At A2A, we set great store by the safeguarding from potential cyber threats of our infrastructures and business services – as well as the confidentiality, integrity and availability of our information-based resources. In order to ensure effective protection, we prevent, fight and neutralize hostile events including those perpetrated through the exploitation of the human factor.
For this purpose, we adopt a holistic approach to security so as to implement a system of internal controls which encompass aspects of security operations.
We have put together a multidisciplinary group of cybersecurity experts who make up our Computer Emergency Readiness Team (CERT), with the common aim of ensuring the security of the information-based resources, services and assets of the entire A2A Group.
A2A-CERT is the focal point for the monitoring, analysis and sharing of information relating to the cybernetic threats to which we are exposed. In the event of a cyber incident being identified, A2A-CERT initiates action to contain and eradicate the threat and restore the systems impacted.
In collaboration with other national and international organizations, we promote interaction and the exchange of information in the cyber sphere in order to increase knowledge and the capacity to identify threats, to anticipate risks and to effectively respond to cyber attacks.
A2A-CERT delivers a range of services across the Group:
Information Security Incident Management (ISIM): constant monitoring of structured and non-structured security events in order to identify and respond promptly and effectively to security incidents, limit their impact and prevent future occurrences;
Cyber Threat Intelligence (CTI): gathering and analysis of information about known and emerging cyber threats within our cyber threat landscape in order to increase our knowledge of the tactics, techniques and procedures used by those attacking us, and thus prevent or anticipate such threats;
Security Platform Management (SPM): continuous management of security platforms and relative policies on the basis of the sector’s standards and best practices in order to enhance our security posture;
Active Defence (AD): identification of technological and process-related vulnerabilities and proactive research into malicious activities not detected by automatic monitoring systems in order to reduce the area of vulnerability and mitigate the Group’s exposure to cyber risks.
TLP - A2A-CERT manages its information sharing in accordance with the Traffic Light Protocol