2.4 What to Protect Against - Cyber Threats
Wikipedia updated list:
2.5 Role and Responsibilities
For the ORGANIZATIONAL DATA SECURITY FUNDAMENTALS, the Senior / Chief Decision Makers includes:
CEO: Decision maker (titolare in italian)
CFO: Budgeting and finance
CIO: ensures support with its technical know-how
ISO: Risk analysis and mitigation
Steering Committee: defines the objective risks and how to deal with them
Auditor: evaluate the Business Processes of Security Systems
Data Owner: classifies the data
Data Custodian: day by day deals with the "maintenance of data"
Network Administrator: ensures the availability of network resources
Security Administrator: responsible for all the security and associated tasks, with particular regard to "Confidentiality and Integrity". It would always be advisable to appoint a press officer.
2.4.1 DPO Data Protection OfficierEuropean legislation has introduced new mandatory actors for the protection of personal data. The charge of the DPO is mandatory based on the provisions of art. 37 GDPR against PA (Public Administration) without exceptions; in the case of treatments that require regular and systematic monitoring of large-scale data; when the processing involves sensitive personal data (Article 9) or data relating to criminal convictions and offenses referred to in Article 10 massive treaties. The DPO must act in the interests of the interested parties and of the entire community, not only of the CEO. Even if the charge of the DPO is not mandatory for the infrastructures not included in the cases contemplated by the Regulation, once the CEO has charged her/him (DPO), the rules set out in art. 37-39 of the GDRP must, in any case, be fully applied.
2.5.2 SLO Security Liaison Officier
The owner of the ICE (European critical infrastructure) and the responsible party for its operation must charge within 30 days from the designation as ICE a security liaison officer and the SLO. Together they formulate the PSO (Strategic Operational Plan) to be drawn up in compliance with the minimum parameters agreed in Eu Community, Annex B Legislative Decree 62/2001.
2.5.3 Actors schema of Italian Act 196/2003