Manuale di Resilienza

For the purchase of several titles, please contact the secretariat:

The theme of the resilience and business continuity has become highly topical for any organisation in recent years, not least because of events such as the pandemic, the climate crisis, the war...

The UK Prudential Regulation Authority, defines the resilience such as "...the ability of firms and the financial sector as a whole to prevent, adapt, respond to, recover, and learn from operational disruptions."

The term therefore covers all phases of the management of an adverse event, from its prevention to the subsequent recovery and continuous learning phases; in this regard, the text addresses:

on the one hand, the management of risks of various kinds that may affect an organisation (including risks from third and fourth parties) and the assessment of appropriate actions for their prevention and management
on the other hand, business continuity, understood as the management, in the short and long term, of scenarios that cause the unavailability of an organisation's assets/processes/services.

In this context, therefore, the text deals with:

risk management measures, essentially aimed at ensuring the resilience of an organisation's assets/processes/services in advance, limiting both the probability of an adverse event occurring and its impacts
solutions to ensure the restoration of operations after an adverse event.

The text is aimed at all the corporate structures involved (ICT, Security, Organisation, Personnel, Legal, Compliace, Risk, Audit...), with a vision that is as exhaustive and analytical as possible (as the 600 pages of the text demonstrate), without taking anything for granted, in order to allow the reader to have all the tools to deal with such complex issues in practice, albeit with differentiated levels of detail.

In the very technical areas, the treatment aims to give an overall but comprehensible view of the subject matter, more in depth are the topics related to risk detection and management, BIA, the definition of solutions and intervention plans..., addressing in detail the most common errors, such as

not considering interdependencies between processes and cut-offs in the evaluation of RTOs
the failure to run tests long enough to assess the resilience of a DR site
disregarding the limitations of risk assessment or BIA methodologies
not setting up a proper personnel management policy...

The book is intended to provide very practical guidance and is therefore accompanied by a significant number of tables, internal and external catalogues, references to authoritative publications that can be obtained free of charge online for in-depth analysis...

Particular attention is paid to the DORA Regulationfor which this book is a useful reference for the implementation of the required fulfilments.

The author

Giancarlo Butti (gi*************@pr***.it)

(LA BS 7799, LA ISO IEC 27001:2005/2013/2022, LA ISO 20000-1, LA ISO 22301, LA ISO IEC 42001), CRISC, CDPSE, ISM, DPO, DPO UNI 11697:2017, DPO UNI CEI EN 17740:2024, CBCI, AMBCI

Master in Gestione aziendale e Sviluppo Organizzativo (MIP – Politecnico di Milano)

Contact person for the DORA and Inclusion Regulations of the CLUSIT Scientific Committee.

He has been involved in ICT, organisation and regulation since the early 1980s:

organisation analyst, project manager, security manager and auditor in banking groups
document, security, privacy... consultant in companies of different sectors and sizes.

As a populariser he has to his credit:

over 800 articles in 40 different publications
28 books and white papers, some of which are used as university texts
30 collective works as part of ABI LAB, Oracle/CLUSIT Community for Security, CLUSIT Report on ICT Security in Italy
speaker at over 170 events at ABI, ISACA/AIEA, AIIA, ORACLE, CLUSIT, ITER, INFORMA BANCA, CONVENIA, CETIF, IKN, TECNA, UNISEF, PARADIGMA...
former teacher of the ABI professional training course - Privacy Expert and Data Protection Officer
lecturer in masters and postgraduate courses at several universities:
- Master's Degree in "Data Protection Officer and Privacy Law" at the University Suor Orsola Benincasa - Naples
- Postgraduate Course in Data Protection and Data Governance at the University of Milan
- Cefriel Data Protection Officer Advanced Training Course
- UNISEF Master's Degree for Personal Data Protection Officers
- DPO Pathway and the Information Security & Privacy Observatory of the Politecnico di Milano
- Risk analysis and management at the State University of Milan

Master Risk management, internal audit & fraud at Ca Foscari Challenge School.

Member and former proboviro of AIEA/ISACA (www.aiea.it - Italian Association of Information Systems Auditors), of CLUSIT (www.clusit.it - Italian Association for Information Security), of DFA (www.perfezionisti.it - Digital Forensics Alumni ), of ACFE (https://www.acfecentral.it/- Association of Certified Fraud Examiners).and of BCI (www.thebci.org - Business Continuity Institute).

Participates in various working groups of ABI LAB, ISACA-AIEA, the CLUSIT...

(*) Former researcher in the field of renewable energy (UNESCO - International directory of new and renewable energy information sources and research centres, 1986)

Extract

Download extract

Articles

Supply chain risks (mise.gov.it)

From business continuity to operational resilience (mise.gov.it)

Supplier management in finance: how to implement a strategy and an exit plan - Cyber Security 360

BIA and risk analysis: what synergies to prepare resilience and recovery solutions - Cyber Security 360

DORA and suppliers: the scope for compliance - Cyber Security 360

DORA Regulation: how Europe will ensure fintech's operational resilience to cyber risks - Cyber Security 360

Operational resilience in organisations: how regulations (and more) are evolving - Cyber Security 360

Fail-safe Business Impact Analysis: here are the guidelines - Cyber Security 360

Cyber risk analysis, not just security: how to deal with all adverse events - Cyber Security 360

The hidden risks of disaster recovery: what to do to ensure business continuity - Cyber Security 360

Gestione di fornitori e outsourcer: limiti e pregi del Regolamento DORA – Cyber Security 360

Implementare DORA: le buone pratiche per sopravvivere all’adeguamento normativo – Cyber Security 360

DORA and suppliers: the scope for compliance - Cyber Security 360

Regolamento DORA, le certificazioni dei fornitori: i limiti operativi – Cyber Security 360

DORA, funzioni essenziali o importanti: regole di conformità ai requisiti normativi – Cyber Security 360

Rischio ICT, fornitori e subfornitori alla prova

NIS 2 e DORA, la (ri)valutazione dei fornitori: gli errori da evitare

DORA: errori e refusi a cui prestare attenzione per l’implementazione normativa

I limiti e le difficoltà di una corretta profilazione degli utenti

Prime scadenze NIS 2, ma per le entità finanziarie c’è ancora tempo: i motivi

Regolamento DORA, le funzioni essenziali e importanti: gli errori da evitare

Chi controlla l’audit? I rischi di una violazione della normativa privacy e il ruolo del DPO

Cookie	Durata	Descrizione
consent	2 years	Used to detect whether the visitor has accepted the marketing category in the cookie banner. This cookie is required for GDPR compliance of the website.
cookielawinfo-checkbox-advertisement	1 year	Used to detect whether the visitor has accepted the marketing category in the cookie banner. This cookie is required for GDPR compliance of the website
cookielawinfo-checkbox-analytics	1 year	Used to detect whether the visitor has accepted the statistics category in the cookie banner. This cookie is required for GDPR compliance of the website
cookielawinfo-checkbox-functional	1 year	Determines whether the user has accepted the cookie consent box
cookielawinfo-checkbox-necessary	1 year	Determines whether the user has accepted the cookie consent box
cookielawinfo-checkbox-others	1 year	Stores the user's cookie consent status for the current domain
cookielawinfo-checkbox-performance	1 year	Stores the user's cookie consent status for the current domain
language	session	Save the user's preferred language on the website
SameSite	1 day	It ensures the security of visitors' browsing by preventing the falsification of requests between sites. This cookie is essential for the security of the website and the visitor
wc_cart_hash_#	persistent
wc_fragments_#	session

Cookie	Durata	Descrizione
ld:#:$diagnostics	persistent	This GoToWebinar cookie is used for the technical implementation of the webinar
machineId	persistent	This GoToWebinar cookie is used for the technical implementation of the webinar.
OREO	session	This GoToWebinar cookie is used for the technical implementation of the webinar

Cookie	Durata	Descrizione
ADRUM_BT1	1 day	This cookie is used to detect errors on the site; this information is sent to support staff to optimise the visitor experience on the site
ADRUM_BTa	1 day	This cookie is used to detect errors on the site; this information is sent to support staff to optimise the visitor experience on the site.
browser_id	5 years	Used to recognise the user's browser when returning to the website

Cookie	Durata	Descrizione
_ga	2 years	Registers a unique ID used to generate statistical data on how the visitor uses the website
_gat	1 day	Used by Google Analytics to limit the frequency of requests
_gid	1 day	Registers a unique ID used to generate statistical data on how the visitor uses the website
collect	session	Used to send data to Google Analytics about the device and user behaviour. Tracks the user across devices and marketing channels
vuid	2 years	It collects data on user visits to the site, such as which pages were consulted

Cookie	Durata	Descrizione
ads/ga-audiences	session	Used by Google AdWords to re-engage visitors who might become customers based on their online behaviour on all websites
VISITOR_INFO1_LIVE	179 days	Try to estimate the speed of the user's connection on pages with embedded YouTube videos
YSC	session	Registers a unique ID for statistics related to which YouTube videos have been viewed by the user
yt-remote-cast-available	session	Stores user's video player preferences using embedded YouTube video
yt-remote-cast-installed	session	Stores user's video player preferences using embedded YouTube video
yt-remote-connected-devices	persistent	Stores user's video player preferences using embedded YouTube video
yt-remote-device-id	persistent	Stores user's video player preferences using embedded YouTube video
yt-remote-fast-check-period	session	Stores user's video player preferences using embedded YouTube video
yt-remote-session-app	session	Stores user's video player preferences using embedded YouTube video
yt-remote-session-name	session	Stores user's video player preferences using embedded YouTube video
yt.innertube::nextId	persistent	Registers a unique ID for statistics related to which YouTube videos have been viewed by the user
yt.innertube::requests	persistent	Registers a unique ID for statistics related to which YouTube videos have been viewed by the user

Manuale di Resilienza

For the purchase of several titles, please contact the secretariat:

3484161819 | it@it*******.it

The book

The author

Extract

Articles

Social

Search

Disclaimer

Company data

Contact

Manuale di Resilienza

For the purchase of several titles, please contact the secretariat:

3484161819 | it**@it*********.it

The book

The author

Extract

Articles

Social

Search

Disclaimer

Company data

Contact

3484161819 | it@it*******.it