We provide Advisory and consulting in IT security and we realize innovative and advanced IT services, systems and applications using the latest and more advanced technologies. In particular:

Advisory and Consulting in IT Security

We provide Advisory to the top management on business strategies in relation to:

  • IT security and its impact on business
  • the role of the company's IT within the business processes
  • the IT processes internal and external to the company
  • the IT technological developments that influence the business strategies and choices
  • the management of business risks tied to IT and of the proper IT risks.

 
We provide management consulting on all aspects of security and governance of complex and business critical IT systems, and on the management of IT security risks.

 
We provide operational consulting on the governance and management of IT projects and processes with particular care to the security aspects.

From Concept to Daily Management

Conceive, design, develop, implement and manage an ICT service, system, application or network means first of all to be able to manage a project of Information Communication Technology (ICT). Today, in addition to specific technical skills for project management and for the realization of the technological components, it is absolutely needed to manage all aspects of security in all phases of the project.

We are in particular specialized in the implementation of high-performance, low latency systems using distributed computing (also low cost computer networks) to ensure high reliability and high availability.

We apply this expertise to the implementation of security systems in environments which require more advanced technologies and have greater security risks like online financial transactions and telecommunications operators.

We can fully manage innovative and advanced ICT projects from concept to the implementation and the daily management.

few examples of ICT projects that we have managed:

Online anti-fraud systems for banks and financial institutes
Online fraud perpetrated through Web services, has become a major ICT security concern, and the banking and financial sectors are the most vulnerable to this threat. Combining our experience in ICT security, networking, Web applications, and the direct experience of recent years in this field, we are able to design, implement and manage systems to effectively combat attempted online frauds via Web applications, especially for the banking and financial sectors.
 
SIEM and Log Management systems
In the last years projects of systems, infrastructures and applications log management, and projects of Security Information and Event Management (SIEM) have acquired a great importance for the management and for the security of IT systems. Thanks to our experience built in this field from small to very large projects, we can design, implement and manage even the most complex log management systems.
 
Security Management and Governance Projects
Many companies do not need to have a full-time Security Officer, but they still need the guidance and management of an experienced S.O. to design, implement and verify the overall security of their IT systems. In these cases it is certainly more convenient to rely on outside experts who can follow daily the company IT than to add this important task as an extra duty to a non specialist manager.
We can follow all aspects of the Security Management: from the design of business processes, to managing complex projects, compliance, audit and staff training.
 
ICT Project Management
We manage the design, management, implementation and verification of complex and business critical ICT projects, in particular those that require a higher level of security.  

Security is a fundamental aspect of any IT service, and in particular of Internet services. It 's impossible to guarantee the absolute security of an IT system.

Computer security is not only to protect themselves from theft or infringements, but also from failures, accidents, interruptions of service and the like. Security means having a computer system, for small that it is, designed in such a way that in case of any kind of failurei, accidental or due to an attack, it is able to return to normal functioninig within a definite time and it ensures that your critical data are not lost. The backup and data backup are then a fundamental part of ICT security.

A suitable ICT security system must be personalized: only you know what you need to protect and up to what extent. A suitable ICT security system reduces the frequency of adverse events and avoids nasty surprises.

Security is a process which involves at least two components:

  • policies, standards and procedures for the users of ICT systems;
  • the applications and the technical infrastructure that supports them, must be designed and developed from the outset with the necessary security measures to protect your data.

Today, with the de-localization of information, the "Cloud" and mobility of users, it is imperative to shift the focus from network protection, which is still anyway needed to protect the infrastructure itself, to the direct protection of data and information wherever they are.

Our highly advanced technical skills in ICT Security allow us to realize:

Advanced Applications for ICT Systems Security
From conception to implementation and daily management of applications for the security of ICT systems, for example we have implemented:
  • Anti-fraud systems for online banking applications;
  • High performance applications for monitoring the ICT systems of the largest Italian telephone and telecommunications companies.
Design of Secure ICT Systems
Design of ICT systems, networks and applications in which the Security component has the correct role from the outset to avoid the common mistake to add in retrospect security as an extra component.
 
Management of ICT Security Projects
The implementation of an ICT project, both dedicated to security and purely applicative, requires to properly manage at every stage all security aspects. Our experience in developing ICT projects and in particular ICT Security projects, allows us to participate to your ICT projects ensuring that security is not forgotten but has the role that is necessary for your needs and for the protection of your data.
 
Dependability, Vulnerability and Survivability
Advanced studies of Dependability, Vulnerability and Survivability of ICT systems for Corporate, Multinational, large and medium companies. Design and implementation of projects to reduce ICT risks. Participation in the process of international certifications such as ISO 27001, PCI-DSS, etc..  

The audit and control of the appropriate design, implementation and management of ICT systems is fundamental to guarantee security, availability and correctness. Audit and controls are also required to satisfy compliance to legislation but also standards and certifications like ISO-27001 or PCI-DSS.

Our experience and the acquired skills and competences, allow us to realize:

Audit and Compliance Projects
Audit of ICT systems and of outsourcing contracts, SLA verification according to internationally recognized standards (eg. ISACA); compliance with respect to national and international legislation, standards and certifications.
 
ICT Systems Audit
Audit, vulnerability assessment, penetration testing, compliance etc. of ICT systems, networks and applications following the best international methodologies like OSSTMM, OWASP, COBIT, ISO-27001 etc.  

We offer our extensive experience, our excellent technical skills and our proven teaching skills because we believe that knowledge in the field of ICT is not something to be kept secret but that should be common knowledge, given that ICT is a conquest of all of us.

We specialize in creating customized training courses and events in order to meet your needs and maximize your time.
In the DOCS section are freely available documents we have produced and that can be of your interest.
The main subjects on which we have provided training are:

ICT Security
Training and advanced courses for technicians, IP network administrators, programmers and ICT project managers on information security, network security, writing especially web and online applications' code and and operating systems.
 
Cryptography
Training in Cryptography for networking and to build secure applications.
 
Audit and Compliance
Training for the implementation of audit, compliance, vulnerability assessment, penetration testing according to the most successful international methodologies like OSSTMM, OWASP, COBIT, ISO-27001, etc..
 
Networking and Operating Systems
Advanced courses on Unix and Linux Operating Systems and on TCP/IP networking: routing, DNS etc.