We think of a modern programming and management of security that takes into account how the risk is originated, what actions generate reactions, and who for the benefits obtained and skills must be responsible for management. In order to follow this line, a widespread political and corporate culture of risk management is needed, recognition of the complexity of the various activities or initiatives put in place, training and updating of professionals who are able to manage complexity, a shared approach by of all interested professionals.
By now, information and communication technologies have taken on a fundamental role in the definition and management of processes and activities within an organization. Thanks to technologies, data and information can be transmitted, archived, processed, recovered and shared between different systems, quickly and automatically.
To use these functions safely, it is necessary to ensure that during its management the data maintains a set of characteristics, such as confidentiality, integrity and availability. By respecting this combination of parameters, it is possible to contrast the exposure of the data to risks, threats and vulnerabilities, which can cause a loss of information and thus cause reputational damage at company level.
“Security Governance” provides a set of tools, processes and technologies with which the company is able to perform prevention, detection and response activities to cyber attacks. The “Security Governance” must not be addressed only from a technological point of view, the involvement of people and the definition of appropriate processes in order to:
- have a widespread corporate culture of politics and risk management;
- recognize the various security complexities inherent in the activities or initiatives implemented;
- train and update professionals for the management of this complexity;
- have a methodology shared by all interested professionals.
Our company, ISO 27001 certified, is able to support you in all phases of the safety management process, in compliance with industry standards / regulations and in parallel with your company business strategies.
Our professionals, in addition to the many years of experience gained in the management of highly complex corporate security, also have a profound knowledge of the sector regulations and standards (GDPR, PCI DSS, NIST) and certifications of specific methodologies (COBIT®, TOGAF® , ISO / IEC 20000, ISO / IEC 27001, CISSP), and an excellent knowledge of the solutions of the Microfocus portfolio, market leader in the field of Security Governance processes.
Security Information & Event Management:
A Security Information & Event Management (SIEM) solution allows to respond to a series of needs that concern the identification of security incidents, policy violations and fraudulent activities, the reduction of response times for the resolution of these threats , carrying out audit analyzes in order to be compliant with safety regulations and support for investigations on problems and malfunctions in the systems.
The achievement of these objectives is guaranteed by a SIEM solution that offers the following features:
- data collection: a SIEM allows the collection of logs from different sources in a single centralized platform, managing the sending of such data either through an agent-based software or by allowing the platform to access the device directly which generates the logs (agentless);
- parsing, filtering, aggregation and normalization: in order to facilitate the subsequent phases of analysis and interpretation of the contents of the logs, events are subjected to a series of processes such as the extraction of specific information, the filtering of non-useful data and redundant, the aggregation of similar events, up to the conversion of the original data into a standard format;
- correlation: analyzing the information contained in the logs, the correlation rules allow identifying relationships between events thanks to which it is possible to identify the occurrence of possible anomalies;
- reporting, dashboard, notifications: the reporting allows you to view the results of the analyzes, the visualization through the dashboard provides a representation of the data in real time and the notifications, generated when certain events occur, allow you to report the presence of a possible threat.
In a heterogeneous context characterized by a growing amount of data produced, by continuous transfers of data between different systems and by their interaction within and outside the organization, a Data Protection solution is essential to ensure that they do not occur information violations, as the data is protected during its life cycle, from the point where the information is generated to the point where it is transferred and used.
The Data Protection solution guarantees data protection in accordance with the requirements defined by regulations and standards such as the “General Data Protection Regulation” (GDPR) for personal data or the “Payment Card Industry Data Security Standard” (PCI DSS ) for credit card data.
The main techniques for data protection are distinguished between “pseudonymization” and “encryption”: in the first case, the value to be protected is replaced with a randomly generated text string, while in the second case, the value to be protected is transformed into a encrypted string. Both techniques retain the format (thus avoiding problems at the DB structure level) and are reversible, thus allowing both to neutralize possible information violations, and to recover this information for analysis.
It is important that a Data Protection solution is able to integrate with an Identity & Access Management solution, thus exercising control over access to sensitive data also according to the role that the user has in the organization.
Identity & Access Management:
In a heterogeneous business context in which different systems and applications do not interact with each other, the absence of a valid tool capable of centrally managing and monitoring access control on individual resource risks leads to an exposure of sensitive information to non-users authorized.
An Identity & Access Management (IAM) solution allows the definition of a perimeter within which the protection of resources and data is guaranteed thanks to the application of a process that establishes which users have access to certain resources and assigns permissions according to separation of roles, so that users can view only the information necessary to perform their activities.
The achievement of these goals is guaranteed by the fact that an IAM solution offers the following features:
- storage of user information: users’ digital identities are stored and managed in a centralized repository;
- user provisioning and workflow: the provisioning process encompasses the set of operations that lead to the management of identity and access rights in accordance with the role that the user has in the organization;
- approval workflow: the Workflow component automates the provisioning process, so as to involve only the approvers of the resources concerned;
- user authentication: it is the process that verifies the identity of the user and consequently guarantees access to resources only to authorized users. Authentication techniques range from simple login with username and password to more complex mechanisms based on the joint use of two or more authentication methods, in which the user is in possession of “something he knows” or “something he has ” Or “a thing that is”;
- advanced risk-based authentication: the ability to configure risk-based authentication makes access control sensitive to the context in which the user is making the request to use the resource, dynamically varying the number of authentication required;
- single sign-on: the implementation of the single sign-on functionality guarantees access to multiple software systems or resources to which the user is enabled through a single authentication.
Privileged Access Management:
For a complete view of access within an organization, the IAM solution must be integrated with the Privileged Access Management (PAM) solution, which allows you to control and monitor privileged access to critical resources by administrator users.
The PAM solution allows to overcome the criticality due to sharing a privileged account among multiple users which, by allowing access to resources with greater authority, increases the risk of carrying out unauthorized operations with a high impact on the infrastructure, or access to confidential information and their consequent unauthorized exposure.
The achievement of this goal is guaranteed by the following features of the PAM solution:
- user authentication: thanks to the integration between the IAM and PAM solution, the request for access to critical resources and the validation of the user’s membership of a privileged group is managed through the IAM authentication module;
- credential management: the access credentials of the privileged accounts are managed and stored through a centralized encrypted archive, thus ensuring that these credentials are neither exposed nor shared among users;
- session management: the activities carried out by privileged users are recorded and traced to allow monitoring and analysis during the work sessions and support the prevention of information breaches for auditing and compliance purposes.