Mitigation strategies to counteract cyber threats, taking into account information security, network security and end user education
Digital technologies and the Internet are the backbone of our society and economy. Information systems can be affected by incidents such as human mistakes, failures or malicious attacks that are becoming bigger, more frequent and more complex.
The potential risks go far beyond the perceived threats in everyday personal computing and online banking. These are challenges that cyber criminals are exploiting and so tackling the threat of attacks is of paramount importance.
Cybersecurity threats should not be viewed as problems that can be completely resolved, but rather as risks that must be managed and mitigated considering the fast evolution of ICT technology and its different modes of use.
RINA supports clients in evaluating the business impact of cyber threats, protecting assets, preventing attacks and mitigating risk, with the ultimate purpose of creating a cyber resilient culture across their organization, quitting with the traditional approach of simply “buying technology for being protected”.
The mitigation strategy we propose to counteract cyber threats is based on these key elements:
The activity is carried out in accordance with the RINA governance model, which safeguards impartiality and prevents conflict of interest situations.
Our value proposition is based upon the following steps:
- Security governance alignment with organization’s business strategy
- compliance with security legislation, focalize investments, cost-effective measures, resources’ optimization and value delivery
- establishment or improvement of a comprehensive risk management process aiming to identify risky areas and prioritize interventions.
-Design of secure products, services and processes from the requirements specification to the certification
- technical advisory for the development and deploy of secure systems, as well as process establishment
- security-related services to monitor and improve cybersecurity aspects
- improve IT/OT resilience to cyber incidents by means of properly designed processes and procedures
- establish always ongoing cybersecurity processes to identify emerging risks, also with reference to organization’s changes
- requirement definition, verification & validation, security evaluation process according to international schemes, security technology scouting and procurement
- vulnerabilities assessment, penetration tests, training and awareness campaigns
- change management, cyber threat intelligence, supply chain audits.
- SIEM (Security Information and Event Management)
- SOC (Security Operations Center)
- CIRT (Cyber Incident Response Team)
- CERT (Computer Emergency Response Team).
- Technical advisory services for the identification and analysis of digital evidences to be used for legal purposes
- identify root causes of specific incidents, eradicate the causes, gather information to prevent them to happening again
- identify useful information that might be found in evidence, preserve such information along a chain of custody, analyze and interpret the information to obtain a clear demonstration.
- Identification of areas of risk within the Business Impact Analysis, customer contracts, SLAs and regulatory compliance that are involved in the insurance coverage definition
- insurance companies: identification of evidences to define the insurance risk and fee
- insured companies: support to the insurance process and preparation of package for insurance claim
- definition of a proper risk treatment plan which identifies residual risks that could be transferred to insurance companies.
1
There’s a hacker attack every 39 seconds on average
2
Global organisations suffered +7% of severe cyber-attacks in 2020
3
2,90M € average cost of a single data breach for Italian companies
4
Global ransomware damage costs are projected to +€18B by 2021
