To guarantee data and systems security is one of the crucial and Group-wide pervasive issue for the IT units. Digital crimes increase, due to the progressive transfer of economic activities and transactions on digital and on-line platforms, has forced companies to develop sophisticated protections and reactions protocols to face the multiple threads.
Security problems raises from various inter-related areas:
- risk management methodologies,
- security of infrastructure and devices,
- software security.
It is vital to adopt the appropriate measures through the implementation of an IT security programme, such as:
- developing the existing security management system to pro-actively identify security threats by using new and emerging technologies (e.g. threat intelligence, behaviour analysis)
- develop the security controls system by defining a series of Key Risk Indicators (KRIs)
- introduce a cyber security defence plan at Group level, supported by a communications plan, to act in synergy with the business continuity plan in force
- strengthen the IT risk assessment process by increasing risk awareness from the first stages of designing the IT solutions and services (security by design).