- Governance Risk & Compliance: Our GRC activities focus on review of security systems also covering governance aspects, identification of architecture changes and necessary upgrades, advisory Compliance with major international standards and regulations (ISO-IEC, ISA-IEC, NIST, CMMC, etc.), management systems, certification of services and products.
- Cyber Risk Quantification: The activities performed within the context of Cyber Risk Quantification aimed to assess the cyber security level of the company using the most up-to-date industry benchmarks. The activities performed by RINA Cyber aim at assessing the cyber posture of our customers through the use of market-leading tools to assess and quantify the level of cyber risk to which the company is subject (Cyber Risk Quantification). The cyber security level identified is intended to direct and prioritise strategic choices in order to reduce the overall risk to which the company is exposed.
- Cyber Technologies: Provision, installation and configuration of the most suitable technological solution for the attack attempts detection, performing real-time protection and implementing continuous security monitoring, which is important to enable organisations to continuously assess their overall security status.
- Offensive Security IT & OT: Testing the resilience to incidents and hacker attack attempts through perimeter analysis, vulnerability assessment, identification of attack vectors and possible entry points into the perimeter, testing the exploitability of vulnerabilities according to precise rules of engagement. We operate on both traditional IT systems and industrial Operational Technology (OT) systems.
- HOLOS: HOLOS is the tool developed by RINA Cyber that helps companies and organizations across many business fields to integrate relevant information for measuring and reducing digital risks. Our approach is aimed to support and simplify the decision-making process in order to protect the assets of your company.
- Client: Italian Central Bank
- Location: Rome
We are providing comprehensive support to Banca d’Italia in the specialized area of Security Information and Event Management (SIEM) by leveraging Splunk, a market-leading technology in
this domain. Within the framework of Banca d’Italia’s complex IT environment, our SIEM system is designed to efficiently manage an immense data load of 600 GB per day and up to 50,000 events
per second (EPS). The primary objective of this crucial project is the deployment of Splunk Enterprise Security. This is an advanced, analytics-driven SIEM platform engineered to facilitate rapid detection of security threats and enable immediate response measures. The implementation aims to fortify the bank’s cybersecurity infrastructure, thereby ensuring that it can effectively counteract evolving security challenges.
- Client: International Steel Maker
- Location: Emirates
We have supported the Steel Maker in the following areas:
- Conducting an assessment of the security posture for their Operational Technology (OT) plants, industrial architectures, and processes that have already been deployed and enforced. This assessment is aligned with ISA/IEC 62443 requirements and controls
- Identifying key issues and vulnerabilities within the OT processes, as well as areas requiring heightened focus and improvement from an Information Security perspective, in accordance with ISO 27001 standards
- Client: Luxury Yachts player
- Location: Italy
For a prominent player in the luxury yacht market, we have implemented a specialized offering known as HOLOS CTI, a Cyber Threat Intelligence service. This service is meticulously designed to perform an in-depth analysis utilizing Open Source Intelligence (OSINT). The primary objective is to identify and evaluate potential threats and vulnerabilities associated with the organization’s
assets, employees, and stakeholders. In the cybersecurity domain, OSINT serves as a crucial element of ‘Threat Intelligence.’ It involves the collection of data from publicly accessible sources that can shed light on specific targets, such as a company, a domain, or an individual. The ultimate goal is to pinpoint information in the public domain that could pose a risk to the organization’s security posture. This initiative underscores the service’s relevance and applicability, not just in the general corporate landscape, but also in highly specialized sectors like luxury yachts.
