The recent changes in the Italian and European regulatory framework to the benefit of the creation of a real European Security Framework represent a challenge for public administrations that, being subjected to multiple requests from different sources, risk focusing on detail, losing the more general and long-range vision of the so-called “security” process. And implementing all the most suitable actions to guarantee cyber security is now inevitable in a hyperhistorical society completely dependent on the specific information content and ICT in general. The University of Camerino, which has always been attentive to the processes of security and protection of personal data, has for years adopted a holistic vision of cyber-security issues that has allowed it to manage the change in progress, including a redesign of the services provided by the University. More recently (2012) this approach has enabled the organisation to achieve ISO/IEC 27001:2013 certification. Today, the University intends to relaunch the process of change management by proposing an innovative approach with which the security requirements deriving from the various regulatory requirements are managed in an unambiguous way by integrating them into the ISMS and in the renewed process of analysis and risk management at its base. In addition, the University also provides to increase the strategic importance of ISMS by bringing it to direct approval of its governance.

The risk analysis as a unified approach to satisfy GDPR, NIS Directive and ISO 27001 requirements

ciclosi francesco;GENTILI, Gian Paolo;RAPPI, Giampaolo;belfiore amedeo
2018-01-01

Abstract

The recent changes in the Italian and European regulatory framework to the benefit of the creation of a real European Security Framework represent a challenge for public administrations that, being subjected to multiple requests from different sources, risk focusing on detail, losing the more general and long-range vision of the so-called “security” process. And implementing all the most suitable actions to guarantee cyber security is now inevitable in a hyperhistorical society completely dependent on the specific information content and ICT in general. The University of Camerino, which has always been attentive to the processes of security and protection of personal data, has for years adopted a holistic vision of cyber-security issues that has allowed it to manage the change in progress, including a redesign of the services provided by the University. More recently (2012) this approach has enabled the organisation to achieve ISO/IEC 27001:2013 certification. Today, the University intends to relaunch the process of change management by proposing an innovative approach with which the security requirements deriving from the various regulatory requirements are managed in an unambiguous way by integrating them into the ISMS and in the renewed process of analysis and risk management at its base. In addition, the University also provides to increase the strategic importance of ISMS by bringing it to direct approval of its governance.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11581/408250
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact