Cybersecurity (or information security) is the set of practices, technologies and processes designed to protect computers, networks, devices, systems and data from attack, damage or unauthorized access. The main objective of cybersecurity is to ensure the confidentiality, integrity and availability of information and digital assets. These activities are carried out by personnel assigned to perform these activities:
Job profiles related to information security - Knowledge, skill and competence requirements
Professional figures working in cybersecurity of public and private organizations
-
The Cybersecurity Contact Person (Lg. 90/2024) works at the operational level for the organization with technical autonomy in carrying out assigned tasks, managing the implementation of Cybersecurity and also interfacing with the management level and the internal supply chain, consistent with assigned tasks and activities, and has a key role in ensuring that organizations take appropriate protection and preparedness measures to deal with cyber threats
-
The Cybersecurity Manager operates at a tactical-strategic level for the organization with autonomy and responsibility in carrying out tasks and in some cases may temporarily replace the Cybersecurity Contact Person
-
Cyber analysts are professionals who deal with cyber analysis and are trained to work in the field of digital investigations, OSINT analysis, and applied cybersecurity. They acquire cross-disciplinary skills ranging from threat analysis to the collection and correlation of data from open sources, networks, digital devices, and high-risk environments (e.g., the dark web and cryptocurrencies). They are key figures in integrating digital and investigative skills, contributing to information protection, digital evidence management, and strategic data interpretation in support of security and justice. They work in collaboration with public bodies or private entities, supporting investigative operations, forensic analysis, and cyber intelligence activities. They are able to use specialized tools for digital tracking, evidence acquisition, data traffic analysis, digital identity verification, attribution of responsibility, and prevention of critical events
Competency certification operated by a certification body that follows the rules of accreditation provides certainty and assurance of the best competency in the relevant market.
Information Security (UNI 11621-4)
The standard defines third-generation professional profiles related to information security using the principles specified in UNI 11621-1 "Methodology for the construction of professional profiles based on the e-CF system." The professional working in information security performs a wide range of activities having a cross-cutting nature with respect to other business processes, contributing to the management or verification of a more or less extensive set of significant information processes or systems.
The Standard identifies nine professional profiles:
-
Chief information security officer (CISO)
-
Information security manager
-
Information security process analyst
-
Technical analyst for information security
-
Forensic analyst for ICT incidents
-
Information security process specialist
-
Information security infrastructure specialist
-
Information security application specialist
-
Incident response specialist
For each profile, the Standard defines tasks, competencies, skills and knowledge. With certification, the professional is able to provide greater assurance to his or her clients, gain credibility and access the registers of professionals certified according to the UNI 11697 standard.
Relevant documents
Contact us. We are available to provide you with all the necessary information or to assist you in submitting a complaint
