Cyber and communication security

Cyber security and communication security are two disciplines that have to be taken into account when managing and controlling the risk of unwanted access to information involving ICT systems. These problems cannot be completely solved, but they can be successfully mitigated and managed.
Information systems can be affected by human mistakes, failures or malicious attacks, which are becoming bigger, more frequent and more complex. All these aspects must be taken into account in a security risk assessment that aims to reduce the risks connected to cyber threats.

Regulatory focus

In January 2012, the European Commission proposed a comprehensive reform of data protection rules in the EU with the objective to give back control of personal data to citizens. 
The EU’s General Data Protection Regulation (GDPR) and Network Information Security Directive (NISD) will affect almost every industry sector.  
GDP Regulation will require the execution of risk assessments and appropriate technical and governance actions to efficiently protect a company’s private data.  
NISD will have impact on organizations belonging to the energy, transport, banking, financial, health, drinking water and digital infrastructure sectors, stressing the adoption of a structured approach to system security, accident management, operational continuity and risk management.  

Deliverables

Our cyber security services for industrial customers and government organizations include:

• A security risk-based approach that considers the rapid evolution of ICT technology and threats and analyses potential construction and operational vulnerabilities that can be exploited by the identified threats
• A joint security and privacy design tailored to your needs and oriented to the minimization of impact on the organization and on your  technological context 
• Large and complex system assessment, through analysis and testing of embedded and mobile systems and complex service oriented applications, following International best practices (NIST, OWASP, CEH)
• Vulnerability Assessment and Penetration Testing (VAPT)
• Definition of operative environment and communication needs

The activity is carried out in accordance with the RINA governance model, which safeguards impartiality and prevents conflict of interest situations.

Focus on COMSEC

COMSEC – our main communication security service - takes into account crypto-security, transmission security and physical security of COMSEC equipment. COMSEC principles are usually adopted to protect both classified and unclassified information on military communication networks, including voice, video and data. These principles can also be applied to analog and digital civil applications, on both wired and wireless links.
COMSEC includes:

• Security assessment of telecommunication systems
• Support for the design of telecommunication rooms and protection of crypto devices
• Preparation of specifications, technical notes and drawings required for system acceptance and certification

Why RINA?

Since the late 90s, we have been operating as a security and cybersecurity consultant for industrial companies, critical infrastructure owners and critical infrastructure operators, providing support for security and cyber-security assessments, for the implementation of IT and cyber-security governance systems, for the design of security measures and for security engineering of complex systems’ certification and accreditation.
Our services for system developers, integrators and operators are based on a proposed mitigation strategy.

Q&A

Are you able to provide a comprehensive security risk assessment of my infrastructure?  
Of course, we are able to provide an assessment of your security organization, governance and technical measures.

How could you help me in improving my security governance?   
Our assessment provides a clear view of the gaps an organization has to bridge in order to improve its security posture including a cost-benefit analysis that guides the security gap solution’s design and development.