Legal & Compliance

In the current technological scenario, the implementation of a corporate organizational model for Cybersecurity in compliance with the regulatory provisions on IT security is of fundamental importance, not only for an appropriate definition of the processes impacting the external and internal factors of the organization, but also to make possible to implement and formalize adequate technical and organizational measures, aimed at mitigating the risk factors affecting all company assets.

The measurement of policies compliance and the application of security controls can therefore guarantee continuous internal and external compliance in line with Directive 1148/2016 (NIS), EU Regulation 679/2016 (GDPR) and Legislative Decree 105/2019 on the National Cyber Security Perimeter that allow the adoption of a multidisciplinary vision of IT security to be conveyed.

Abissi's proposal is based on a risk-based approach where the technical and organizational security measures must be defined based on a risk analysis accompanied by a criterion of gradual adoption for the timely identification of roles and responsibilities internal to the company, which significantly contribute to increasing security levels.

The appropriate integration of Cybersecurity by design principle into business processes also allows for more competitive governance projected towards future challenges in the context of global business and security.