Security Services & Compliance
The Security Services & Compliance service assesses infrastructure security and safeguards administrations’ IT departments. The ultimate goal of Security Services & Compliance is to support the activities of data transfer to the cloud, which is why the service is divided into two phases: migration and verification.
The migration and verification phases are complementary. Together they permit any application ‘remediation’ to increase the security level of the application pool.
![image](https://www.polostrategiconazionale.it/app/uploads/sites/2/2023/11/PSN_SecurityServices1.jpg)
![image](https://www.polostrategiconazionale.it/app/uploads/sites/2/2023/11/Raggruppa-11644-1.png)
The migration phase
Polo Strategico Nazionale supports the migration of Public Administration workloads and applications with specific designs and security controls. For example:
- It supports the alignment of security and migration strategies;
- It assesses threats and vulnerabilities of the AS-IS;
- It drafts the security control gap analysis document based on target architecture (TO-BE);
- It supports the implementation of controls and policies:
- It supports risk analysis and compliance audits;
- It performs Audit and Pre-Audit activities.
The verification phase
After the migration phase, Polo Strategico Nazionale begins the crucial phase of verifying the migrated workloads.
Assessments include:
- Vulnerability Assessment for detecting infrastructure vulnerabilities in the case of Housing, Hosting and IaaS services;
- Static Application Security Testing for tests on applications’ source code;
- Dynamic Application Security Testing for tests on running applications;
- Application penetration testing;
- Continuous security monitoring.
![image](https://www.polostrategiconazionale.it/app/uploads/sites/2/2023/11/PSN_SecurityServices3.jpg)