Based on best practices and international industry standards, Banca d'Italia has developed a framework for ensuring its cyber resilience. This framework comprises five primary functions and three transversal components, described here.
Primary functions
- Governance: determination of the fundamental principles and structure of the roles and responsibilities of the cyber resilience system, to define, achieve and maintain an appropriate level of cyber resilience, consistent with the criticality of the services provided;
- Identification: understanding of the business environment, of the assets that support critical business processes, and the related risks;
- Protection: implementation of measures to protect business processes and corporate assets;
- Detection: definition and implementation of the appropriate activities to identify cyber incidents in a timely manner;
- Response&Recovery: definition and implementation of the activities to be implemented following the detection of an incident, with the aim of ensuring the resilience of processes, systems and infrastructures.
Transversal components
- Testing: verification of the overall effectiveness of defence measures, through periodic simulations of incidents or cyberattacks;
- Situational Awareness: ability to adequately understand developments in the cyber threat scenario in relation to the characteristics of the organization to be protected;
- Learning and Evolving: continuous improvement of the cyber resilience posture using available cyber threat information and lessons learned from conducting defensive activities.
