Cyber security and communication security are two disciplines that have to be taken into account when managing and controlling the risk of unwanted access to information involving ICT systems. These problems cannot be completely solved, but they can be successfully mitigated and managed.
Information systems can be affected by human mistakes, failures or malicious attacks, which are becoming bigger, more frequent and more complex. All these aspects must be taken into account in a security risk assessment that aims to reduce the risks connected to cyber threats.
In January 2012, the European Commission proposed a comprehensive reform of data protection rules in the EU with the objective to give back control of personal data to citizens.
The EU’s General Data Protection Regulation (GDPR) and Network Information Security Directive (NISD) will affect almost every industry sector.
GDP Regulation will require the execution of risk assessments and appropriate technical and governance actions to efficiently protect a company’s private data.
NISD will have impact on organizations belonging to the energy, transport, banking, financial, health, drinking water and digital infrastructure sectors, stressing the adoption of a structured approach to system security, accident management, operational continuity and risk management.
Our cyber security services for industrial customers and government organizations include:
The activity is carried out in accordance with the RINA governance model, which safeguards impartiality and prevents conflict of interest situations.
COMSEC – our main communication security service - takes into account crypto-security, transmission security and physical security of COMSEC equipment. COMSEC principles are usually adopted to protect both classified and unclassified information on military communication networks, including voice, video and data. These principles can also be applied to analog and digital civil applications, on both wired and wireless links.
COMSEC includes:
Since the late 90s, we have been operating as a security and cybersecurity consultant for industrial companies, critical infrastructure owners and critical infrastructure operators, providing support for security and cyber-security assessments, for the implementation of IT and cyber-security governance systems, for the design of security measures and for security engineering of complex systems’ certification and accreditation.
Our services for system developers, integrators and operators are based on a proposed mitigation strategy.
Are you able to provide a comprehensive security risk assessment of my infrastructure?
Of course, we are able to provide an assessment of your security organization, governance and technical measures.
How could you help me in improving my security governance?
Our assessment provides a clear view of the gaps an organization has to bridge in order to improve its security posture including a cost-benefit analysis that guides the security gap solution’s design and development.