Our know-how in protecting critical national infrastructure allows us to provide the Hub with solutions and services that ensure the highest level of protection and cyber resilience. We do this through our capacity to anticipate threats, control risks, and effectively manage any external attacks. We also ensure the confidentiality, integrity, and availability of information through protective measures targeting infrastructure, networks, and archives. The measures adopted are commensurate with the existing level of vulnerability to cyber risks and risk analysis is carried out periodically using special assessment tools. This also allows tracking any identified remedial actions.
We ensure compliance with applicable laws and regulations, including those relating to information security and personal data protection. These include those applicable to Essential Service Operators (OSEs), Digital Service Providers (DSPs), and entities included in the National Cyber Security Perimeter (Perimetro di Sicurezza Nazionale Cibernetica/PSNC).
Any technical and organisational measures identified will be subject to ISO/IEC 27001 and ISO 22301 certification. They will also be noted in any specific Security Policies drawn up by our Security Organisation, particularly in relation to IT system and network infrastructure security and compliance.
Our logical security measures also stipulate that a “segment” architecture be defined within each end-customer environment. Policies will then be applied in each segment that are consistent with the type of application being hosted.
Our logical security system includes creating a dedicated segregated area in the Data Centers, which is completely managed by Polo Strategico Nazionale personnel.
The Security Operation Center (SOC) and Computer Emergency Response Team (CERT) work to provide security management for the network infrastructure and all Cloud services.
Polo Strategico Nazionale has a dedicated Security Operation Center (SOC), located outside the Hub’s Data Centers. The SOC manages the security platforms required to address aspects such as device protection or managing access, encryption keys, and policies. The Security Operation Center also monitors the security status of the entire infrastructure.
The Computer Emergency Response Team (CERT) of Polo Strategico Nazionale is a dedicated entity which is organisationally separate from the units managing IT infrastructure and the SOC. It ensures being able to respond to potential cyberattacks by using tools, procedures, and personnel which focus on assessing threat scenarios and coordinating response actions.
CERT provides proactive security services that include cyber threat intelligence, vulnerability assessments, and the ability to identify anomalous behaviour. The aim is to improve the security posture of infrastructures by anticipating threats. With regard to response services, CERT manages reactions to security incidents by defining the best response strategy. The aim is to minimise impacts and restore the affected services as quickly as possible.
Given the high level of security required by Polo Strategico Nazionale’s services, encryption capabilities play a key role in ensuring data sovereignty and protecting and controlling Cloud-stored information. With this in mind, the Hub provides encryption and key management services to ensure data protection needs are met.