 Steps to Preparedness Key Take- Aways Review basics of disaster recovery and con2nuity of opera2ons. Understand what you can do to prepare your pool and its members for an unplanned interrup2on. Ini2ate
More informationGovern IT! Possible ways for R+D+i on Computer and Management Sciences, together
Govern IT! Possible ways for R+D+i on Computer and Management Sciences, together Professor Carlos Juiz Universitat de les Illes Balears UIB, Spain Industrial experience Programmer TUI (1989-90), Systems
More informationIT Change Management Process Training
IT Change Management Process Training Before you begin: This course was prepared for all IT professionals with the goal of promo9ng awareness of the process. Those taking this course will have varied knowledge
More informationBelgrade 12 December 2011. Luke Brucato Manager CRIF Certification Services l.brucato@crif.com
Belgrade 12 December 2011 Luke Brucato Manager CRIF Certification Services l.brucato@crif.com Agenda Why does property valuation matter? The EC Mortgage Credit Directive Proposal impact on the bank What
More informationIntroduction to Information Security Management
Introduction to Information Security Management CIS 8080 Security and Privacy of Information and Information Systems Richard Baskerville Georgia State University 1 Principles Information Security Management
More informationIndustrial Control Systems Security. Denny Gregianin_Sales Area Manager
Industrial Control Systems Security Denny Gregianin_Sales Area Manager VEM in Numbers 5 29 170 800 495 5000 Dipendenti e Fatturato Design & Delivery NOC SOC HR & Quality Operations Custom Application Development
More informationVendor Management Panel Discussion. Managing 3 rd Party Risk
Vendor Management Panel Discussion Managing 3 rd Party Risk Vendor Risk at its Finest Vendor Risk at its Finest CVS Care Mark Corporation announced that it had mistakenly sent letters to approximately
More informationKEY TRENDS AND DRIVERS OF SECURITY
CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures
More informationAPC-Pro sa Computer Service
Configuring, Managing and Maintaining Windows Server 2008-based Servers (6419B) Durata: 5 giorni Orario: 8:30 12:00 / 13:30-17.00 Costo per persona: CHF 1 900.-- (Min. 5 partecipanti) Obiettivi di formazione
More informationOver 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls
More informationDBA Group Srl Web Based Applications & Software Solutions
DBA Group Srl Web Based Applications & Software Solutions About DBA Group DBA GROUP DBA Group Srl is a holding company based in Italy consisting of enterprises operating in Civil Engineering, Plant Design,
More informationHIPAA Basics. Health Insurance Portability and Accountability Act of 1996
HIPAA Basics Health Insurance Portability and Accountability Act of 1996 HIPAA: What Is HIPAA? Protects the privacy of healthcare informa@on for all Americans, including the individuals you support Protects
More informationLegacy Archiving How many lights do you leave on? September 14 th, 2015
Legacy Archiving How many lights do you leave on? September 14 th, 2015 1 Introductions Wendy Laposata, Himforma(cs Tom Chase, Cone Health 2 About Cone Health More than 100 loca=ons 6 hospitals, 3 ambulatory
More informationDall Information Security alla Cyber Security, e ritorno
Dall Information Security alla Cyber Security, e ritorno (Come migliorare la sicurezza dell azienda attraverso un efficace governo degli incidenti) Luca Bechelli (CLUSIT) Marco Di Leo (HP) Fabio Vernacotola
More informationHawaii s Phased Plan for Alignment and Implementa7on of NGA s A Call to Ac-on for Cybersecurity
Hawaii s Phased Plan for Alignment and Implementa7on of NGA s A Call to Ac-on for Cybersecurity Sanjeev Sonny Bhagowalia Governor s Chief Advisor on Technology and Cybersecurity State of Hawaii 11 Defini7on:
More informationLa ricerca Socio-Economica e Umanistica in Horizon 2020
La ricerca Socio-Economica e Umanistica in Horizon 2020 Monique Longo, APRE NCP SocietalChallenge 6 Europein a changingworld Inclusive, Innovative and Reflective Societies [MISSION] Content Horizon 2020:
More informationTHE FIVE NEW PCI COMPLIANCE RULES YOU NEED TO KNOW
THE FIVE NEW PCI COMPLIANCE RULES YOU NEED TO KNOW By Stephen Cobb, ESET senior security researcher. If your business accepts credit or debit cards, then you know that PCI DSS stands for Payment Card Industry
More informationHarmonizing Your Compliance and Security Objectives. Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology
Harmonizing Your Compliance and Security Objectives Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology Make sure efforts serve multiple purposes Use standards to guide effort Repeatable
More informationWorkshop on: Efficient service distribution in next generation cloud networks
Tuesday 10 February 2015, Time:9-13.00 Room SOFTEL, Floor I, Ed. 3/A DIETI - Via Claudio, 21 NAPOLI Workshop on: Efficient service distribution in next generation cloud networks Schedule 9 am -10 am Dr.
More informationPut the Magic in Your Email Marke4ng
Put the Magic in Your Email Marke4ng April 8, 2015 Michelle Novak mnovak@presslaff.com Your Inland Wizards Put the Magic in Your Email Marke4ng Stop blas9ng messages and start crea9ng compelling engaging
More informationPCI VERSION 2.0 AND RISK MANAGEMENT. Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management
PCI VERSION 2.0 AND RISK MANAGEMENT Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management Objec&ve: Protect cardholder data (CHD) wherever it resides Applica&on: All card
More informationISWA Main Sponsors: David Newman. President of ISWA. Reflections on The Circular Economy
ISWA Main Sponsors: David Newman President of ISWA Reflections on The Circular Economy Energy, limited resources? It s about costs and emissions, not supplies Limited primary resources? Pulp prices 2008-2013
More informationInternetworking II: MPLS, Security, and Traffic Engineering
Internetworking II: MPLS, Security, and Traffic Engineering 3035/GZ01 Networked Systems Kyle Jamieson Department of Computer Science University College London Last Fme: Internetworking IP interconnects
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity January 2016 cyberframework@nist.gov Improving Critical Infrastructure Cybersecurity It is the policy of the United States to enhance the security
More informationDal PDM al PLM, architettura tradizionale e piattaforma Cloud : l'integrazione facilitata dalla nuova tecnologia
Dal PDM al PLM, architettura tradizionale e piattaforma Cloud : l'integrazione facilitata dalla nuova tecnologia Riccardo Ceccanti Sales Manager Man and Machine Software Srl Di cosa parleremo: Man and
More informationInformation Security and Risk Management
Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management
More informationAlberto Meneghini! Security Leader, IBM Italia! IBM Security. 2015 IBM Corporation. 12015 IBM Corporation
Alberto Meneghini! Security Leader, IBM Italia! 12015 IBM Corporation Esistono istituzioni finanziarie che sanno cosa significa essere attaccate ed altre che neppure lo immaginano. In quale vi riconoscete?!
More informationRe: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )
10 October 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Experience with the Framework for Improving Critical Infrastructure
More informationLogInspect 5 Product Features Robust. Dynamic. Unparalleled.
LogInspect 5 Product Features Robust. Dynamic. Unparalleled. Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics, eg: Top 10
More informationNext Step Publishing. Federico Ruberti Fake Press. Roma, 7 dicembre 2010, Digital Cafè, Più libri più liberi 2010.
Next Step Publishing Federico Ruberti Fake Press Roma, 7 dicembre 2010, Digital Cafè, Più libri più liberi 2010. Fake Press Think-tank italiano e internazionale che investiga, sviluppa e realizza modelli
More information1 Actuate Corpora-on 2013. Big Data Business Analy/cs
1 Big Data Business Analy/cs Introducing BIRT Analy3cs Provides analysts and business users with advanced visual data discovery and predictive analytics to make better, more timely decisions in the age
More informationFLAVIO D ANNUNZIO Digital for Business
ITALIAN ORPHAN DRUGS DAY Venerdì 13 febbraio 2015 Sala conferenze Digital for Business - Sesto San Giovanni (MI) FLAVIO D ANNUNZIO Digital for Business www.digitalforacademy.com Find the Patients, Drive
More informationThe SANGRO-AVENTINO AREA: A TERRITORY ON THE MOVE
The SANGRO-AVENTINO AREA: A TERRITORY ON THE MOVE Carlo Ricci Sangro-Aventino Development Agency October 2012 Azioni Sperimentali di Sviluppo ed Internazionalizzazione ASSI 1 WERE WE ARE The Adriatic sea
More informationTrends in Information Technology (IT) Auditing
Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan
More informationLa Qualità dietro lo sportello: metodi, strumenti e tecnologie
1 La Qualità dietro lo sportello: metodi, strumenti e tecnologie Dr.ssa Paola Pizzi U.O. Collaudo e Certificazione Sessione di Studio AIEA, Verona, 25 novembre 2005 Poste Italiane Group Group s Profile
More information