PresentationThe social, digital and mobile scenario in Europe and Italy has profoundly changed in recent years, with an unstoppable transformation that grows and changes at an exponential rate.
This phenomenon has been producing two effects for some time now:indiscriminate access to the "data" of individual citizens, which combined with the antiquity of the old Privacy Code (Legislative Decree 196/2003), has determined the need for a new regulation in this sense, which materialized with the entry into force, last 24 May 2016 of the new European Data Protection Regulation the GDPR (acronym for General Data Protection Regulation) which will be directly applicable in all Member States of the European Union starting from 25 May 2018 without the need for transposition;
the proliferation of "cyber attacks" to the detriment of large and small institutions and companies, which are increasingly victims of infections caused by increasingly sophisticated malware that attack and "seize" company data.The alarm also comes from the Bank of Italy which last February 2017 published a survey on the situation of "Cyber attacks" and on the danger they have and will have on businesses and banks.
To face the risks deriving from this new scenario, companies and banks in particular must equip themselves with an intense training activity focused on the focus of this phenomenon: Privacy and Cyber Security .
In order to manage IT procedures more efficiently, the Bank of Italy published the 16th Update of Circular 285 , in which, under Title IV, it intended to regulate the governance and management of IT systems in the banking sector, requesting banking and non-banking organizations to adapt to this legislation in everyday working life.
The New GDPR provides that every company will have to appoint a DPO (Data Protection Officer), but the cyber-IT scenario outlined requires special skills that go beyond what the GDPR itself has provided.
The European School of Banking Management has developed together with leading Italian experts on these issues, a Master that simultaneously addresses the issues of Privacy, Cyber Security and Title IV of the 16th update of Circular 285 of the Bank of Italy , to form a figure who in addition to the skills of the DPO (Data Protection Officer) is able to understand, manage and organize all Cyber Security activities in his company. Ample space will be given to the exercises through which all the documents required by the circular and subject to audit activities will be illustrated.
The Master, the only Italian path to officially certify the possession of outgoing skills, is aimed at the new figure of the DPO (Data Protection Officer), the Heads of ICT structures and organizations, all those who at various levels deal with analysis and management of risks, privacy and corporate IT security and the personnel involved in the processes and procedures in the context of banking information systemsIt is the only Master in Italy:with a modular structure that allows you to customize the training objectives of each, with a subdivision into levels of knowledge ranging from the simplest Basic Level to the most advanced Advanced Certified, for those who want the best;
to be Approved at European level;
to have brought together the major experts on the subject;
which includes a final written and oral exam, an element that officially certifies the successful acquisition of skills;
provided by a specialized division of an ASFOR Associated Management School;ProgramThe impact of the European Regulation (2016/679) on the protection of personal data in the banking world from the point of view of IT security. Responsibilities of Directors.Dematerialization for banking companies
I use IT platforms
Privacy by default and privacy by design
Responsibilities of directorsPrivacy obligations in the banking and insurance sector: data, roles and privacy complianceIntegrated management of the quality of information on anti-money laundering, Privacy, 231/01
Privacy organization chart: the data controller, the managers, the system administrators, the data processors
Communication and dissemination of data: circulation of information in banks and interbank groups
Transfer of data abroad: the heterogeneity of regulatory systems, risks and solutions
Data protection officerThe security measures between the Privacy Code and the Provisions of the GuarantorSystem administrator, measures, obligations and responsibilities
Traceability of banking operations: Provision of the Privacy Guarantor n. 192 of May 2011, organizational and technical measures, impact, state of the art and best practices; access tracking and storage of log files; Audit and monitoring
Data breach notification
Biometric data and graphometric signature in banking institutions
Internet banking compliance and identity theft: the protection of the account holder 's personal data and the responsibilities of credit institutionsCivil, criminal and administrative liability in the processing of personal dataCriminal and administrative sanctions
New inspection program of the Privacy Guarantor
Civil liability (not only in terms of image damage, but also in concrete terms)
Inspection simulationIT risk mitigation toolsCyber security
Check the quality of safety
Attacks in real timeOverview: Bank of Italy regulations for information systemsConcepts and terminology in the field
Normative references 285
CRR normative referencesAddress, control and governance of the information systemDuties of the body with strategic supervision and management functions
Insights into Strategic Guidance DocumentationOrganization of the information systems functionFactors that determined the organization of ICT functions
Insights into the Documentation for the ICT function organization chartIT securityBody that exercises the IT security function
Insights into IT Security Policy DocumentationIT risk control and ICT complianceIT risks
Compliance with internal regulations and regulations (Technical aspects and organizational aspects)Tasks of the Internal Audit functionThe type of internal audit controls
Insights into the checks performedIT risk analysisThe analysis process
Insights into the IT Risk Analysis Methodology DocumentationIT security management (Security Policy)Goals of the management process
The general principles of safety
Roles and responsibilities
Internal rules and legal regulationsThe security of information and ICT resourcesControls and authorization procedures
Technical software development methodologies
Logical access regulation
Procedures for carrying out critical operations
Ongoing monitoring of security threatsThe security of the applications developed by the operating and control units
Application security in software life cycle processes
Change managementImpact assessment
Planning, coordination and documentation of interventions
Suitable system configuration management systemThe management of cyber security incidents
The availability of information and ICT resourcesMost critical applications
Architectures with safety profiles
The interruption of the serviceDocumentation Insights: Change Management Procedure, Incident Management Procedure, Operational Plan
The data management system (Data governance standard)The requirements and standards in the field
Insights into the Documentation of Data Governance StandardsOutsourcing of the information system (Application Outsourcing and Application Management)Types of outsourcing
Agreements with suppliers and other requirements
Particular indicationsSecurity of internet payments
Other essential documents required by the legislationInsights into Company Valuation DocumentationConcluding Module in the Classroom and in E-LearningSummary of the training course for the final review
Final exam (written and oral exam)RecipientsThe Master, the only Italian path to officially certify the possession of outgoing skills, is aimed at the new figure of the DPO (Data Protection Officer), the Heads of ICT structures and organizations, all those who at various levels deal with analysis and management of risks, privacy and corporate IT security and the personnel involved in the processes and procedures in the context of banking information systems.
In particular:Privacy Manager
Person in charge of Personal Data Processing
Head of Legal Affairs
Marketing officers and managers and hr
Freelancers such as Lawyers, Accountants, Labor Consultants, Privacy Consultants, Engineers, IT Consultants, Legal Consultants, Risk Managers.Master's degreeAt the end of the training course, each learner will be able to achieve a) the Diploma (Parchment) of the Specialization Master in Privacy and IT Security, b) the Certificate, which will certify the successful attendance of the training course and the acquisition of specialized skills verified thanks to to the tests carried out by means of a final written and oral exam and tests carried out with the School's E-Learning platform.
The achievement is subject to the following conditions:regular attendance of lectures on the E-Learning platform;
passing the scheduled written tests;
passing the tests required on the E-learning platform;LoansThe Master is eligible for:Banks through the Insurance Banks Fund
Private individuals through the Loan of Honor