Speaker: Matteo Mangini
Abstract: Defining a framework for the assessment, evaluation and management of risk according to standards and guidelines is nowadays the major challenge in IT governance and security compliance. Thus legal and regulation compliance lead to the definition and development of Security Management System as part of business operations. Owing to the complexity of planning and operating a Management System, a formal and comprehensive approach to IT Risk Management is the basis on which to build a successful organization.
RiS (Risk integrated Service) is a web based solution, implementing the NIS methodology in accordance with ISO31000, developed to help security consultants assessing, evaluating and managing risks related to assets, threats and vulnerabilities.
Information gathered from operational sites belonging to the scope drives to the risk assessment application.
Integration of information about business relevance, security criticality and real scope for the organization provide guidelines to define risk scenarios (against threats and vulnerabilities) to produce quantitative results for analysis, reports and countermeasures.
The RiS application can thus result in management reviews and treatment plans definition including activities (controls) aimed at mitigating the risks identified. The tool runs risk assessment with respect to either any standard specification family, such as ISO27002, COBIT5, ISO20000, ISO22301, or customized ones (ISO27001 in healthcare, ISO27001 for Critical Infrastructures, Cloud environments) to evaluate risks.
Information and asset classification reflect the importance given to them by the management. Consequently a direct dependence between the risk analysis results and security targets set in policies can be measured. The correct identification of vulnerabilities and threats that can exploit them is the basis for the risk calculation. The risk assessment approach is applied to all main assets involved in the enterprise, with particular reference to information, technological and infrastructural assets, as well as human resources related to service delivery
Bio: Matteo Mangini is a project manager and technical leader of the Risk Analysis Tool called RiS (Risk Integrated Service) , a service for assessment, evaluation and management of IT risks, performing different kind of risk analysis in accordance with main international standard (ISO27001, ISO2000, BCM and others). During his career he has participated in different R&D projects based on emerging technologies such as GRID and Cloud architectures, Security and Risk Analysis. In this field he has followed all the project life-cycle since the bid to the delivery, managing relationships with partners and internal resources. At the moment he is responsible of the main technical aspects of the R&D projects implemented by NIS.
Share this event
When & where
2.00pm - 3.00pmTuesday 9th May 2017