Skip to main content
SpringerLink
Log in
Book cover

Annual Privacy Forum

APF 2020: Privacy Technologies and Policy pp 127–142Cite as

Italian National Framework for Cybersecurity and Data Protection

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12121))

Abstract

Data breaches have been one of the most common source of concerns related to cybersecurity in the last few years for many organizations. The General Data Protection Regulation (GDPR) in Europe, strongly impacted this scenario, as organizations operating with EU citizens now have to comply with strict data protection rules.

In this paper we present the Italian National Framework for Cybersecurity and Data Protection, a framework derived from the NIST Cybersecurity Framework, that includes elements and tools to appropriately take into account data protection aspects in a way that is coherent and integrated with cybersecurity aspects. The goal of the proposed Framework is to provide organizations of different sizes and nature with a flexible and unified tool for the implementation of comprehensive cybersecurity and data protection programs.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://smeunited.eu/news/smes-say-gdpr-needs-reality-check.

  2. 2.

    The Italian National Framework for Cybersecurity and Data Protection  [5] is publicly available at http://www.cybersecurityframework.it/.

  3. 3.

    See ISO survey for details; available at https://www.iso.org/the-iso-survey.html.

References

  1. Accenture and Ponemon Institute: Cost of cybercrime study (2017). https://www.accenture.com/us-en/insight-cost-of-cybercrime-2017?src=SOMS

  2. Angelini, M., Lenti, S., Santucci, G.: Crumbs: a cyber security framework browser. In: 2017 IEEE Symposium on Visualization for Cyber Security (VizSec), pp. 1–8, October 2017. https://doi.org/10.1109/VIZSEC.2017.8062194

  3. Center for Internet Security: Critical Security Controls for Effective Cyber Defense (CIS Controls). https://www.cisecurity.org/

  4. CIS Sapienza: 2015 Italian Cyber Security Report: Un Framework Nazionale per la Cybersecurity, February 2016. https://www.cybersecurityframework.it

  5. CIS Sapienza: Framework Nazionale per la Cybersecurity e la Data Protection, February 2019. https://www.cybersecurityframework.it

  6. CIS Sapienza: Tool for the implementation of Italian Cybersecurity Framework (2020). http://tool.cybersecurityframework.it

  7. Lachaud, E.: ISO/IEC 27701: Threats and opportunities for GDPR certification (2020). https://research.tilburguniversity.edu/en/publications/isoiec-27701-threats-and-opportunities-for-gdpr-certification

  8. ENISA: Guidance and gaps analysis for European standardisation (2019). https://www.enisa.europa.eu/publications/guidance-and-gaps-analysis-for-european-standardisation

  9. ENISA: Inventory of risk management/risk assessment tools (2020). https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/risk-management-inventory/rm-ra-tools

  10. European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), May 2016. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC

  11. HITRUST Alliance: HITRUST CSF. https://hitrustalliance.net/hitrust-csf/

  12. ISACA: Cobit 5. ISA (2012)

    Google Scholar 

  13. ISO/IEC 27000:2018: Information technology - Security techniques - Information security management systems - Overview and vocabulary, February 2018

    Google Scholar 

  14. NIST: Risk management framework overview. http://csrc.nist.gov/projects/risk-management/risk-management-framework-(RMF)-Overview

  15. NIST: SP 800–53 Rev. 4 - Security and Privacy Controls for Federal Information Systems and Organizations, April 2013

    Google Scholar 

  16. NIST: An Introduction to Privacy Engineering and Risk Management in Federal Systems (NIST Interagency Report 8062), January 2017. https://csrc.nist.gov/publications/detail/nistir/8062/final

  17. NIST: Framework for improving critical infrastructure cybersecurity (version 1.1), April 2018. https://www.nist.gov/cyberframework/framework

  18. NIST: NIST Privacy Framework, January 2020. https://www.nist.gov/privacy-framework

  19. Zaras, D.: Information Security Frameworks and Controls Catalogue (Impact Makers Report) (2018)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank Cosimo Comella, Marco Coppotelli and Dorotea Alessandra de Marco (representatives of the Italian Data Protection Authority) for their valuable feedback which helped improving the Framework and its relationship with data protection principles and requirements.

Author information

Authors and Affiliations

  1. Department of Computer Control and Management Engineering - CIS, Sapienza University of Rome, Rome, Italy

    Marco Angelini, Claudio Ciccotelli, Alberto Marchetti-Spaccamela & Leonardo Querzoni

  2. CINI Cybersecurity National Lab, Rome, Italy

    Marco Angelini, Claudio Ciccotelli, Luisa Franchina, Alberto Marchetti-Spaccamela & Leonardo Querzoni

Authors
  1. Marco Angelini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Claudio Ciccotelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luisa Franchina
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alberto Marchetti-Spaccamela
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Leonardo Querzoni
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Leonardo Querzoni .

Editor information

Editors and Affiliations

  1. University of Porto, Porto, Portugal

    Luís Antunes

  2. LUMSA University, Rome, Italy

    Maurizio Naldi

  3. LUISS, Rome, Italy

    Giuseppe F. Italiano

  4. Goethe University Frankfurt, Frankfurt am Main, Germany

    Kai Rannenberg

  5. ENISA, Athens, Greece

    Prokopios Drogkaris

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Angelini, M., Ciccotelli, C., Franchina, L., Marchetti-Spaccamela, A., Querzoni, L. (2020). Italian National Framework for Cybersecurity and Data Protection. In: Antunes, L., Naldi, M., Italiano, G., Rannenberg, K., Drogkaris, P. (eds) Privacy Technologies and Policy. APF 2020. Lecture Notes in Computer Science(), vol 12121. Springer, Cham. https://doi.org/10.1007/978-3-030-55196-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-55196-4_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-55195-7

  • Online ISBN: 978-3-030-55196-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation