Information Security

Driven by the clear commitment made in the Strategic Guidelines on Information Security issued by management at the end of the previous year, in 2009 a wide-ranging three-year programme was rolled out to "improve information and corporate system security", and to ensure rapid, ongoing compliance with applicable regulatory framework obligations and requirements.

At the start of the year, second-level regulatory requirements of the Information Security Policy were published, along with a series of specific policies designed to orient processes (and supporting technologies) towards an increasingly securityled approach. The programme consists of a number of technical and organisational actions designed to foster security framework adoption in new high-tech projects right from their inception, while at the same time conducting checks on the current policy compliance levels of select operational information services and systems.
The piloted introduction of advanced risk analysis and management tools and methods at ICT offices responsible for technology is the beginning of the systemic promotion and advancement of a security-led culture, awareness and sensibility.

Initial Information Security Assessments were carried out on major ICT systems and infrastructure to verify and check the security of systems currently in operation. The Assessment’s multiple objectives were: to measure levels of potential risk, check compliance with the Terna Information Security model, and where necessary adopt any action plans (compliance plans) necessary to eliminate detected vulnerabilities.