february, 2020
Event Details
Tutorial outline In the “2015 Italian Cybersecurity Report” [2] CIS Sapienza and CINI Cybersecurity National Lab proposed the National Cybersecurity Framework (Framework Nazionale per la Cybersecurity, FNCS), based on the NIST
more
Event Details
Tutorial outline
In the “2015 Italian Cybersecurity Report” [2] CIS Sapienza and CINI Cybersecurity National Lab proposed the National Cybersecurity Framework (Framework Nazionale per la Cybersecurity, FNCS), based on the NIST Framework for Improving Critical Infrastructure Cybersecurity [3].
FNCS expands NIST’s Framework to better adapt to the Italian landscape, extending its applicability to a wider range of organizations, ranging from market leaders and large organization to small and medium-sized enterprises. It also introduces the concept of “contextualization”, which is the way to tailor the Framework to the context of a specific organization. In 2019 a new version of the National Cybersecurity Framework has been issued, the National Cybersecurity and Data Protection Framework v 2.0 (FNCSDP) [1]
Nonetheless important aspects like data protection and data privacy were not comprehensively considered, due to a not complete view on the intersection between cybersecurity & data protection/privacy. The raising in importance of these two themes and the new steam produced by recent international regulations led the effort of producing a new version of the FNCS.
The Framework has been updated, aligning it with the new version of the NIST Framework (version 1.1) [4] and the evolved EU and Italian regulatory landscape.
Moreover, as a result of a joint work with the Italian Data Protection Authority <https://www.garanteprivacy.it>, the Framework has been further extended, encompassing data protection elements in its core, thus becoming the National Cybersecurity and Data Protection Framework (FNCSDP). Finally, a “template” for the creation of contextualizations which incorporates the EU General Data Protection Regulation (GDPR) < Regulation (EU) 2016/679> (GDPR Contextualization Template) has been proposed.
The tutorial will have the following structure
- Illustration of the characteristics and advantages of the new Framework for Cybersecurity and Data Protection, highlighting changes and improvements over the previous version, and introduction of its basic concepts.
- Discussion of the process a cybersecurity and data protection assessment in a generic organization using the framework, providing guidelines and best practices for a beginner audience.
- Introduction and discussion of the more advanced aspects of the framework, like the modeling of a regulation or technical standard through a “Contextualization Template”, a base for the creation of a contextualization that contains general and mandatory aspects to consider and must be expanded during the actual contextualization process considering the specificity of the organization on which is applied the FNCSDP, the strategies for combining different contextualization templates into a contextualization, and the metrics for evaluating the results of the assessment.
Intended audience
Expected attendants encompass people belonging to the following classes:
- Regulators, possibly interested in how the existing regulations are mapped and reported in model for managing the security and data protection governance.
- Security governance: interested in the evolution FNCS and the new concepts captured by the new core.
- Data Protection governance interested in the data protection concepts and processes and how they can be integrated in the already existing cyber-security governance processes.
Speakers Bio
Marco ANGELINI is a post-doctoral researcher in Engineering in Computer Science at University of Rome “La Sapienza”, Italy, Department of Computer, Control and Management Sciences & Engineering. He is a researcher in the Centre for Cyber-Intelligence and Security (CIS) of University of Rome “La Sapienza”, where he successfully participated the EU FP-7 project “PANOPTESEC”, providing automatic detection, management and reaction to cyber-threats for Critical Infrastructures. His main research interests include Visual analytics (the process of combining visualization of information, interaction by user and analytical computation for solving heavy computational problems) and Cyber-Security (focused on designing visual analytics solutions for cyber-defense of critical infrastructures, open-source intelligence and malware analysis).Marco Angelini is a member and coordinates research projects of the A.WA.RE (Advanced Visualization & Visual Analytics REsearch) research group at University of Rome “La Sapienza”. Marco Angelini is member of CINI Cybersecurity National Laboratory, where he coordinates national projects with the goal of strengthening the Cyber- Security status of an organization, both in public and private sectors. He is the responsible of “CyberReadiness.IT”, a project of CINI Cybersecurity National Laboratory with the goal of assessing the cybersecurity readiness of the human substrate of an organization. As a result of his activities, Dr. Marco Angelini has published more than 40 papers, including 10 peer-reviewed journal papers and 30 peer-reviewed conference papers in international journals and conferences. More about him can be found at https://sites.google.com/dis.uniroma1.it/angelini.
Claudio CICCOTELLI is a post-doctoral researcher at Sapienza University of Rome, where he is a member of the Cyber Intelligence and Information Security research center. He got his PhD in 2017, at the same University, with a thesis on practical approaches for fault detection and diagnosis in data centers. His main research interests include critical infrastructure protection and cyber-physical security (IACS/SCADA security), mobile security and dependability of complex systems.
Leonardo QUERZONI is assistant professor at Sapienza University of Rome. He got his PhD in 2007 with a thesis on efficient solutions for publish/subscribe data dissemination. His research interests range from cyber security to distributed systems and focus, in particular, on topics that include binary similarity, distributed stream processing, dependability and security in distributed systems. He authored more than 80 paper published in international scientific journals and conferences. In 2016 he co- authored the Italian National Framework for Cyber Security as member of Cyber Intelligence and Information Security research center at Sapienza University of Rome. In 2017 he got the Test of Time Award from the ACM International Conference on Distributed Event-Based Systems for the paper “TERA: topic-based event routing for peer-to-peer architectures”, published in 2007. In 2014 he was general chair for the International Conference on Principles of Distributed Systems, and in 2019 he will be program co-chair for the ACM International Conference on Distributed Event-Based Systems.
References
[1] CIS Sapienza and CINI Cybersecurity National Laboratory, 2018 National Cybersecurity and Data Protection Framework (version 2.0), 2019.
[2] CIS Sabienza and CINI Cybersecurity National Laboratory, 2015 Italian Cybersecurity Report – Un Framework Nazionale per la Cyber Security, 2015.
[3] NIST, Framework for Improving Critical Infrastructure Cycbersecurity (Version 1.0), 2014.
[4] NIST, Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1), 2018.
Time
(Tuesday) 11:30 am - 1:30 pm
Location
Aula 155/D3
Facoltà di Ingegneria | Via Brecce Bianche, 12
No Comments