Agency for Digital Italy (AgID) awareness-raising campaigns help make public administrations more mindful of the countermeasures they should apply in order to minimise damage in terms of economic value and reputation. This is in full consistency with theThree-Year Plan for Information Technology in Public Administrations.
Top priority is to increase the security level of public sector information infrastructures and counter the most common and frequent threats which they are subject to, as well as minimising viruses.
The Agency for Digital Italy (AgID) continues strengthening these measures and in light of increasing risk, issued the Minimum ICT Security Measures for Public Administrations in April 2017. This document indicates the technological, organisational and procedural measures to be adopted in order to counter the most common and frequent threats to their information systems.
The document identifies technological, organisational and procedural checks known as Critical Security Checks (CSC) and three levels of implementation. The minimum level is where every public administration, regardless of its nature and size, must already be or become compliant. Subsequent levels are for evolutionary situations capable of providing more comprehensive levels of protection and organisations which are the most exposed to risk due to the sensitive nature of the information or services provided should adopt them from the outset. However, all other organisations should set them as improvement objectives.
The IT Security Policy document contains arrangements, practices and organisational measures which University staff, external workers and students must adhere to in order to counter cyber risks.
The University's IT Security Policy was approved by the Board of Directors on 26/05/2020. The following is an excerpt from the full document where the main parts cover online services for students.
An evolving web and increasing use of digital devices make information and services more accessible, but they also expose users to potential risk of identity theft and breaches in personal privacy. Human error is recognised as the main reason for vulnerability in the IT security chain.
University stakeholders are invited to become more familiar with IT security good practices, by consulting the following links.