The paper deals with implementation and management of software tools used for the inventory of all authorized and unauthorized devices in the University. The inventory of all active resources, as well as of both all the systems connected to the network and of the devices themselves, is implemented automatically using the SpiceWorks platform. The networks scanned are those of the systems, of the active network devices and of the active equipment of the data center, which are located in various University buildings. Our approach is an integrated approach, who provide us the ability to manage in unified mode different requirements provided by different laws and authority. The work describes the analysis of the different requirements of Regulation (EU) 2016/679, as well as of the Standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013, and also, the Italian legislation on ICT Minimum Measures for Public Administration (which is directly derived from the “CIS Critical Controls for Effective Cyber Defense” version 6 of the 2015). Therefore, it describes how to integrate these requirements in the University’s Information Security Management System, to manage them, in a coherent and centralized way.

The network attached devices inventory as required by the Italian requirement of “Minimal measures for ICT security” and EU “General Data Protection Regulation”

francesco ciclosi;gian paolo gentili;giampaolo rappi;amedeo belfiore
2018-01-01

Abstract

The paper deals with implementation and management of software tools used for the inventory of all authorized and unauthorized devices in the University. The inventory of all active resources, as well as of both all the systems connected to the network and of the devices themselves, is implemented automatically using the SpiceWorks platform. The networks scanned are those of the systems, of the active network devices and of the active equipment of the data center, which are located in various University buildings. Our approach is an integrated approach, who provide us the ability to manage in unified mode different requirements provided by different laws and authority. The work describes the analysis of the different requirements of Regulation (EU) 2016/679, as well as of the Standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013, and also, the Italian legislation on ICT Minimum Measures for Public Administration (which is directly derived from the “CIS Critical Controls for Effective Cyber Defense” version 6 of the 2015). Therefore, it describes how to integrate these requirements in the University’s Information Security Management System, to manage them, in a coherent and centralized way.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11581/408248
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact