Security certification for critical information infrastructures: The Italian certification body approach

Author's Biography

Luisa Franchina obtained her ‘Laurea’ degree in electronics engineering in 1992 at the University of Rome, ‘La Sapienza’. In the period 1994– 1996 she attended the National School for PhD Students and in 1996 she was awarded a PhD in electronics engineering from the University of Rome, ‘La Sapienza’. Since 1993 she has worked as a consultant for several companies and Institutions. In the period 2003–2006 she worked at the Italian Ministry of Communications, where she was entrusted with various tasks: General Director For Regulations and Quality of Service, responsible for the startup of a new General Direction for purchase, security and computing; Italian representative on the ENISA (European Network and Information Security Agency) boards of directors; member of the Italian High Council of Communications, responsible to the Ministry of Communications SIA (Sistema informativo automatizzato); and General Director of the dell’Istituto Superiore delle Comunicazioni e della Tecnolgia dell’Informazione, (ISCOM). Luisa is currently the General Director of the Operative Group NBCR within the Italian Civil Protection Department.

Laura Gratta obtained her ‘Laurea’ degree in electronics engineering in 1989 at the University of Rome, ‘La Sapienza’. She worked as a researcher at Fondazione Ugo Bordoni from1990 to 2006, carrying out research activities on communication networks and ICT security. Since March 2006 she has been with the Italian Ministry of Communications, where she works on various aspects of ICT security. Laura is head of the ‘Certication Processes’ section of OCSI, the Italian National Certification Body for security for ICT Security for non-classified products and systems; she is also security evaluator for ISCOM CEVA, within the Italian National Security Authority certification scheme.

Marco Carbonelli achieved his ‘Laurea’ degree in telecommunications engineering in 1987. He is the author of more than 100 papers on TLC and ICT topics. Up to 2000 he worked in the research field of digital transmission, PHD-SDH-ATM equipment and TLC network synchronisation. Since 2001 he has been involved in information protection and security certification activities for the Fondazione Ugo Bordoni and Italian Ministry of Communications. In 2003 he was editor of the Guidelines for the implementation of the Italian Certification Scheme for the application of Common Criteria and ITSEC standards for non-classified ICT systems and products. In 2004–2005 he was head of the Security Certification Division of OCSI (Italian Security Certication Body). Since March 2006 he has been with the Italian Ministry of Communications, where he is head of the OSCI Precertification and Accreditation Division.