GCSEC has supported a relevant Italian multiservice company defining a training plan dedicated to internal recourses involved organizational and operational management activities of IT and information security.
Main project objective has been defining, after a preliminary analysis of training needs, a structured training and creating a model replicable in other organization. This first experience has represented a pilot fro modelling.
Standardization institutes provided mostly training courses. In fact, courses are mainly related to knowledge and implementing of the following international standards for security management in complex environment:
– ISO/IEC 27001 – Information Security Management SystemCSA STAR
– Cloud securityISO/IEC 31000
– Risk ManagementISO/IEC 22301
– Business continuityPersonal data protection
This project has used to develop a model of analysis and planning of training for large structured and complex companies with different departments and offices dedicated to different aspects of information security management.
Furthermore, the project raised the level of skill and expertise in the field of cyber security in one of the most important Italian multiservice companies.