Abstract
Data breaches have been one of the most common source of concerns related to cybersecurity in the last few years for many organizations. The General Data Protection Regulation (GDPR) in Europe, strongly impacted this scenario, as organizations operating with EU citizens now have to comply with strict data protection rules.
In this paper we present the Italian National Framework for Cybersecurity and Data Protection, a framework derived from the NIST Cybersecurity Framework, that includes elements and tools to appropriately take into account data protection aspects in a way that is coherent and integrated with cybersecurity aspects. The goal of the proposed Framework is to provide organizations of different sizes and nature with a flexible and unified tool for the implementation of comprehensive cybersecurity and data protection programs.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
The Italian National Framework for Cybersecurity and Data Protection [5] is publicly available at http://www.cybersecurityframework.it/.
- 3.
See ISO survey for details; available at https://www.iso.org/the-iso-survey.html.
References
Accenture and Ponemon Institute: Cost of cybercrime study (2017). https://www.accenture.com/us-en/insight-cost-of-cybercrime-2017?src=SOMS
Angelini, M., Lenti, S., Santucci, G.: Crumbs: a cyber security framework browser. In: 2017 IEEE Symposium on Visualization for Cyber Security (VizSec), pp. 1–8, October 2017. https://doi.org/10.1109/VIZSEC.2017.8062194
Center for Internet Security: Critical Security Controls for Effective Cyber Defense (CIS Controls). https://www.cisecurity.org/
CIS Sapienza: 2015 Italian Cyber Security Report: Un Framework Nazionale per la Cybersecurity, February 2016. https://www.cybersecurityframework.it
CIS Sapienza: Framework Nazionale per la Cybersecurity e la Data Protection, February 2019. https://www.cybersecurityframework.it
CIS Sapienza: Tool for the implementation of Italian Cybersecurity Framework (2020). http://tool.cybersecurityframework.it
Lachaud, E.: ISO/IEC 27701: Threats and opportunities for GDPR certification (2020). https://research.tilburguniversity.edu/en/publications/isoiec-27701-threats-and-opportunities-for-gdpr-certification
ENISA: Guidance and gaps analysis for European standardisation (2019). https://www.enisa.europa.eu/publications/guidance-and-gaps-analysis-for-european-standardisation
ENISA: Inventory of risk management/risk assessment tools (2020). https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/risk-management-inventory/rm-ra-tools
European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), May 2016. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
HITRUST Alliance: HITRUST CSF. https://hitrustalliance.net/hitrust-csf/
ISACA: Cobit 5. ISA (2012)
ISO/IEC 27000:2018: Information technology - Security techniques - Information security management systems - Overview and vocabulary, February 2018
NIST: Risk management framework overview. http://csrc.nist.gov/projects/risk-management/risk-management-framework-(RMF)-Overview
NIST: SP 800–53 Rev. 4 - Security and Privacy Controls for Federal Information Systems and Organizations, April 2013
NIST: An Introduction to Privacy Engineering and Risk Management in Federal Systems (NIST Interagency Report 8062), January 2017. https://csrc.nist.gov/publications/detail/nistir/8062/final
NIST: Framework for improving critical infrastructure cybersecurity (version 1.1), April 2018. https://www.nist.gov/cyberframework/framework
NIST: NIST Privacy Framework, January 2020. https://www.nist.gov/privacy-framework
Zaras, D.: Information Security Frameworks and Controls Catalogue (Impact Makers Report) (2018)
Acknowledgements
The authors would like to thank Cosimo Comella, Marco Coppotelli and Dorotea Alessandra de Marco (representatives of the Italian Data Protection Authority) for their valuable feedback which helped improving the Framework and its relationship with data protection principles and requirements.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Angelini, M., Ciccotelli, C., Franchina, L., Marchetti-Spaccamela, A., Querzoni, L. (2020). Italian National Framework for Cybersecurity and Data Protection. In: Antunes, L., Naldi, M., Italiano, G., Rannenberg, K., Drogkaris, P. (eds) Privacy Technologies and Policy. APF 2020. Lecture Notes in Computer Science(), vol 12121. Springer, Cham. https://doi.org/10.1007/978-3-030-55196-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-55196-4_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-55195-7
Online ISBN: 978-3-030-55196-4
eBook Packages: Computer ScienceComputer Science (R0)