ASSURANCE-BASED SECURITY GOVERNANCE FOR ICT SYSTEMS
Abstract: Cybersecurity is one of the top emergencies in Europe. Every day most enterprises and organizations are under attack. According to SOCRadar, 61 % of Italian organizations experienced a ransomware attack between 2021 and 2022. This scenario requires, on one side, new security solutions protecting against misbehaviors/malicious attacks, and, on the other side, a novel Security Governance approach based on continuous assurance evaluation coping with assets’ changes and new threats. In this seminar, we present the state of the art of research in the area of security assurance and specifically security certifications of modern systems and a concrete example of assurance-based Security Governance applied to typical ICT infrastructure.
Speakers: Marco Anisetti and Nicola Bena.
Affiliation: Marco Anisetti is an Full Professor at the Università degli Studi di Milano, Italy. Nicola Bena is a Ph.D. student at the Università degli Studi di Milano.
Biographies: Marco Anisetti is an Full Professor at the Università degli Studi di Milano, Italy. He is the winner of the GIRPR award for the best Ph.D. thesis in 2010 and the winner of the Chester Sall Award from IEEE Consumer Electronics Society in 2009. His research interests are in the area of Computational Intelligence and its application to the design and evaluation of complex distributed systems and microservices. More in detail, he has been investigating innovative solutions for non-functional property assurance and certification in modern distributed systems. In this area, he defined a new scheme for continuous and incremental service security certification, based on distributed assurance evaluation architecture that percolated in his Moon Cloud spin-off.
He is currently investigating the application of Big Data technologies for i) the computation of security assurance metrics including behavioral-based analytics, ii) the design of security and privacy-aware applications, iii) computing trustworthiness and assurance metrics in Edge Cloud Continuum, and for AI models. He participated in more than 10 EU projects including FP7 ASSET4SOA and FP7 CUMULUS, H2020 EVOTION, H2020 CONCORDIA, H2020 IMPETUS, H2020 CounteR to name but a few. The results of research activities have been published in more than 140 papers in international conference/workshop proceedings, journals, and chapters in books. He is a co-inventor of the European Patent titled "Method, System, Network and Computer Program Product for Positioning in a Mobile Communications Network".
Website: https://anisetti.di.unimi.it/
Nicola Bena is a Ph.D. student at the Università degli Studi di Milano. His research interests are in the area of security of modern distributed systems with particular reference to certification, assurance, and risk management techniques. He has participated/is participating to several national and European projects, including H2020 Project CONCORDIA, one of the four European projects aimed to establish the European Cyber-security Competence Network.
Website: https://homes.di.unimi.it/bena.
Registration: Participation is free. However, registration is required on Eventbrite at the following links:
- to attend in person: "Assurance-based Security Governance for ICT systems",
- to attend remotely: "Assurance-based Security Governance for ICT systems".