CERTFin (the Italian Financial CERT) is a cooperative public-private initiative aimed at increasing the capacity of cyber-risk management from banking and financial operators and the cyber-resilience of the Italian financial system through an operational and strategic support for prevention, preparation and response to cyber-attacks and security incidents.
In line with the National Strategy and framework for the cybersecurity, CERTFin acts consistently with the whole set of institutional activities running in Italy and focussed on cybersecurity and protection of critical infrastructures, further broadening the network of institutional stakeholders and of national and international experts.
|CERTFin is governed by the Italian Banking Association (ABI) and the Bank of Italy, which share responsibility for appointing the organisation's chairman, and is operated by the ABI Lab Consortium. Service are offered and supplied according to a cooperative approach, thanks to the active participation of the Italian financial operators.|
WHO CAN PARTECIPATE IN CERTFin
Participation in CERTFin is open, on a voluntary basis, to all companies in the Italian banking and financial sectors, such as payment service providers, banking and financial intermediaries, insurers, market infrastructure managers, service centres and providers of technological services relating to the payment system.
Other financial sector authorities and trade associations can also take part in CERTFin's work, by mutual agreement.
WHAT CERTFin DOES
CERTFin offers and proposes qualified services on information security topics to the benefit of its Constituency via the following activities: Financial Info Sharing and Analysis Center (FinISAC); Observatory on Cyber Knowledge and Security Awareness; Cyber-emergency Operating Center.Moreover, CERTFin cooperates with a large community of public and private entities and acts as a centralized hub of the financial sector in the dialogue with other strategic sectors and operators on cybersecurity topics.
Financial Info Sharing and Analysis Centre (FinISAC)
Systematic exchange of information about threats, vulnerabilities and incidents, updates regarding the status and development of cyber-threats and the possible countermeasures to take, periodic update reports, and analyses of cyber-frauds and cyber attacks.
Observatory on Cyber Knowledge and Security Awareness
Study of applicable legislation pertaining to cyber-security and IT risk, surveys and statistical analyses, planning of awareness-raising campaigns on cyber-security issues, and participation in exercises and simulations involving the main players.
Cyber-Emergency Operating Centre
Analysis and coordination in response to incidents, artefacts and security vulnerabilities, aimed at reinforcing the internal capacities of affected member organisations at the level of technologies and/or processes and updates and dissemination at the industry level of the most appropriate strategies in response, on the basis of lessons learned.
THE VALUE OF PARTICIPATING IN CERTFin
CERTFin will allow the banking and financial sector: