Italian National Framework for Cybersecurity and Data Protection

Data breaches have been one of the most common source of concerns related to cybersecurity in the last few years for many organizations. The General Data Protection Regulation (GDPR) in Europe, strongly impacted this scenario, as organizations operating with EU citizens now have to comply with strict data protection rules. In this paper we present the Italian National Framework for Cybersecurity and Data Protection, a framework derived from the NIST Cybersecurity Framework, that includes elements and tools to appropriately take into account data protection aspects in a way that is coherent and integrated with cybersecurity aspects. The goal of the proposed Framework is to provide organizations of different sizes and nature with a flexible and unified tool for the implementation of comprehensive cybersecurity and data protection programs

Italian Crisis Management in 2020

Approaches to risk analysis, crisis management and resilience enhancement for Critical Infrastructure (CI) Protection will be considered starting from a case study related to the management of the pandemic in Italy. Business continuity and crisis management models for CI are analyzed aiming to deal with complexity and reduce uncertainty relating pandemic and long-time crisis. Furthermore, is presented a methodology highlighting the functioning of the Italian Civil Protection and its systemic nature: a complex apparatus made up of different elements and organizations, which derives from the functioning of different organizational systems in interaction with each other. As a baseline for the coordination management the Augustus Method is considered for its strategical, tactical and operational aspects. One of the main outputs of the research consists in creating a “what if” forecasting model, configured as a visualization of the propagation of negative effects on the supply chain and manpower over time

Current Developments of Analytical Methodologies for Aflatoxins' Determination in Food during the Last Decade (2013-2022), with a Particular Focus on Nuts and Nut Products.

peer reviewedThis review aims to provide a clear overview of the most important analytical development in aflatoxins analysis during the last decade (2013-2022) with a particular focus on nuts and nuts-related products. Aflatoxins (AFs), a group of mycotoxins produced mainly by certain strains of the genus Aspergillus fungi, are known to impose a serious threat to human health. Indeed, AFs are considered carcinogenic to humans, group 1, by the International Agency for Research on Cancer (IARC). Since these toxins can be found in different food commodities, food control organizations worldwide impose maximum levels of AFs for commodities affected by this threat. Thus, they represent a cumbersome issue in terms of quality control, analytical result reliability, and economical losses. It is, therefore, mandatory for food industries to perform analysis on potentially contaminated commodities before the trade. A full perspective of the whole analytical workflow, considering each crucial step during AFs investigation, namely sampling, sample preparation, separation, and detection, will be presented to the reader, focusing on the main challenges related to the topic. A discussion will be primarily held regarding sample preparation methodologies such as partitioning, solid phase extraction (SPE), and immunoaffinity (IA) related methods. This will be followed by an overview of the leading analytical techniques for the detection of aflatoxins, in particular liquid chromatography (LC) coupled to a fluorescence detector (FLD) and/or mass spectrometry (MS). Moreover, the focus on the analytical procedure will not be specific only to traditional methodologies, such as LC, but also to new direct approaches based on imaging and the ability to detect AFs, reducing the need for sample preparation and separative techniques

Il Futuro della Cybersecurity in Italia: Ambiti Progettuali Strategici

Il presente volume nasce come continuazione del precedente, con l’obiettivo di delineare un insieme di ambiti progettuali e di azioni che la comunità nazionale della ricerca ritiene essenziali a complemento e a supporto di quelli previsti nel DPCM Gentiloni in materia di sicurezza cibernetica, pubblicato nel febbraio del 2017. La lettura non richiede particolari conoscenze tecniche; il testo è fruibile da chiunque utilizzi strumenti informatici o navighi in rete. Nel volume vengono considerati molteplici aspetti della cybersecurity, che vanno dalla definizione di infrastrutture e centri necessari a organizzare la difesa alle azioni e alle tecnologie da sviluppare per essere protetti al meglio, dall’individuazione delle principali tecnologie da difendere alla proposta di un insieme di azioni orizzontali per la formazione, la sensibilizzazione e la gestione dei rischi. Gli ambiti progettuali e le azioni, che noi speriamo possano svilupparsi nei prossimi anni in Italia, sono poi accompagnate da una serie di raccomandazioni agli organi preposti per affrontare al meglio, e da Paese consapevole, la sfida della trasformazione digitale. Le raccomandazioni non intendono essere esaustive, ma vanno a toccare dei punti che riteniamo essenziali per una corretta implementazione di una politica di sicurezza cibernetica a livello nazionale. Politica che, per sua natura, dovrà necessariamente essere dinamica e in continua evoluzione in base ai cambiamenti tecnologici, normativi, sociali e geopolitici. All’interno del volume, sono riportati dei riquadri con sfondo violetto o grigio; i primi sono usati nel capitolo introduttivo e nelle conclusioni per mettere in evidenza alcuni concetti ritenuti importanti, i secondi sono usati negli altri capitoli per spiegare il significato di alcuni termini tecnici comunemente utilizzati dagli addetti ai lavori. In conclusione, ringraziamo tutti i colleghi che hanno contribuito a questo volume: un gruppo di oltre 120 ricercatori, provenienti da circa 40 tra Enti di Ricerca e Università, unico per numerosità ed eccellenza, che rappresenta il meglio della ricerca in Italia nel settore della cybersecurity. Un grazie speciale va a Gabriella Caramagno e ad Angela Miola che hanno contribuito a tutte le fasi di produzione del libro. Tra i ringraziamenti ci fa piacere aggiungere il supporto ottenuto dai partecipanti al progetto FILIERASICURA

The European Perspective of Telecommunications as a Critical Infrastructure

Part 1: THEMES AND ISSUESInternational audienceThis paper attempts to analyze the degree to which the telecommunications sector is regarded as a critical infrastructure at the European level. Taking into account a new categorization of telecommunications applications and infrastructure perspectives, a new matrix-based classification method is proposed to clarify the protection approaches of policy makers and telecommunications asset owners and operators. The so-called “criticality matrix” approach applied to the Italian environment demonstrates the different perspectives held by policy makers and telecommunications asset owners and operators, and shows how all the stakeholders may engage a common base to define efficient and effective strategies that can enhance the security and resilience of critical infrastructure assets

Improving Collection Process for Social Media Intelligence: A Case Study

Social Media Intelligence (SOCMINT) is a specific section of Open Source Intelligence. Open Source Intelligence (OSINT) consists in the collection and analysis of information that is gathered from public, or open sources. Social Media Intelligence allows to collect data gathering from Social Media web sites (such as Facebook, Twitter, YouTube etc…). Both OSINT and SOCMINT are based on the Intelligence Cycle. This Paper aims to illustrate advantages gained by applying text mining to collection phase of the intelligence cycle, in order to perform threat analysis. The first step for detecting information related to a specific target is to define a consistent set of keywords. Web sources are various and characterized by different writing styles. Repeating this process manually for each source could be very inefficient and time consuming. Text mining specific software have been used in order to automatize the process and to reach more reliable results. A partially automatized procedure has been developed in order to gather information on specific topic using the Social Media Twitter. The procedure consists in searching manually a set of few keywords to be used for a specific threat analysis. Then TwitteR of R Statistics was used to gather tweets that were collected in a corpus and processed with T-Lab software in order to identify a new list of keywords according to their occurrence and association. Finally, an analysis of advantages and drawbacks of the developed method

Development and validation of a GC × GC-ToFMS method for the quantification of pesticides in environmental waters

: Water is a fundamental resource for living things, which is why its control is necessary. The widespread use of pesticides for agricultural and non-agricultural purposes has resulted in the presence of their residues in surface water and groundwater resources. Their presence in water is regulated through different directives, such as the Groundwater Directive, the Drinking Water Directive, and the Water Framework Directive, modified later several times, setting a maximum concentration of 0.1 µg.L-1 for individual pesticides and their degradation products, and 0.5 µg.L-1 for total pesticide residues present in a sample. There are different kinds of pesticides (e.g., organophosphorus and organochlorine pesticides, triazines, chloroacetamides, triazoles, (thio)carbamates) that have diverse chemical structures. Their determination and monitoring in a single analytical procedure are possible through multiresidue methods. In this study, 53 pesticides belonging to different chemical classes and their metabolites were selected based on their local occurrence and investigated in surface water and groundwater from agricultural areas susceptible to pesticide contamination. The methodology consisted of a classical solid-phase extraction (SPE) for the purification and enrichment of the pesticides, with a subsequent analysis in multidimensional gas chromatography coupled to mass spectrometry (GC×GC-MS). The quantification method was validated according to the Eurachem Guide in terms of linearity, precision, accuracy, limit of detection, and limit of quantification. After validation, the method was applied to 34 real-world water samples, and the results were compared with those obtained by a GC-QMS routine method