The FS Group considers the protection and safeguarding of its information assets a priority and a strategic component for the achievement of its business objectives. For this reason, it undertakes to constantly monitor and protect the Group’s systems and infrastructure by carrying out cyber security activities aimed at guaranteeing the continuity of its services, as well as the confidentiality, integrity and availability of its own and customer information, along with that of its stakeholders and partners of reference.

The FS Group’s Computer Emergency Response Team (CERT) – or FS-CERT – is comprised of a team of security experts with vertical and specialised skills, being essential to ensuring the proper conducting of cyber security services aimed at protecting the Group’s information capital and assets from increasingly-advanced cyber threats.

Indeed, FS-CERT is responsible for identifying, analysing and sharing information on the main cyber threats to which the Group is exposed and for effectively and efficiently responding to any security incidents occurring within its IT and OT perimeter in order to eradicate the threat and restore any impacted systems.

Furthermore, FS-CERT is the national and international centre of competence for the FS Group in the field of cyber security, which maintains relations with the institutional CERTs/CSIRTs and national critical infrastructures for the exchange of information and the search for new techniques aimed at countering cyber-attacks.

The services that the FS-CERT provides to its Constituency are described below:

• Real Time Security Monitoring – continuous monitoring of security events from infrastructure and systems present within its perimeter;
• Security Incident Management – handling security incidents detected through the Real Time Security Monitoring service, in order to contain the impact and restore the complete operation of business services in the shortest possible time;
• Malware Analysis – identification and analysis within the internal and external perimeter of malicious items contained within apparently legitimate elements (such as emails, files, URLs, etc.) in order to protect the Group’s information assets, increasing the ability to detect security threats;
• Cyber Threat Intelligence – proactively searching for information relating to known and emerging cyber threats, useful for preventing or reducing the probability of their occurrence within its perimeter;
• Early Warning/Security Advisory – acquisition and analysis of heterogeneous information relating to new security threats and vulnerabilities that may affect the Group’s infrastructure, in order to identify those that are potentially critical along with the relative countermeasures, preventing any security incidents;
• Information Sharing – sharing specific information aimed at increasing the knowledge of the Group in the cyber environment towards internal and external stakeholders in dedicated reporting, developed periodically or upon specific request, through ad-hoc communication channels;
• Security Assessment – carrying out activities aimed at identifying any vulnerabilities present within its perimeter and the subsequent definition of the operations necessary to address them;
• Security Awareness – the definition and conducting of specific security awareness programmes aimed at employees in order to spread a security-oriented culture within the Group.

Piazza della Croce Rossa 1, 00161 Rome, Italy

E-mail: csirt@fsitaliane.it