For the purchase of several titles, please contact the secretariat:
3484161819 | it**@it*********.it
This book takes up and expands on the contents of my previous publication TOTAL SECURITY 4.0 - The ABC on Physical Cyber Security for DPOs and SMEs (and beyond).
Unlike its predecessor, which, as the title indicates, is aimed primarily at a non-specialist audience, this text addresses the topic of risk management through the view of different methodologies.
In particular, the text draws on methodologies proposed by ISO, NIST, ENISA, OPEN GROUP, but also developed by governmental bodies (Spain, Canada...) that address the issue of risk management through their own analysis methodologies that have over time become a point of reference.
Alongside this established view, the text proposes, with all the limitations of available space, the new frontiers of risk analysis, based on quantitative methods and the use of statistical techniques.
The text is intended to be as comprehensive a handbook as possible, although the specific references to the sources used allow the reader to carry out the appropriate in-depth studies independently.
Except for references to ISO standards, the cited material is normally in the public domain, and therefore freely accessible to all readers.
Particular emphasis is placed on how to collect (or estimate) the information useful for determining the factors that enter into the risk assessment, again referring to catalogues and external sources that are easily retrievable online, examples of which are usually given.
The text is accompanied by operational toolsavailable in the 'additional materials':
- PDF files representing useful forms for mapping one's own organisation
- a series of excel sheets providing examples of processing and reporting.
Some paragraphs are taken from my articles in Toolnews, for which I thank Alessandro Giacchino.
Giancarlo Butti (gi*************@pr***.it)
(LA BS 7799, LA ISO IEC 27001:2005/2013/2022, LA ISO 20000-1, LA ISO 22301, LA ISO IEC 42001), CRISC, CDPSE, ISM, DPO, DPO UNI 11697:2017, DPO UNI CEI EN 17740:2024, CBCI, AMBCI
Master in Business Management and Organisational Development (MIP - Politecnico di Milano).
ESG contact person(*) (Environmental, Social and Governance) and Inclusion of the CLUSIT Scientific Committee.
He has been involved in ICT, organisation and regulation since the early 1980s:
- organisation analyst, project manager, security manager and auditor in banking groups
- document, security, privacy... consultant in companies of different sectors and sizes.
As a populariser he has to his credit:
- over 800 articles in 40 different publications
- 26 books and white papers, some of which are used as university texts
- 27 collective works as part of ABI LAB, Oracle/CLUSIT Community for Security, CLUSIT Report on ICT Security in Italy
- speaker at over 170 events at ABI, ISACA/AIEA, AIIA, ORACLE, CLUSIT, ITER, INFORMA BANCA, CONVENIA, CETIF, IKN, TECNA, UNISEF, PARADIGMA...
- former teacher of the ABI professional training course - Privacy Expert and Data Protection Officer
- lecturer in masters and postgraduate courses at several universities:
- Master's Degree in "Data Protection Officer and Privacy Law" at the University Suor Orsola Benincasa - Naples
- Postgraduate Course in Data Protection and Data Governance at the University of Milan
- Cefriel Data Protection Officer Advanced Training Course
- UNISEF Master's Degree for Personal Data Protection Officers
- DPO Pathway and the Information Security & Privacy Observatory of the Politecnico di Milano
- Risk analysis and management at the State University of Milan
- Master Risk management, internal audit & fraud at Ca Foscari Challenge School.
Member and former proboviro of AIEA/ISACA (www.aiea.it - Italian Association of Information Systems Auditors), of CLUSIT (www.clusit.it - Italian Association for Information Security), of DFA (www.perfezionisti.it - Digital Forensics Alumni ), of ACFE (https://www.acfecentral.it/- Association of Certified Fraud Examiners).and of BCI (www.thebci.org - Business Continuity Institute).
Participates in various working groups of ABI LAB, ISACA-AIEA, the CLUSIT...
(*) Former researcher in the field of renewable energy (UNESCO - International directory of new and renewable energy information sources and research centres, 1986)
Alberto Piamonte
A graduate of the University of Padua in Electronic Engineering, he is currently a member of the KeyMap Team, a group of consultants and companies involved in the development of automated tools and methodologies for audit activities, risk analysis and management, compliance certification and the implementation of effective and efficient control and governance systems.
In addition to carrying out consultancy work himself, he is actively involved in issues related to IT systems governance by holding frequent courses and seminars on methodologies such as COBIT, ITIL and ISO27001 and in raising awareness and dissemination of related issues, and has been an IAEA Advisor with the role of Research Director.
He began his career as an IBM researcher with more than a decade's stay in research and development laboratories (USA, Germany, Sweden and Italy) dealing mainly with communications (SNA) and related security issues.
Later, as Olivetti Marketing Manager for Public Administrations, he was involved in the management and implementation of large projects.
More recently, as Software Director Europe at Amdahl Corporation, he dealt with the management and security issues of large user networks.
Member of ISACA - Rome, COBIT5 Trainer, Assessor and Implementor.
After purchasing the book, request the link to download additional materials
