In recent years, the development of information tools and progressive digitilisation of companies has increased the risk of cyber attacks:
to deal with an increasingly complex scenario, we have for some time now, adopted an “Information Security Governance” model.
Using this model, we can take into consideration all the risk factors that our complex ICT eco-system is exposed to, and deal timeously with potential impacts.
Our cyber security allows us to identify and promptly contain security incidents, thus minimising for
example, the loss of data and facilitating the restoration of the services involved.
Creation of a Cyber Security Operations & Data Protection hub
We extended our organisation involving cyber security issues, by creating a:
Strengthening the Information Security Framework
Computer Emergency Readiness Team (CERT) focusing on Cyber Security Monitoring & Respond processes, Info Sharing and Threat Intelligence
Cyber security Engineering Centre directed at adopting Cyber Defence measures and supporting Security by Design activities.
We have 70 ICT system security plans in place, with the scope of integrating the Enterprise Risk Management platform; we are working on covering the entire ICT perimeter.
Identity and Access Management (IAM)
We have consolidated the Identity & Access Management (IAM) process that manages enabling access to critical data resources with the implementation
of first monitoring use cases (Identity Governance) to extend visibility (and governance) and to include applications that currently do not use centralised authentication mechanisms.
Monitoring capability and Cyber defence
During the year, the extension and upgrading of monitoring services continued for the security of systems and network of platforms integrated in Security Information
and Event Management (SIEM), based on technological solutions, such as Machine Learning and Artificial Intelligence.
Adoption of the IEC 62351 standard for the Control System and Remote Conduction
A project was introduced in 2017, which will result in the adoption of IEC standard 62351, with secure protocols
in authentication processes and encoding of communications within the industrial automation systems.