CYBER SECURITY: CONFIDENTIALITY AND INTEGRITY OF THE DATA

New technologies entail the need to protect business data from tampering or intrusions.

The set of business data and of hardware and software resources represent an essential heritage that the company must protect. Cyber security usually aims at five main objectives:



sicurezza informatica

  • Integrity of computer data.
  • Confidentiality (or encryption), that means to ensure that just authorized users can access data.
  • Data availability and proper functioning of the information system.
  • Non repudiation i.e. the guarantee that no one will deny the transaction.
  • Authentication of users to the system.


A cyber security system can be considered good if each single factor is adequately designed and implemented, because the weakness of a single ring of the chain can affect global security.

This means that the company must have a holistic approach to the problem and has toassociate software security also to users’ awareness about the right management of the system.

RULES AND STRATEGIC PROCEDURES

Cyber security can be distinguished into passive security and active security.

  • PASSIVE SECURITY

    PASSIVE SECURITY

    Passive security has to be intended as defensive techniques and tools. In particular, we refer to all those solutions that prevent unauthorized users to have access to resources and plants. An example is the use of armored doors or the use of personal identification systems.

  • ACTIVE SECURITY

    ACTIVE SECURITY

    Active security includes those techniques and tools that protect confidential information from access and changes of unauthorized users. This category includes both hardware and software tools.

Passive and active security are complementary and both are essential to meet the desired level of security of a system.

Furthermore, the legislation about privacy establishes precise obligations on undertakings, including the obligation to annually prepare a specific Operational Security Plan (OSP).

ISO 27001:2005

ISO 27001:2005 standard provides the appropriate ways to protect data and information from any kind of threats in order to ensure the integrity, the confidentiality and the availability and sets out which are the requirements that an adequate safety information management system must have.

This is the reason why the first step to do is to define the corporate security policy to be realised in 4 stages::

  • IDENTIFY IT RISKS WEIGHING ON THE COMPANY AND THEIR POSSIBLE CONSEQUENCES;

  • DEVELOP RULES AND PROCEDURES TO BE IMPLEMENTED IN CASE THE IDENTIFIED RISKS WILL OCCUR;

  • SUPERVISE AND IDENTIFY THE VULNERABILITIES OF THE INFORMATION SYSTEM;

  • DEFINE THE ACTIONS TO TAKE AND THE PERSONS TO CONTACT IN CASE OF CYBER THREAT.

CYBER SECURITY PROCEDURES

Cyber security of a company is based on the knowledge of the rules by the employees and on appropriate procedures and strategies:


  • PROCEDURE FOR MANAGEMENT OF THE UPDATES

  • PROPERLY PLANNED BACKUP STRATEGY

  • RECOVERY PLAN FOLLOWING ACCIDENTS

  • UPDATED DOCUMENTARY SYSTEM


P.M.F. staff has the right skills to support companies in the realization of an adequate custom-designed cyber security system according to the needs of the companies.