What do I deal with
I am a management consultant on issues relating to the ICT world. Consulting and training services are divided into three areas: privacy, cybersecurity and process reengineering. Below you will find a description that will help you better understand the areas of operation. I have a Telegram channel that you can subscribe to by clicking here in which I provide information and/or updates on news regarding cybersecurity.
Cybersecurity
- Training paths. The topic of cybersecurity is among the most in demand in terms of training demand. In recent years the activity has been provided to associations, public and private organizations as well as universities. The training is specifically calibrated to the target audience and customer needs, while maintaining the greatest possible clarity and simplicity. The goal is to maximize user understanding and raise awareness of potential risks and countermeasures. The activity can be delivered both in presence and in eLearning mode.
- Cybersecurity assessment. It is an intervention aimed at analyzing the level of computer security within companies and public administrations. The assessment can be directed towards the entire ICT infrastructure or towards a single part of it (e.g. the institutional web portal). It is an activity that generally affects the ICT department in the person of the Head of Information Systems or the Head of Cyber Security. The activity is carried out at various levels of complexity: starting from a technical-functional analysis of the solutions, up to penetration-test activities.
- Compliancy to the GDPR. The security of personal data passes through regulatory compliance of the GDPR. The purpose of the activity is to verify that the processing of users’ personal data is carried out in compliance with the law and with completeness, in order to avoid warnings and sanctions.
- Data Protection Impact Analysis (DPIA). Impact analysis for the protection of personal data is a precautionary measure provided for by the GDPR and is based on a comprehensive analysis of the context in which the company or public administration operates. The ultimate aim is to highlight the way in which a treatment under consideration is carried out, giving evidence of the risks and the related countermeasures. DPIA is a sartorial product, studied and created specifically on the reality of the customer, in order to guarantee maximum transparency and effectiveness in the result.
- Data breach management. Proper handling of a data breach has become a priority in recent years. The intervention in question is developed with actions aimed at identifying the areas of technical-operational criticality by studying the best solution to avoid the repetition of the problem. In addition, the activity can also be designed for training purposes to discover the best management mode in order to reduce service recovery time (RTO).
- Privacy assessment. It is an intervention aimed at companies and public administrations, dedicated to the creation/management of an ecosystem in which the privacy of information is placed at the center of the business.
Process Reengineering and Digitization
- Process analysis: few are aware that behind data-breach there are often problems of an organizational nature. Unaccountable processes with an incorrect outcome can generate security flaws and create problems in the ordinary conduct of business activities. Process analysis aims to identify critical areas and propose appropriate technical-organizational solutions.
- Data flow analysis: Fewer and fewer organizations can boast real control over data flows. This type of intervention aims to map all business data flows by highlighting those that are most at risk and are most at risk.
- ICT infrastructure consolidation. Process reorganization activities, in the ICT field, result in technical-organizational interventions aimed at optimizing the customer’s IT part. It is therefore not only a matter of flanking infrastructural interventions but of facilitating them with methodologies and tools created specifically for the customer.
- Change management support. Change is a physiological phase of every organizational structure. It is addressed by the main project and service management methodologies (e.g.: ITIL, PRINCE2, etc..). Supporting change means analyzing the effects this can have internally on the business but also externally, offering a broader view and more harmonized solutions.
Training
A large part of my activity involves the provision of training for private and public bodies on a large number of topics: computer security, electronic signatures, aspects of computer forensics, risk analysis and IT emergency management plans.
Training is an essential element in developing the skills of companies, central and local public administrations. The topics proposed in the courses are always up-to-date and are “modeled” on the professional needs of the client. They can be delivered in synchronous mode or recorded to be later viewed by staff. Listed below are the topics most requested by P.A. and private companies.
Digital Signs
Technical and usage aspects
What are the types of electronic signatures. How they are used and when. What are their characteristics? The course aims to provide all the necessary guidance to better manage electronic signatures, taking care to use concepts and language understandable even to non-technical personnel.
Document Management
Technical and organizational aspects
What are the most relevant technical aspects reported in the AgID Guidelines of ‘Creation, Management and Archiving of the Information Document’? The course will delve into the salient aspects, focusing the spotlight on all those technical-organizational constraints that cannot be ignored. All in a simple language and absolutely within everyone’s reach.
Cybersecurity
Attack and defense techniques
The course will address the most important topics related to cybersecurity including: attack techniques, culpable incident management, defense techniques, impact on the organization. The course is designed to be followed also by non-technical staff because the language adopted and the explanations have been particularly simplified. The goal is to make staff aware through appropriate training.
Processing of personal data
Compliance to GDPR
What are the technical-organizational aspects to properly manage personal data? What are the risks to which you are exposed and how to manage those treatments defined by the Data Protection Authority “high risk”? The course will address these issues by providing very practical answers to the most common questions and suggesting solutions that can be applied immediately in order to maximize the value of the training.
Risk Management
ICT Risk Management Methodologies
How can business and P.A. staff properly manage cyber risk? What are the most relevant aspects and techniques. How should concepts such as Disaster Recovery, Business Continuity, and how are their plans managed? The course will expose the most relevant methodologies and explain the methods of use and peculiarities of each.
Simulations
Exercises and Case Studies
All topics covered are complete with updated, relevant and detailed case studies. On many occasions it is also possible to integrate simulations into the notional part to stimulate group work and learning.
It is important to emphasize that these courses have been delivered, over the years, to public, private companies and professional bodies. The language used in these courses is specially designed to be understood by all participants, in particular by the non-technical staff to whom these courses are often addressed. This means the adoption of simple concepts, the abolition of technicalities and foreign terminologies in order to reduce conceptual ambiguity. Finally, the high number of examples provides valuable support for general understanding.