Regulations such as the General Data Protection Regulation (GDPR), the NIS2 directive, and ISO 27001 standards, along with the increasing sophistication of cyber threats, require structured approaches to information security. However, many small and medium-sized businesses and growing organizations do not have an internal Chief Information Security Officer (CISO), which makes it difficult for them to manage security activities in a consistent and effective way. At the same time, professionals who are responsible for cybersecurity across multiple organizations often face challenges in coordinating efforts, while also ensuring continuity and regulatory compliance. This project aims to develop a Software-as-a-Service (SaaS) platform that supports or replaces the role of the CISO. The main features of the platform include personalized dashboards for monitoring security posture and centralized management of the security roadmap. It provides automated regulatory assessments based on recognized frameworks, which are intelligently pre-filled using data already collected from other modules within the platform reducing both time requirements and the risk of errors. The solution also includes tools for managing risks in the supply chain, a collaborative ticketing system, and a dedicated section for document management and analysis. In addition, it integrates cybersecurity tools to automate monitoring and analysis, and allows for detailed categorization of business assets for more precise security management.
Le normative come il GDPR, la direttiva NIS2 e gli standard ISO 27001, insieme alla crescente sofisticazione delle minacce informatiche, richiedono approcci strutturati alla sicurezza delle informazioni. Tuttavia, molte PMI e realtà in crescita non dispongono di un Chief Information Security Officer (CISO) interno, trovandosi così in difficoltà nel gestire in modo coerente ed efficace le attività di sicurezza. Parallelamente, chi si occupa di sicurezza per più organizzazioni spesso incontra ostacoli nel coordinare le iniziative, garantendo continuità e conformità. Il progetto mira a sviluppare una piattaforma SaaS che supporti o sostituisca il ruolo del CISO. Le funzionalità principali della piattaforma includono dashboard personalizzate per il monitoraggio della postura di sicurezza e una gestione centralizzata della roadmap. Sono presenti assessment normativi automatizzati, basati su framework riconosciuti, che vengono precompilati in modo intelligente utilizzando i dati già raccolti dagli altri moduli della piattaforma, riducendo così tempi e margini di errore. La soluzione include anche strumenti per il controllo dei rischi nella supply chain, un sistema di ticketing collaborativo e una sezione dedicata alla gestione e all’analisi dei documenti caricati. Inoltre, integra tool di cybersecurity per automatizzare il monitoraggio e l’analisi, e consente una categorizzazione dettagliata degli asset aziendali per una gestione più precisa della sicurezza.
Sviluppo di una piattaforma web per la gestione della cybersecurity aziendale
PERUZZI, UNCAS
2024/2025
Abstract
Regulations such as the General Data Protection Regulation (GDPR), the NIS2 directive, and ISO 27001 standards, along with the increasing sophistication of cyber threats, require structured approaches to information security. However, many small and medium-sized businesses and growing organizations do not have an internal Chief Information Security Officer (CISO), which makes it difficult for them to manage security activities in a consistent and effective way. At the same time, professionals who are responsible for cybersecurity across multiple organizations often face challenges in coordinating efforts, while also ensuring continuity and regulatory compliance. This project aims to develop a Software-as-a-Service (SaaS) platform that supports or replaces the role of the CISO. The main features of the platform include personalized dashboards for monitoring security posture and centralized management of the security roadmap. It provides automated regulatory assessments based on recognized frameworks, which are intelligently pre-filled using data already collected from other modules within the platform reducing both time requirements and the risk of errors. The solution also includes tools for managing risks in the supply chain, a collaborative ticketing system, and a dedicated section for document management and analysis. In addition, it integrates cybersecurity tools to automate monitoring and analysis, and allows for detailed categorization of business assets for more precise security management.| File | Dimensione | Formato | |
|---|---|---|---|
|
Peruzzi_Uncas.pdf
Accesso riservato
Dimensione
8.21 MB
Formato
Adobe PDF
|
8.21 MB | Adobe PDF |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/93195