The recent changes in the Italian and European regulatory framework to the benefit of the creation of a real European Security Framework represent a challenge for public administrations that, being subjected to multiple requests from different sources, risk focusing on detail, losing the more general and long-range vision of the so-called “security” process. And implementing all the most suitable actions to guarantee cyber security is now inevitable in a hyperhistorical society completely dependent on the specific information content and ICT in general. The University of Camerino, which has always been attentive to the processes of security and protection of personal data, has for years adopted a holistic vision of cyber-security issues that has allowed it to manage the change in progress, including a redesign of the services provided by the University. More recently (2012) this approach has enabled the organisation to achieve ISO/IEC 27001:2013 certification. Today, the University intends to relaunch the process of change management by proposing an innovative approach with which the security requirements deriving from the various regulatory requirements are managed in an unambiguous way by integrating them into the ISMS and in the renewed process of analysis and risk management at its base. In addition, the University also provides to increase the strategic importance of ISMS by bringing it to direct approval of its governance.
The risk analysis as a unified approach to satisfy GDPR, NIS Directive and ISO 27001 requirements
ciclosi francesco;GENTILI, Gian Paolo;RAPPI, Giampaolo;belfiore amedeo
2018-01-01
Abstract
The recent changes in the Italian and European regulatory framework to the benefit of the creation of a real European Security Framework represent a challenge for public administrations that, being subjected to multiple requests from different sources, risk focusing on detail, losing the more general and long-range vision of the so-called “security” process. And implementing all the most suitable actions to guarantee cyber security is now inevitable in a hyperhistorical society completely dependent on the specific information content and ICT in general. The University of Camerino, which has always been attentive to the processes of security and protection of personal data, has for years adopted a holistic vision of cyber-security issues that has allowed it to manage the change in progress, including a redesign of the services provided by the University. More recently (2012) this approach has enabled the organisation to achieve ISO/IEC 27001:2013 certification. Today, the University intends to relaunch the process of change management by proposing an innovative approach with which the security requirements deriving from the various regulatory requirements are managed in an unambiguous way by integrating them into the ISMS and in the renewed process of analysis and risk management at its base. In addition, the University also provides to increase the strategic importance of ISMS by bringing it to direct approval of its governance.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
