For the purchase of several titles, please contact the secretariat:
3484161819 | it**@it*********.it
At last, a text that deals with computer security with a different slant from the usual, and which is addressed not to the usual insiders, but to those who are not in the trade and have only a smattering of these issues and must for their fortune identify the tangible and intangible assets to be protected, pragmatically identify the threats that may affect those assets, provide adequate protection so that they remain as far away from their structure as possible and, since resources are a non-infinite entity, at least manage the residual risk.
Simple perhaps to say, but by no means trivial to achieve if you do not have a guide who can be a good companion on the bench.
In my opinion, the book also has the great ability to open a wide window on the rules of conduct that should be the vademecum of the people who have to live with IT and security, whether as operators in the sector or as end users.
I found the reported case studies very appreciable, as they offer a wide-angle view of some positive examples of small to medium-sized companies where security has received acceptable attention. These cases are emblematic because in those types of companies it is usually difficult to find an employee with adequate knowledge/awareness of the subject, but above all, very often the entrepreneur/owner is little inclined to invest in IT security unless forced to by the law (remember that some also have criminal implications), so he often relies on the substantial support of the local patron saint. The message that becomes clear is that even in situations where often nothing is done about security, it is possible instead to take substantial steps by relying on a correct approach.
The last chapter of the book deals with safety law, which in Italy in recent years has received a great deal of attention from the institutions Extracting the most relevant articles I found it meritorious especially for the didactic approach aimed at bringing even people who are normally reluctant to venture into the legal world closer to the dictate.
This is rounded off by a valuable appendix of operational sheets to inventory assets, documents, measures that can be taken...
A detail I like to emphasise is that except for a few terms now in current use and a solitary DMZ, the absence of pure computer language and even of the English type-prezzemolo, so favoured by so many authors in almost contempt of the beautiful equivalents in our language, shines through.
Una considerazione finale su alcuni spunti che oserei definire piccole perle – Giancarlo insiste tra le altre sulla necessità della formazione a tutti i livelli e sulle verifiche periodiche – due dei più importanti segreti per ottenere e mantenere un buon livello di sicurezza.
Giancarlo Butti
(LA BS7799), (LA ISO IEC 27001), CRISC, ISM
Master's degree in Business Management and Organisational Development at MIP-Politecnico di Milano.
He has been involved in ICT, organisation and regulation since the early 1980s in various roles: organisation analyst, security manager and auditor at banking groups.
Consultant in document, security, privacy... at companies of different sectors and sizes.
He has to his credit more than 600 articles in 20 different publications (for years he was a member of the Technical Committee of the magazine iged.it) and 17 books and white papers, some of which are used as university texts; he holds courses and seminars and is a lecturer at ITER and ABI Formazione on privacy, ICT audit and regulatory audit.
Among the document-related publications: Working with hypertexts '91, Guide to document management '97, Discourse on multimedia '98, Guide to workflow '99, Internet in the company '00, The IT protocol for public administration '03, IT protocol according to AIPA standards - Guide to solutions based on Microsoft technology '03, Portals for public administration '04, Intranet for public administration '04, Information at hand. Always. Everywhere '12.
He is a member and pro-bassador of AIEA (www.aiea.it) and a member of CLUSIT (www.clusit.it).
He participates in the working groups of ABI LAB on Business Continuity, of ISACA-AIEA on Privacy EU and is a member of the OMAT360 Expert Committee on Innovation.
