Security Program

RETIS provides strategic and operational consulting, design and development of solutions, services and training for risk assessment and safety management of the information systems, essential components to achieve and maintain over time the level of security appropriate to the institutional mission and business of each organization.

The Business Unit Security, operating under the subsidiary RETIS CONSULTING, aims to provide services with high added value based on the principles of ethics, professionalism and independence that are part of the cultural baggage of RETIS.

We use internal professional resources, constituted by a qualified external professionals or selected partners working throughout the country. Employees and partners must meet the criteria of "quality" that ensure our customers, excellence in the final result. Our resources have many years of "operational” experience and specific security certifications (in both processes and products) recognized by the international and the European level.

Our Offer - RETIS Security Program:

RETIS considers the security of the information systems as a process of continuous improvement, which acts on the human, technological and procedural components, which compose the security system.

In that way has been developed the "RETIS Security Program" as a set of offers components that allow to the organizations to implement a Security Information program through the gradual implementation of security processes, project development and construction of an environment management and operational control of security consistent with the concept of "Security Cycle."

For the definition, development, management and control of the security system using methods and standards (ex: ISO 17799, ISO 27001, ITIL, COBIT, OSSTM ..)

The offer spread in 6 areas, each consisting of several components, for which support is provided consultancy, design and related services:

  • Security Governance.
    Development of security strategy to support the business strategy;
    Classification of information;
    Definition, development and diffusion of policies, guidelines, procedures;
    Definition and development of organizational contexts (roles and responsibilities);
    Compliance with legislative standards (Privacy, legal protection of SW, digital signature, computer crime ....)
    Compliance with safety standards (ISO 17799, BS 7799-2 (ISO 27001:2005), ITSEC ..);
  • Security Risk Management.
    Process Development of risk management;
    Risk Analysis (evaluation of assets, identifying threats, vulnerabilities, measuring the level of risk) by using standard methodologies to the market (ex CRAMM) or proprietary;
    Risk Mitigation (identification of countermeasures, gap analysis, defining strategies and priorities for action, reporting);
  • Security Planning.
    Definition and architectural design of the security system (People, Processes, Products), Evaluation and selection of security products;
    Definition and development of the operational security;
  • Security Implementation.
    Feasibility studies for the implementation of logical, physical and organizational security projects;
    Technical and economic evaluation;
    Development and project management;
    Design and development of secure Web-based applications in open source environments;
  • Security Management & Control.
    Security auditing - evaluation metrics (procedural, technological, organizational, training);
    Security Intelligence;
    Forensics analysis and legal support;
    support to CIRT business;
    Support to the definition and testing of plans for BC / DR;
  • Security Training & Awareness.
    Definition, development and information delivery and training programs using appropriate techniques and technologies for management, technicians and users;
    Definition and development of processes and mechanisms for evaluation and feedback.

RETIS, in partnership with one of the most successful law firms, is able to provide the necessary legal support to meet the obligations required by the laws concerning privacy, copyright, computer crime, and address all matters relating to business ethics and code of conduct.

RETIS collaborates with leading security associations (Clusit, ISACA, CEPAS), is present in several study groups in institutional contexts and is the Vice-President of the Italian chapter dell'IISFA (International Information Forensics Association).