The network attached devices inventory as required by the Italian requirement of “Minimal measures for ICT security” and EU “General Data Protection Regulation”

The paper deals with implementation and management of software tools used for the inventory of all authorized and unauthorized devices in the University. The inventory of all active resources, as well as of both all the systems connected to the network and of the devices themselves, is implemented automatically using the SpiceWorks platform. The networks scanned are those of the systems, of the active network devices and of the active equipment of the data center, which are located in various University buildings. Our approach is an integrated approach, who provide us the ability to manage in unified mode different requirements provided by different laws and authority. The work describes the analysis of the different requirements of Regulation (EU) 2016/679, as well as of the Standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013, and also, the Italian legislation on ICT Minimum Measures for Public Administration (which is directly derived from the “CIS Critical Controls for Effective Cyber Defense” version 6 of the 2015). Therefore, it describes how to integrate these requirements in the University’s Information Security Management System, to manage them, in a coherent and centralized way.