Docsity
Docsity

Prepara i tuoi esami
Prepara i tuoi esami

Studia grazie alle numerose risorse presenti su Docsity


Ottieni i punti per scaricare
Ottieni i punti per scaricare

Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium


Guide e consigli
Guide e consigli


DIGITAL SECURITY MANAGEMENT, Appunti di Sicurezza Dei Sistemi Informativi

Appunti di digital security management

Tipologia: Appunti

2020/2021

Caricato il 29/08/2022

marta-dallanoce
marta-dallanoce 🇮🇹

4.3

(4)

20 documenti

1 / 46

Toggle sidebar

Questa pagina non è visibile nell’anteprima

Non perderti parti importanti!

bg1
1
DIGITAL SECURITY MANAGEMENT
Digital Security Management addresses management and technical aspects of security in
organizations, emphasizing the need for good security management practices. Speaking about
security we can distinguish METHODS (sequence of steps that bring us to develop something in a
structured way, they are necessary because sometimes systems are so complex, like information
systems, that if we don’t follow a method, we get lost) and TECHNIQUES (specific ways of handling
a thing, like cryptography). Nowadays methods and techniques for security are more and more
relevant, also because the 90% of intrusion into computers and networks (technological connections)
remain undiscovered. A research performed by department of defence underlined attacks are
successful in 80% of cases and in only 6% of cases, intrusion has been detected (not prevented). The
attacks can be more or less dangerous according with different point of view (company vs individual).
The general problem is that systems are inherently weak and for this reason it is necessary to set up
SECURITY POLICIES, TECHNICAL MECHANISMS and ORGANIZATIONAL MEASURES
(they are decided at a strategic level (password should be changed every 3 months, login through
SPID, …)) to face the problem. Usually, the companies don’t report about attacks in order to not lose
reputability. It is important to have trusted resources (people, assets, data…). According to
ANTHONY’s PYRAMID, in a company everything can be structured in three groups:
OPERATIONAL RESOURCES, TACTICAL RESOURCES, STRATEGIC ACTIVITIES (they
elaborate the strategy of the company, as business analysis, data analytics, security policies…). Data
and information are the most valuable assets in a company. The difference between DATA and
INFORMATION is that the first has also a physical connotation (a sequence of bit stored in a
database…), the latter is something that has a meaning, a context, a semantic. In order to prevent
attack is necessary share data, information or resources between different organizational units and
cooperate between, but always preserving existing legacy systems and databases, protecting the
autonomy and motivating interoperability. Nowadays, the Enterprise Information Systems are
evolving towards global distributed solutions (Federated Information Systems), so there are
continuously new needs and new security problems.
From an ARCHITECTURAL point of view, it is
possible to find applications (software) on
various nodes and it is called distributed
computing. DOMAIN is a set of resources with
the same security requirements and therefore
protected via a homogeneous set of
policies/mechanisms.
The data are unitary but distributed on
various nodes (distributed database). In a
system it is possible to find some
VULNERABILITIES that can’t be avoided,
they exist and they can be only faced through
policies and mechanisms. Internet is the most
dangerous environment. The server can
access internet through clients (browser).
The router is a telecommunication switcher
that allows that traffic of internet. The web
server can be under attack with deniable
causes, but it is not a critical aspect.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e

Anteprima parziale del testo

Scarica DIGITAL SECURITY MANAGEMENT e più Appunti in PDF di Sicurezza Dei Sistemi Informativi solo su Docsity!

DIGITAL SECURITY MANAGEMENT

Digital Security Management addresses management and technical aspects of security in organizations, emphasizing the need for good security management practices. Speaking about security we can distinguish METHODS (sequence of steps that bring us to develop something in a structured way, they are necessary because sometimes systems are so complex, like information systems, that if we don’t follow a method, we get lost) and TECHNIQUES (specific ways of handling a thing, like cryptography). Nowadays methods and techniques for security are more and more relevant, also because the 90% of intrusion into computers and networks (technological connections) remain undiscovered. A research performed by department of defence underlined attacks are successful in 80% of cases and in only 6% of cases, intrusion has been detected (not prevented). The attacks can be more or less dangerous according with different point of view (company vs individual). The general problem is that systems are inherently weak and for this reason it is necessary to set up SECURITY POLICIES, TECHNICAL MECHANISMS and ORGANIZATIONAL MEASURES (they are decided at a strategic level (password should be changed every 3 months, login through SPID, …)) to face the problem. Usually, the companies don’t report about attacks in order to not lose reputability. It is important to have trusted resources (people, assets, data…). According to ANTHONY’s PYRAMID, in a company everything can be structured in three groups: OPERATIONAL RESOURCES, TACTICAL RESOURCES, STRATEGIC ACTIVITIES (they elaborate the strategy of the company, as business analysis, data analytics, security policies…). Data and information are the most valuable assets in a company. The difference between DATA and INFORMATION is that the first has also a physical connotation (a sequence of bit stored in a database…), the latter is something that has a meaning, a context, a semantic. In order to prevent attack is necessary share data, information or resources between different organizational units and cooperate between, but always preserving existing legacy systems and databases, protecting the autonomy and motivating interoperability. Nowadays, the Enterprise Information Systems are evolving towards global distributed solutions (Federated Information Systems), so there are continuously new needs and new security problems. From an ARCHITECTURAL point of view, it is possible to find applications (software) on various nodes and it is called distributed computing. DOMAIN is a set of resources with the same security requirements and therefore protected via a homogeneous set of policies/mechanisms. The data are unitary but distributed on various nodes (distributed database). In a system it is possible to find some VULNERABILITIES that can’t be avoided, they exist and they can be only faced through policies and mechanisms. Internet is the most dangerous environment. The server can access internet through clients (browser). The router is a telecommunication switcher that allows that traffic of internet. The web server can be under attack with deniable causes, but it is not a critical aspect.

The demilitarized area doesn’t host critical resources and a FIREWALL is a machine/software that filters the requests to enter the information system. EXTRANET regards providers and customers and the connection can happen through the credentials. The high security area host critical data. There are 3 typologies of THREATS:

  • Physical : connected with the fact that physical elements are present, they can be thefts, intentional damages, intentional damages, accidental events (break down of power/conditioning plant) or natural disasters (flooding, fire, earthquakes).
  • Logical : thefts of data (credit card numbers, personal data, passwords), creation of hidden access points (trapdoors, information leakage points, trojan horses): this means an illegal use of computing and communication resources.
  • Accidental : configuration errors, malfunctioning of programs, etc. The attacks can be caused by 3 rd^ parties, that are persons external to organization (data theft, intrusions, viruses, malware), Network manager, a person has control of routers and knows everything about the network (traffic analysis, deletion/alteration of messages), Database manager, a person that has control on the database (data analysis, deletion/alteration of data, query control, etc.), Physical/Logical access from non-authorized personnel, Legitimate Users (cause of the most dangerous attacks). We can define an INFORMATION as any sequence of bits useful to system operation and it refers to specific meaning of physical data (data, executable code, application configuration); AGENTS as any entity able to operate autonomously within a system (users, applications, business processes); an EDGE SYSTEM as a tool/application connected to a network of communication; a REGULATORY COMPLIANCE as a set of rules that regulate the environment of an organization; usually with the term OTHER DATA we refer to elements that are not included in the database (images, videos…). There are 5 SECURITY PROPERTIES present in every digital system:
  1. INTEGRITY : ensuring that information is not altered by non-authorized agents (adding, deletion, modification), it refers to writing operations.
  2. AUTHENTICITY : information is intact and contain also elements allowing the identification of its creator. The creator must sign his creation and can’t deny being the creator, so this property encompasses NON REPUDATION.
  3. AUTHENTICATION : each agent is uniquely identified before interacting with the system, it refers to password issues through which the agents demonstrate his identity. Authentication systems can be divided in SYA (Something you are) (finger recognition), SYH (Something You Have) (smartcard), SYK (Something You Know) concept (password).
  4. SECRECY/CONFIDENTIALITY : information can be READ only by authorized users. It is linked with Privacy issues, that refer to personal data. We distinguish Integrity by Confidentiality because different systems care about different properties.
  5. AVAILABILITY : a system must provide the services it has been designed for whenever these are required by users. So the agents must provide availability measures for their systems and this property encompasses Non denial-of-service. With Cyber-Physical Systems we refer about Information Systems that also include physical items (automated job floor). There are different TYPOLOGIES OF ATTACKS:
  • CAUSES : they are always technical weaknesses in the system project or implementation, inadequate/unapplied management procedures, they can be caused by intentional or unintentional errors in designing.
  • SNIFFING : interception of network packets by an unauthorized agent performing the attack (reading of data, password search). This phenomenon is also called information leakage and it is a CONFIDENTIALITY issue. A solution can be the Cryptography.

techniques based on MATHEMATICAL TECHNIQUES ( Symmetric crypto , Asymmetric crypto , Digest , Algorithms of key exchange ). SECURITY FUNCTIONS obtained by cryptography are: Data secrecy , Data authenticity , Agent authentication. Cryptography consists in making the data unrecognizable through algorithm. Cryptography is used to create virtual communication channel rather than protecting data storage, in fact is very seldom to find encrypted data in database, while the transmission lines usually encrypted using cryptography. The major issues in data transmission refer to protection of Communication Channel, protection of Client Identity (who asks for a service), protection of Server Identity (machine/agent that provides the service) and protection of Identity of Message Author (no repudiation). The interceptor works on the transmission line, while the Replayer can work on the transmission line and on the server. The False Sender intermediates the communication, sending false message requests and receives a message reply, that usually contains data. The False Server provides false message replies. In both these cases we can use authentication techniques based on cryptography. To PREVENT THE ATTACKS is possible to set Secure Communication Channels (virtual private networks (VPN) that is a sort of tunnel created by cryptography that works on top of physical network), to design Suspicious Clients and Server (continuous request of credentials during the communication), to ensure that Communication is Fresh (ensuring that the client is active to avoid message replay; in fact the attacker, without trying to find clear data, uses encrypted packets and re- inserts them into a conversation, so to avoid this threats it is possible to continuously change the encryption algorithm or key). Cryptography is a Mechanism to implement policies, it is a mechanism to ciphering data using keys. Cryptography can be used on Authentication Phase; we need mechanisms for password authentication on centralized systems (authentication server) or mechanisms for key distribution (authentication service). Access Control means who can perform actions on system resources (people, databases, …), these resources should be available only for authorized agents. In order to ENCRYPT (make available) information it is necessary the coding of information so that it becomes understandable only for those agents who have one or more KEY(S), that is the secret element of cryptography. The cryptography uses known and public algorithms, only the secrecy of key guarantees confidentiality and integrity, so keys must be kept secret, selected within a huge number of combinations and changed very often. Attacker performs crypto analysis in order to discover the keys to encrypt the message. The algorithms can be divided in two main classes:

  • SYMMETRIC KEY ALGORITHMS : one key is shared between the sender and the receiver, so the problem refers to the exchange of the key that allows to start the encrypted conversation, some examples are algorithms of substitution, algorithms of transposition, The client can be a person, a machine or a browser that asks for services, he is always the initiator of the conversation. The server replies the message sent by the client. A Replayer is an attacker that intercepts the message request and can do sniffing or alters the message; but the Replayer can also attack the server acting as a server shadow. On the way back the message from the server to the client can be attacked by an Interceptor , that can sniff, spoof addresses and data, alter the information. The interceptor can also attack the message request.

algorithms that are a combination of transpositions and substitutions that originate standard transmission algorithms (Data Encryption Standard system (DES)). Converts data “in clear” in form resulting non understandable (“ciphered data”) and vice versa, the 2 transformations are called enciphering (E) and deciphering (D). Transformation requires knowledge of one secret key K. Substitution and transposition, taken singularly, are simple algorithms, for this reason we can use DES, it is developed by IBM and used by National Security Agency for non-classified information. It is implemented in hardware that make it very fast and efficient. It is a sequence of substitutions and transpositions, it encrypts blocks of text, grouping them in 64 bits, under a key. The key in the different algorithms are becoming longer and longer, because from the length of the key depends the level of security of encryption and decryption. ADVANTAGES: very performant in terms of speed. DISADVANTAGES: communicating parties need to meet virtually on the network to exchange the key before to start the communication, problem to keep the key secret, once the key is compromised, all the subsequent messages are compromised. The symmetric algorithms are implementable on hardware, because usually they are a set of chips that should work each other.

  • ASYMMETRIC KEY ALGORITHMS : there are two keys a PRIVATE one and a PUBLIC one, they are a pair, inherently connected by mathematical functions, and every agent has both the keys. RSA algorithm and Diffie-Hellman are two standard algorithms. The ENCIPHERING uses the public key (Ke) of Receiver, while only the Receiver can DECIPHER using the private key (Kd). Given a pair of asymmetric keys, a key is made public while the other is assigned to a single entity which is responsible for its secrecy. The public key is stored in a public repository, but only the owner of the private key can decipher the message. This method guarantees secrecy, integrity, allows electronic signatures, authenticating the origin of the message, allowing non-repudiation. D(E(P)) = P, with D=decryption, E= encryption and P= original message. Very difficult to deduce D from E and also E cannot be found via an attack on one specific text, because the basic assumption is to use a simple function f, while the inverse f-^1 is complex. The most famous algorithms are RSA that is based on factoring of 2 prime integer nb that have to be

directed to the protected network are compliant with the Organization Security Policy and cannot provoke damages to internal systems. Firewall is positioned within the gateway (router) connecting a network to external entities. In general, it has various components (hardware and software), it can also be one hardware component hosting various software processes; but the preferred solution is composed of many different elements creating multiple defence lines. There are laws for Firewalls:

  1. Firewall must be unique contact point between internal network and external world
  2. Only authorized packets can go through the firewall
  3. Firewall must be a “secure system” itself
  • VIRTUAL PRIVATE NETWORK (VPN) : connects in a secure way single nodes or whole networks through unsecure communication channels and encrypts the communication of the normal communication channel, it is a conceptual component.
  • SECURITY AT APPLICATION LEVEL : we can protect the web and web server using some encryption techniques, or specific techniques to protect html pages; we can use encryption also to protect e-mail, access to data database; we can define the valid sessions for a communication, using the idea of a virtual terminal or file transfer functions. In the end the techniques we can use are encryption or access control mechanisms (defining who can access the information).
  • SECURITY SYSTEMS TO PROTECT CONFIGURATION OF SOFTWARE IN COMPUTING SYSTEMS AND NETWORK DEVICES (errors in configuration of software or bad positioning of components in a system can open some bridges in the network that lead to different point of attack). Software usually are not encrypted, but usually the protection of them is guaranteed by authorized agents.
  • INTRUSION DETECTION SYSTEMS (IDS) that are able to know the intrusions happened in the past and anomalous things that happened, they can be hardware components or a mix of hardware and software; the objective is detect and prevent attacks, MONITORING SYSTEMS and AUDITING SYSTEMS. They are all systems that allow to track what happen in the system and log the actions (not data) taken in the system, what we want to monitor are the behaviours of the users. N ETWORK SECURITY is obtained through Network protocols created with some security ideas, because usually Network Protocols don’t have security embedded. Network protections applied at level 3 of ISO stack (addresses of machine in the network, that assure that packets are addressed directly from sender to receiver: o END-TO-END SECURITY : a logical secure channel is created directly between 2 communication nodes, so packets are encrypted, and no third parties can have access to the message exchanged by the 2 users, it is usually used for simple communications (WhatsApp).

o TUNNELING : the secure channel is established between 2 gateways (typically 2 routers that represent the entrance to a network). It is more suitable for enterprises that create an internal network that must be secure. In both the cases these are two VPN techniques.

SECURITY OF DATA

Since data are the most valuable assets in a system, there are specific techniques for them. Data require protection from improper access (unauthorized agents), protection from inference (even if I am authorized to read I can’t modify data items). The integrity must be granted, such as protection from improper changes, operational data integrity (concurrency manager, locking, back up and recovery), semantic integrity (integrity of constraints). Accountability (each user should be accountable and responsible for what he performs in the systems) and auditing (related to detection) must be guaranteed. The users must be authenticated to access to data, allowing a secure identification and a management of sensitive data. In some environment, military and government…, multilevel protection systems are required. Confinement is the property to limit the resources that can be affected by an attack, avoiding long information transfer along authorized channels, memory channels and convert channels (whose existence is not clear or known, usually they are created by attackers). Controls on data can be of three types:

  1. FLOW CONTROLS : we want to control that from an object X, that is authorized, to another object Y, that is unauthorized, the transfer of information must be authorized, otherwise an improper information flow is present (for example from top-secret to unconfidential).
  2. INFERENCE CHECKS : there are various typologies:
    • Direct Access : SELECT X FROM R WHERE Y = value Shows that there exist n- tuples in R meeting the condition Y= value If the user is not authorized for Y, he can anyway read data set Y
    • Correlated Data : z = t * k with t,k visible, z not visible z can be inferred via arithmetic relation ‘*’
    • Missing Data : to know the NAME of an OBJECT although the contents is not visible EMPLOYEE These are types of attacks performed every day. Inference controls are used also for Statistic Inference through some techniques as Data perturbation (based on statistical elements), Query Control (return a query set which is large enough to enable inference). 3. ACCESS CONTROLS : it is necessary to set in place some access control procedures, that are software, that given the request to access some data items go and check some access rules, that based on security policies, give an answer.

a lower one, MAC introduces different sensitivity level, tagging users and data with protection labels (Unclassified, Confidential, Secret, Top Secret), they are called SENSITIVITY of Data and CLEARANCE of Users. These levels are in a hierarchical relation from Unclassified to Top Secret. The MAC introduces also the CATEGORIES concept (e.g. Nuclear, NATO, Intelligence; Production, Personnel, Engineering). This system doesn’t allow sophisticated attacks by certain users (Trojan Horses). There are different types of access controls for Databases: ACCESS BASED ON NAME OF ATTRIBUTES, ACCESS BASED ON TYPE OF ACCESS THE USER HAS IN DATABASE (read, write, update, delete…), ACCESS BASED ON THE CONTENTS. SECURITY MODELS The premise is that every user that access a system should be authenticated. The term DBMS (Data Base Management System) refers to a software devoted to manage data in a database (Horacle…). DISCRETIONARY ACCESS CONTROL (DAC): the user has a discretionary power to manage the resource, he can grant and revoke privileges on the data he owns. The access can be dependent on name/content/type of access. The context-dependent access is a combination of Operating System Policies. The discretionary model are based on:

  • ACCESS MATRIX: Based on Matrix A[s, o] = p, with s=subject (program, process, user), o=object (program, file, random memory area), p=access privilege (read, write, execute, call). The subject is everything that is active in the system, the object is everything that is passive in the system and for each element of the matrix we should define an access privilege. The set of subjects and objects can be Not Disjoint. It is conceived for Operating Systems; matrix is sparse (occupies memory); for DBs access conditions (eg. for constraints on contents).
  • ACCESS CONTROL LISTS (ACL): each column of the access matrix is stored with the object corresponding to that column (very efficient: ACL is opened with the object, e.g. File).
  • CAPABILITY: each row of the access matrix is stored with the subject corresponding to that row (each subject has a set of capabilities, or authorization tickets.
  • ROLE-BASED MODELS: there are the most used model, based on the rules of the system. Any user with privilege P with Grant Option on table T can revoke P, an authorized user can revoke only the authorizations granted to him, but the problem is that authorizations granted with Grant Option need RECURSIVE REVOKE (cascading). Revoke of P on T from user Y by user X is equal to consider all the authorizations for P on T granted by X to Y had never been granted. A solution can be the use dof timestamps associated to revoked authorizations. mgr= manager. The name is the way in which the user is authenticated. The manager can only read the information of his employees. The employees can only read the information of other employees in the same department (mgr(NAME)=mgr(employee)).

MULTILEVEL ACCESS CONTROL (MAC): it is usually used when there are data that are very sensitive. It uses a mechanism of protection and management of multi-level data (in combination with Operating System, and labels. Trusted Computing Base (TCB) groups all the mechanisms that implement MAC security policies.

  • Simple Security property (NO READ UP): Subject S is authorized to access in read mode to an object O only if his level is higher or equal than the level of the object (L(S) >= L(O)). USERS DATA Top-secret Top-secret Secret Secret Confidential Confidential Unclassified Unclassified
  • Simple Security property (NO WRITE DOWN): Subject S is authorized to access in write mode to an object O only if L(S) <= L(O) because otherwise he would underate the information. For example, if a Secret subject writes something to Confidential level, then a confidential user can read this new information, reading a secret information stored in a confidential level. These rules, combined, disable the data flow between “high” and “low” subjects. The security implementation in database management systems MAC happens through a controlled multilevel data access (via Total Classification of the users (TCB)), the storage and management work through classification labels that can be a various levels: relationship level, attribute level, record level (tuple), element level (single data). The storage can happen 1.directly in the BD, 2.in the BD in encrypted form, 3.in a separate BD managed by a filter. The performance can change among these 3 methods. In the access from web applications, the passwords represent the vulnerability. When a user uses a database, he generally needs to supply an account name and password, most of the time, these are hard coded into scripts and this is very dangerous because if an attacker somehow accesses the script, he can attack the data base even without using the web. It is much better to store the account name and password in a file outside the web directory tree, and read it to use it. B revokes privilege to D. D doesn’t have time to perform the action in the first case.

✓ checklist templates for audits and audits. It is important to make sure, therefore, first of all the presence and adequacy of all the components that contribute to the completeness of the model.

  • GDPR BUSINESS COMPLIANCE (DOCUMENTATION) : In terms of accountability, it is essential to be able to demonstrate the effective implementation of the data protection management model itself through a series of documents, starting with: decision of the Board of Adoption of the "Personal Data Protection Management Model", register of personnel appointments, countersigned appointment letters, acts of designation (and deliberation of the Board) for any Delegate Subjects and DPO. The application of internal provisions should also be documented: o census of personal data processing activities (treatment logs). It is important to point out that for all this documentation it will have to be verified not only the presence, but also: the actual availability (knowing where it is and/or who is the owner who can access it), the adequacy to internal regulations and regulations and the regular update (date of creation and last update, management of versioning). Few things are as dangerous as a documentation made at the time of the GDPR adjustment project and then abandoned (to the point of not even knowing where it is...). o management of business requests by stakeholders (request log); o projects with a view to design (register of new initiatives); o data breach management (incident and breach logs, analysis, communications); o implementation of risk analysis (analysis report, application mapping, list of current and planned measures); o implementation of DPIA (analysis of their need, impact assessments performed, possible preventive consultations); o supplier management (manager register, checklist for assessing suppliers); o non-EU data transfer (transfer log, guarantees applied). Among the other domains to be monitored and documented, we point out the information initiatives of the corporate population, there is no use in defining to approve internal procedures if they are not known and easily accessible to those who should apply them daily in carrying out their work activities. We also remember the activities related to the world of training, which are essential to root awareness of the privacy principles and their methods of application, namely: initial assessment of skills (to establish a baseline on which to base subsequent checks); training plan (general and specific for some more critical functions); training delivery (in-person or remote); verification of effectiveness by repeating the assessment. All these phases must contribute to creating a very different documentary basis from the old, carefully signed classroom registers, which testified only to physical presence but certainly not to learning. Instead, this is precisely the objective of training and this must be measured and documented. Privacy must be considered from the early stages of development of a system
  • GDPR BUSINESS COMPLIANCE (THE CONTROL SYSTEM) : No model, however well designed and applied, will ever be able to function properly if not subjected to constant and careful verification. The control system starts from the model, which in more complex situations could assign control responsibilities at different levels, starting from the line managers of the different functions, passing through the internal audit and / or compliance, up to the DPO. Along the different phases must be documented: ▪ the control plan (including the reasons for the choices of the departments or processes to be audited);

▪ the checklists and evidence collected in the field; ▪ audit reports and related remediation plans. The plans proposed for the return from any detected non-conformities and the verification of their effective adoption through specific follow-up sessions, to be provided for each control, will take on particular relevance. In fact, what use would it be to carry out checks, detect discoveries, report remedies and then leave everything as before, without checking whether a return path from the detected criticalities has been put in place? (Infatti, a cosa servirebbe fare controlli, rilevare scoperte, segnalare rimedi e poi lasciare tutto come prima, senza verificare se è stato messo in atto un percorso di ritorno dalle criticità rilevate?) Furthermore, the world of controls cannot be based only on periodic checks of the functions in charge, but must be integrated by a constant "flow of information" to the Privacy Officer (and the DPO) that offers visibility to all those business, organizational and technological innovations, or linked to suppliers or to the methods of processing personal data (new treatments, new types of data processed or of interested parties, change of retention criteria, etc.) which may require updating of registers, information, appointments, procedures or other documentation, as well as a possible revision of the risk analysis or the launch of DPIA or the by design approach to new initiatives. This flow must solicited to the operational functions (the only ones aware of what happens daily within them), analysed to draw the appropriate consequences, periodically reported. The set of these steps therefore constitutes the "checklist" with which the professional in charge of ensuring compliance with data protection within one's organization and achieving GDPR corporate compliance must be provided. A Digital Signature document respects all the 5 properties, the GDPR and compliances. Chamber of commerce (camera di commercio) is an authority that check and provide privacy certificates.

To ensure that the certificate cannot be altered, it is protected with the digital signature of the Certification Authority (CA) that issued it, he is a body created to carry out organizational (identify individuals who require a certificate) and technical (creation of certificates) tasks, but he can have also some accessory functions as the distribution of certificates or their revocation. It is possible to have an infrastructure supporting asymmetric keys, "public key infrastructure" or PKI (Public-Key Infrastructure). The PKI provides the following basic functions to user communities: Issuance of public key certificates, after carrying out the necessary technical and procedural checks; Revocation of public key certificates (e.g. theft of the private key associated with the public key); Distribution of public key certificates and information about revoked certificates. Optionally, PKI can also provide support for the validation of a digital signature through identification functions of the time at which the signature was affixed ("time stamp"), of the role covered by the individual who signed it ("role certification") and why the signature was made ("signature policy"). When a public key is received through a certificate, the integrity and validity of the signature must be checked: the digest calculated on the certificate (i.e. on the public key and the data associated with it) is compared with the digest extracted from the digital signature affixed by the CA that has issued the certificate, if this comparison is successful, the certificate is certainly intact but it remains to be seen if the CA that issued it is a trusted CA, a solution to this problem can be a list of public keys from trusted Cas, that is maintained or the creation of

certification hierarchies, in which a CA issues certificates not only for users but also for other subordinate CAs that have the task of certifying different sets of users. There is no a universal PKI yet, but the competition is between various standards: X.509v (ISO), X.509v3 (ISO + IETF), PKCS (RSA, partially compatible with X.509v3). The public keys and certificates are used to exchange of e-mail messages (PEM, PGP, S / MIME), Proprietary applications (for remote control, to make safety modules), For hardware equipment (router, network hardware), For e-commerce applications, To create secure Web sites and Signed software components. Agents must be authenticated before allowing them to open a communication channel or access information, a person can be identified using one or more of the following characteristics: information that he knows (e.g. password) (SOMETHING YOU KNOW), an object he possesses (e.g. a magnetic card) (SOMETHING YOU HAVE), one of his physical characteristics (e.g. fingerprint, retina, DNA) (SOMETHING YOU ARE). The Password can be of vary types: OTP (One-Time Password) it works with the encryption of a key generated at the same time when the token is switched on, practically it works with the synchronization between the token that user has and the number generator of the institution (bank), Challenge-response systems (the password is never transmitted but only used to make a calculation that indirectly demonstrates its knowledge), answer =f(challenge, password), the answer is function of the result of the challenge and the password that has an encryption role. The application used for the security of the communication are SSL stands for "Secure Sockets Layer", a standard technology that ensures the security of an Internet connection and protects sensitive data exchanged between two systems by preventing cybercriminals from reading and modifying the transferred information, encryption algorithms can be used to encrypt data in transit, preventing it from being read by hackers while in transit over a digital connection) and TLS ((Transport Layer Security) is an updated and more secure version of SSL). A Trusted third-party authentication works with a password that is used not to directly access the applications but to obtain a sort of pass (ticket) generated by a central authentication system and accepted by the applications as proof of the agent's identity (Kerberos). Regarding the SECURITY IN THE WEB, we can consider a web browser that communicates with a web server, the server is usually in demilitarized area. There can be an attack to the web server, but usually on it there are not critical data; attack to the web server, like Trojan Horses and so on; attack to communication channel. For every type of attack protection policies and mechanism exist.

devices, hardware, software (e.g. cryptographic devices, Access Control Lists, view for the database). A policy can be implemented by multiple mechanisms. o WEB BROWSER: the main types of attacks on it are: Privacy Infringement (on cookies that are stored in the https section), Execution of Fraudulent Active Components, as VBA macro (software), Mischievous scripts, applets and ActiveX controls, Spy Component / Back Doors (bug in the system), Trojan horse, Execution through malicious code plug-in (e.g. artifact PDF documents; they are usually components that update the system, if they are out of control, they are very dangerous). o WEB SERVER: The policies for the protection are: ❖ Minimum privileges to processes activated by the server (need-to-know): Minimum privileges to the processes activated by the main process of the WEB server. The main process, which is owned by the system administrator and is listening on port 80 (web port of a connection), is unfortunately activated by the current Operating System with maximum privileges (root in Unix, administrator in NT), this situation that cannot be remedied, unless an organizational measure. The system administrator is responsible for activating the child processes inherent in the services offered by the WEB server (e.g. connection with data sources), these services must be activated by associating them with a virtual user to whom minimal privileges are assigned, thus preventing processes with possible bugs from attacking the entire system. ❖ Server file system protection: Users connected to the web server must be granted minimum privileges (read for html pages, execute for scripts or applications), while WEB administrators are also granted modification privileges on html pages and configuration files (write). A good practice involves prevent users from viewing and browsing the folders containing html pages, scripts and applications, in fact not knowing the version and the information of the scripts present on the server, prevents the exploitation of their possible BUGs for fraudulent purposes). ❖ Confinement of individual services (define an area of grouping resources that create a given service): The adoption of a server to be dedicated exclusively to WEB servers is recommended, moving any other service or application to other computers. If this is not possible and different services use the same file system, it is good practice to adopt a security policy aimed at managing the accounts of each service separately, limiting themselves to providing individual users with only the strictly necessary privileges. For WEB servers it is advisable to keep the directories containing the html pages and the scripts respectively (execution rights limited to this directory). ❖ Scripts activated with minimal privilege: activated with the strict privileges necessary to perform their function. ❖ Auditing the server to a level of fine granularity: All possible forms of auditing must be activated, and the various LOG files must be constantly monitored. All updates and patches that are needed must be applied to the server

There can be attacks also to ACCESS THE RESOURCES OF THE OPERATING SYSTEM, as hardware, network connections or shared resources. COOKIES: Text files that web servers generate and store in a specific directory within each web browser. They are used to store session variables, user information, sites visited. Their most frequent use is to support iterated entry of data in the input forms (which would be lost when moving from one page to another). It is possible to disable them, but the pages that use them would not work properly. There are cookie managers that filter the content by making available only some of the information contained on the web servers. Processes are exposed and connected to the web, in fact they receive the http request (port<1024, usually port 80) and it runs in a superuser way. In a physical separated area, the user operates using http, under the condition of min privileges. It is a good practice to have two separated physical area in the web server, one used by administrator and the other used by simple users. In the left the typical structure of a cookie, it contains information about name, browser used.