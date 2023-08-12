Contribute to investments for the strengthening of national technical capabilities on the prevention and resolution of cyber incidents, activating IT emergency response teams for the management of attacks. This is the goal of thenotice of 28 million euros for the strengthening of regional Csirts published by the National Cybersecurity Agency in his capacity as the implementing body of investment 1.5 of the National Recovery and Resilience Plan.

The notice, through a counter procedure – explains the Agency – is intended to finance, in chronological order of presentation up to the amount of available resources, the projects to activate or strengthen the Computer security incident response teams (Csirt) in the Regions, as established by the guidelines for the creation of a Csirt. Once admitted to funding, it will be necessary to stipulate collaboration agreements with the Agency to share and collaborate on the exchange of information, procedures and guidelines, as well as for access to services and tools offered by the Agency.

Who can participate

The Regions and the Autonomous Provinces of Trento and Bolzano may participate in the call: each subject may submit a project for the creation or strengthening of a Regional Csirt that operates on its own information systems. Participation is conditional on possession of the required skills, resources and professional qualifications, and on the adoption of measures to ensure compliance with the principle of sound financial management and on the creation of the Cup in the case of projects to be started from scratch.

How to participate

Interested parties – explains the Agency – will have to present the Application for participation, accompanied by all the required attachments, by sending the request via Certified Electronic Mail to the address pnrr@pec.acn.gov.it.

The guidelines

To enhance cyber incident prevention and management capabilities, theNational Cybersecurity Agencyunder which the Csirt Italydefined a document by Guidelines for the creation of IT emergency response teams (DOWNLOAD THE FULL DOCUMENT HERE) dedicated to the detection, analysis and response of information security incidents, as well as prevention and mitigation activities cyber risk.

In a special document also all the indications on the professional figures necessary for the realization. (DOWNLOAD HERE THE DOCUMENT)

The Guidelines, prepared in line with the main standards, best practices and frameworks consolidated at national and international level, such as “Csirt And Soc Guideline” Of Enis“Csirt Service Framework” of the First e “Sim3 Model” Of Open Csirt Foundationconstitute an operational tool in support especially of public administrations who intend to define their own service model to activate or enhance a seedling i.e. a computer emergency response team.

Consolidated processes to meet safety targets

Within a Chirtthe achievement of operational objectives, as well as compliance with its mandate, requires the definition, execution and monitoring of established processes. In order to guarantee the correct management of activities and objectives, it is necessary that the processes are formally written, approved by the management team and subsequently monitored to evaluate their performance and to be able to define and implement concrete improvement plans.

These i main processes, at a high level, to support the operations of the Csirt: communication between Csirt and third parties; preparation, management and monitoring of security events; incident identification, management and resolution; analyses of the artifacts; responsible research and dissemination of vulnerability not known; identification and management of vulnerability of the Constituency; acquisition, aggregation and processing of information; specialist support in order to perform careful ratings of risk; management of meetings; periodic execution of activities of audit; information management and monitoring sources for reactive/proactive identification of potential threats; formal engagement of legal team for the management of any formal requests received from the organization; formalization of the activities of escalation in order to effectively carry out the activities of handling a security incident; mode management communication, to and from the Csirt, during activities performed outside base hours; communication with press and media; management of crisis; engagement of the Csirt by the Constituency through both internal and external channels; formalization of the methods of interaction between the Csirt and potential external parties at the same; provision of activities training, awareness and exercises.

Correctly implementing a Csirt: the right approach

A Csirt is a governing and operational structure within an organization which aims, as its main objective, raising the level of cyber resilience of an organization. As such, it requires an adequate life cycle, which allows for adequate implementation and continuous improvement. This life cycle – mainly representative of the implementation and improvement phases – includes various phases.

Assessment of preparation

During this phase the needs and reasons for implementing a Csirt are assessed. For example, it will be necessary to proceed with the definition of a preliminary mandate, a governance structure, the choice of stakeholders with whom to interface in addition to the Constituency and the identification of the budget necessary for its implementation and maintenance.

Drawing

In this phase all the aspects are defined which will then have to be implemented in order to fulfill the mandate defined for the Csirt, in terms of services, personnel, processes and technologies.

Iimplementation

In this phase, everything identified in the design phase is developed and implemented, including all organizational aspects as well as services and technologies.

Foperation

In this phase, the Csirt is operational after the implementation of all the aspects identified in the Design phase and then implemented in the Implementation phase.

Mimprovement

During this phase, a Csirt evaluates its technologies, services and processes in order to identify weaknesses and improvement points that it must take into consideration so that they can be implemented and/or improved through continuous improvement activities.

