Skip to main content
Mobile
  • Finance, Accounting & Economics
  • Global Business Management
  • Management, Leadership & Organisation
  • Marketing & Sales
  • Strategy
  • Technology & Operations
HS Talks HS Talks
Subjects  
Search
  • Notifications
    Notifications

    No current notifications.

  • User
    Welcome Guest
    You have Limited Access The Business & Management Collection
    Login
    Get Assistance
    Login
    Forgot your password?
    Login via your organisation
    Login via Organisation
    Get Assistance
Finance, Accounting & Economics
Global Business Management
Management, Leadership & Organisation
Marketing & Sales
Strategy
Technology & Operations
Practice paper

Security certification for critical information infrastructures: The Italian certification body approach

Luisa Franchina, Laura Gratta and Marco Carbonelli
Journal of Business Continuity & Emergency Planning, 1 (3), 302-311 (2007)
https://doi.org/10.69554/MNVM6190

Abstract

Critical national infrastructures (CNIs) — defined as any public or private infrastructure whose operation is essential for a country’s security and functioning, including such fundamental sectors as healthcare, economy, energy, transport, communication systems, law enforcement, defence and, in general, public administration — can be affected by a variety of events that can jeopardise their efficiency both directly and indirectly. CNIs increasingly rely on critical information infrastructures (CIIs), such as telecommunications. These networks must guarantee operational viability when critical events occur, as well as under normal working conditions. In some circumstances, critical events can affect not only the CNIs, but also their telecommunication infrastructures. Such failures are not necessarily caused by external events. To guarantee their correct and continuous operation, security aspects of CIIs must therefore be the focus of particular care. Guarantees on the effectiveness and correctness of the security measures deployed in the CII can be obtained through certification. This paper analyses the role of system/product security certification in this context. In particular, the paper describes the certification approach recommended by the Italian national certification body (Organismo di Certificazione della Sicurezza Informatica) to achieve the maximum benefit from the process, in terms of both efficiency and security.

Keywords: ICT security; system/product certification; ISO IEC15408; critical infrastructure protection

The full article is available to subscribers to the journal.

Already a subscriber? Login or review other options.

Author's Biography

Luisa Franchina obtained her ‘Laurea’ degree in electronics engineering in 1992 at the University of Rome, ‘La Sapienza’. In the period 1994– 1996 she attended the National School for PhD Students and in 1996 she was awarded a PhD in electronics engineering from the University of Rome, ‘La Sapienza’. Since 1993 she has worked as a consultant for several companies and Institutions. In the period 2003–2006 she worked at the Italian Ministry of Communications, where she was entrusted with various tasks: General Director For Regulations and Quality of Service, responsible for the startup of a new General Direction for purchase, security and computing; Italian representative on the ENISA (European Network and Information Security Agency) boards of directors; member of the Italian High Council of Communications, responsible to the Ministry of Communications SIA (Sistema informativo automatizzato); and General Director of the dell’Istituto Superiore delle Comunicazioni e della Tecnolgia dell’Informazione, (ISCOM). Luisa is currently the General Director of the Operative Group NBCR within the Italian Civil Protection Department.

Laura Gratta obtained her ‘Laurea’ degree in electronics engineering in 1989 at the University of Rome, ‘La Sapienza’. She worked as a researcher at Fondazione Ugo Bordoni from1990 to 2006, carrying out research activities on communication networks and ICT security. Since March 2006 she has been with the Italian Ministry of Communications, where she works on various aspects of ICT security. Laura is head of the ‘Certication Processes’ section of OCSI, the Italian National Certification Body for security for ICT Security for non-classified products and systems; she is also security evaluator for ISCOM CEVA, within the Italian National Security Authority certification scheme.

Marco Carbonelli achieved his ‘Laurea’ degree in telecommunications engineering in 1987. He is the author of more than 100 papers on TLC and ICT topics. Up to 2000 he worked in the research field of digital transmission, PHD-SDH-ATM equipment and TLC network synchronisation. Since 2001 he has been involved in information protection and security certification activities for the Fondazione Ugo Bordoni and Italian Ministry of Communications. In 2003 he was editor of the Guidelines for the implementation of the Italian Certification Scheme for the application of Common Criteria and ITSEC standards for non-classified ICT systems and products. In 2004–2005 he was head of the Security Certification Division of OCSI (Italian Security Certication Body). Since March 2006 he has been with the Italian Ministry of Communications, where he is head of the OSCI Precertification and Accreditation Division.

Citation

Franchina, Luisa, Gratta, Laura and Carbonelli, Marco (2007, May 1). Security certification for critical information infrastructures: The Italian certification body approach. In the Journal of Business Continuity & Emergency Planning, Volume 1, Issue 3. https://doi.org/10.69554/MNVM6190.

Options

  • Download PDF
  • Share this page
    Share This Article
    Messaging
    • Outlook
    • Gmail
    • Yahoo!
    • WhatsApp
    Social
    • Facebook
    • X
    • LinkedIn
    • VKontakte
    Permalink
cover image, Journal of Business Continuity & Emergency Planning
Journal of Business Continuity & Emergency Planning
Volume 1 / Issue 3
© Henry Stewart
Publications LLP

The Business & Management Collection

  • ISSN: 2059-7177
  • Contact Us
  • Request Free Trial
  • Recommend to Your Librarian
  • Subscription Information
  • Match Content
  • Share This Collection
  • Embed Options
  • View Quick Start Guide
  • Accessibility

Categories

  • Finance, Accounting & Economics
  • Global Business Management
  • Management, Leadership & Organisation
  • Marketing & Sales
  • Strategy
  • Technology & Operations

Librarian Information

  • General Information
  • MARC Records
  • Discovery Services
  • Onsite & Offsite Access
  • Federated (Shibboleth) Access
  • Usage Statistics
  • Promotional Materials
  • Testimonials

About Us

  • About HSTalks
  • Editors
  • Contact Information
  • About the Journals

HSTalks Home

Follow Us On:

HS Talks
  • Site Requirements
  • Copyright & Permissions
  • Terms
  • Privacy
  • Sitemap
© Copyright Henry Stewart Talks Ltd

Personal Account Required

To use this function, you need to be signed in with a personal account.

If you already have a personal account, please login here.

Otherwise you may sign up now for a personal account.

HS Talks

Cookies and Privacy

We use cookies, and similar tools, to improve the way this site functions, to track browsing patterns and enable marketing. For more information read our cookie policy and privacy policy.

Cookie Settings

How Cookies Are Used

Cookies are of the following types:

  • Essential to make the site function.
  • Used to analyse and improve visitor experience.

For more information see our Cookie Policy.

Some types of cookies can be disabled by you but doing so may adversely affect functionality. Please see below:

(always on)

If you block these cookies or set alerts in your browser parts of the website will not work.

Cookies that provide enhanced functionality and personalisation. If not allowed functionality may be impaired.

Cookies that count and track visits and on website activity enabling us to organise the website to optimise the experience of users. They may be blocked without immediate adverse effect.