Network Security for Metro & Rail Applications - Altran Italiaadmin.altran.it/fileadmin/medias/IT.altran.it/Images/Publication/... · kind of improvements, basing on reference targets

Altran Italia | Technology Review # 08

Vincenzo Orlando Pannella, Piero Sisti, Maurizio Nastro

ABSTRACT:

Interest for network security, in the field of railway transport applications, has been growing rapidly. This is especially true nowadays, all the security sy-stems (e.g. Close Circuit TV, Fire Detection, Public Announcement, Access Control, etc) are based on IP technologies and at the same time the customer’s needs forced railway companies to design open net-work solutions (e.g. Automatic Fare Collection Sy-stem that provide the ticketing services, but need to be interfaced with untrusted network, etc). The IP network became the core system that provides connectivity to the entire architecture and the cri-tical point too. The risk analysis is a solution to reduce risks and hazards; both internal and exter-nal analyses are important (in order to guarantee, for example, adequate separation of duties for the main roles and responsibilities and the vulnerabili-ty against hacker attacks or unauthorized access).This paper investigates on the necessity to carry out a risk analysis in order to have a general vision on how Information Security (IS) is approached and managed, giving highlights on areas needed some kind of improvements, basing on reference targets.A very rich technical literature is present on the-se argumentations. Telecommunication compa-nies analyzed in detail the matter, but generally their methodologies and tools are not flexible to be easy adaptable to other fields and applications.Altran Italia has developed Altran Security As-sessment (ASA), an assessment tool to ve-rify the state of IS governance of a service.ASA can be customized for railway transport in-frastructure, being applicable to every context whose IS governance needed to be analyzed, choosing appropriately service domain and con-trols, accordingly with international standards and best practices (e.g. ISO\IEC27001, NIST, etc).

Network Security for Metro & Rail Applications

It can also be used for the creation of an Informa-tion Security Management System (certifiable ba-sed on ISO\IEC27001, BS25999, etc).In this paper, in order to give a short demonstra-tion, will be showed a practical example of the assessment tool used for Close Circuit TV in the railway urban transport (Metro Applications).

1. Introduction:

Modern rail operators, to ensure their ongoing suc-cess, are making maximum use of the IP infrastruc-ture, that is become the “Achille’s hell” [8]. From a hand there is the necessity to provide an infrastructure with the widest range of services as possible (e.g. Access Control, Video Image Strea-ming, etc) and on the other hand the need to ensure the total security from any kind of attack (malicious or unconscious) that may cause network downti-me, unauthorized access and security hazards (e.g. Cancel \ Steal a sensitive information \ data stream, etc), rail operators are trying to find the right trade-off [1], [2], [5].In order to introduce an operative scenario, for this paper, is very interesting to describe the following conceptual scheme of a railway urban transport IP network (please, refer to Figure 1). The depicted architecture is not exhaustive for the complete description of the IP infrastructure, but it provides the representative blocks and summarizes the principles of connection to introduce the fol-lowing case studies (please, refer to § 3).

Vincenzo Orlando Pannella, Piero Sisti, Maurizio Nastro.

28


Figure 1 describes an IP-based core network, made of different nodes (each one represents a physical site, with Layer 2 and Layer 3 features):

• Operation Control Centers (Primary and Backup);• Primary Node (Interchange Station, Depot, etc);• Secondary Node (Passengers Station);• Extra Sites (Other Accessory Sites).

Each Primary or Secondary Node has a dedicated WAN link between the site itself and the Control Center. The Extra Sites, instead, are linked to the nearest nodes and are generally considered as LAN extension of the node itself.The aim of this paper is to describe a methodology (based on the heritage of Altran railway, network and security consultants) with the use of a tool (ASA) in order to represent the steps to evaluate the risk of wrong decisions and to reduce the negative conse-quences on the IP network; in particular, paper focu-ses on an application to the Close Circuit TV.Because of the strong confidentiality of the matter, it is not possible to show detailed results and informa-tion about implemented projects. The main scope of this paper is to give evidence to the methodology.

2. Methodology

Methodology is composed of six phases, automata-ble with ASA, starting from a general analysis of the problem to be approached, until reporting of results obtained [3], [4], [6], [9].In Phase 1, the following actions are conducted:

• general analysis of the project;• project macro-areas individuation;• team-working establishment.

Basing on project complexity, team-working will be formed by one or more experts on every relating macro-area.In particular, for the themes approached in this pa-per, competencies required are the following:

• IP Networking (TEM \ ASD-R, Altran Italia Divi-sions);• IP Security (TEM, Altran Italia Division);• Railway & Metro Systems (ASD-R, Altran Italia Division);• Close Circuit TV System (ASD-R, Altran Italia Di-vision);

Figure 1. IP Architecture for Railway Urban Transport.

29


• IT Auditing, Risk and Quality Management (In-novation & Solutions Office Altran Italia);• Security Countermeasure (TEM \ ASD-R, Altran Italia Divisions).

Where:

TEM: Telecommunication, Electronics & Media;ASD-R: Aerospace & Defense, Naval and Railway, Se-curity.

In Phase 2, a deep analysis and a services modeling within every macro-area individuated is executed.Framework services is essential in order to have the correct reference (e.g.: international standards, laws, best practices, etc) to use.Each Service is then analyzed and logically divided into two following levels:

• Security Domains;• Controls.

Every Security Domains is divided in a set of controls and each control is composed by a specific number of questions, with multiple answers, which is fun-ction of the complexity of the control itself (please, refer to Figure 2).

Security Domain 1

Control 1

Question 1

...Question 2

Control 2

Security Domain N

…

Question 1

Question 2

Question N

...

Question N

Control 2

Question 1

Question 2

Question N

...

Control 1

Question 1

...Question 2

Question N

Control 2

Question 1

Question 2

Question N

...

Control 1

Question 1

...Question 2

Question N

...

Question 1

...Question 2

Control N

Question N

...

Question 1

...Question 2

Control N

Question N

...

Question 1

...Question 2

Control N

Question N

Security Domain 2

In Phase 3, there is the evaluation of the service im-pact that a particular risk or hazard may generate [10]. It is accomplished taking in consideration Financial, Commercial, Legal and Goodwill information valua-tion categories (please, refer to Table 1, Table 2, Table 3 and Table 4).

For every category are defined four impact values, in the range [0 – 3], describing possible consequences in case of compromising of one (or more) securi-ty requirements of the information managed by the service.

Figure 2. Service Logical Scheme (Security Domains and Controls).

Impact (I) Description

0 - Null Financial Loss is insignificant .

1 - Low Financial Loss is low and affects only limited stakeholder categories.

2 - Medium Financial Loss is medium and affects some stakeholder categories.

3 - High Financial Loss is high and affects the more important stakeholder categories.

Table 1. Financial Loss.


0 - Null Commercial Competitiveness Loss is acceptable.

1 – Low Commercial Competitiveness Loss is limited only to market area that are notstrategic.

2 - Medium Commercial Competitiveness Loss affects some strategic market area.

3 - High Commercial Competitiveness Loss affects strategic market area and cannot easilyrecovered.

Table 2. Commercial Competitiveness Loss.


0 - Null Legal Sanction is insignificant.

1 - Low Legal Sanction is low and affects only limited stakeholder categories.

2 - Medium Legal Sanction is medium and affects some stakeholder categories.

3 - High Legal Sanction is high and affects the more important stakeholder categories.

Table 3. Legal Sanction.


0 - Null Loss of Goodwill is insignificant.

1 – Low Commercial Competitiveness affects relation with only internal stakeholdercategories (i.e., dependents).

2 - Medium Commercial Competitiveness affects relation with also external stakeholder, butlimited only to market area that are not strategic.

3 - High Commercial Competitiveness affects relation with external stakeholder relative tostrategic market area.

Table 4. Loss of Goodwill.

30


The Service Impact resulting is the maximum among the ones associated to every category.Each Service has associated a Key Risk Indicator (KRI), defined as the maximum acceptable risk for the service itself (KRI and Impact are inversely pro-portional, as shown in the Table 5).

In Phase 4, every control is analyzed (please, refer to Table 6) and a tree diagram is generated (please, refer to Figure 3) to map the different topics.

Every tree diagram level corresponds to a question in the control. The first level has only one node, the tree diagram root. The level 2 has a maximum num-ber of nodes as the number (m) of multiple answers of the question in the level 1. The level N (N≥3) has a maximum number of nodes as:

(Number of multiple answers of the question in the level (N-1))*(Number of multiple answers of the que-stion in the level (N-2))

The tree diagram root is marked as SDCI, where SD and CI mean, respectively, security domains and control identifiers; a progressive ID is included for each node.Every branch in the tree diagram has a value fun-ction of the answer; each path is characterized by a value, obtained by summing values on each branch of the path.The value is higher when each node of the control gives more guarantees and is more conservative from an Information Security point of view.After this calculation, the values are normalized in order to be comparable each other and with KRI.The value resulting from this process is the Control Risk Level (CRL).In Table 7 is showed a mapping table.

Table 5. Relationship between Service Impact and Key Risk Indicator.

Service Impact (I) Key Risk Indicator (KRI)

0 4

1 3

2 2

3 1

Table 6. Security Domain Control.

Figure 3. Control Tree Diagram.

31


Tree Diagram Path CRL

[V3 – Vmax] 1

[(V2 + 1) – V3] 2

[(V1+1) – V2] 3

[Vmin – V1] 4

Where:

Vmin = minimum tree diagram path value.Vmax = maximum tree diagram path value.V1, V2, V3 = tree diagram path values between Vmax and Vmin, that represent particular thresholds.

Basing on the CRL, a control is marked as conform or non-conform, depending if it is respectively green or (red, yellow) as shown in the following Table 8:

KRI = 4 KRI = 3 KRI = 3 KRI = 1

Red CRL = 4 CRL = 4 CRL = 4 CRL = 3, 4

Yellow CRL = 3 CRL = 2, 3 CRL = 2, 3 CRL = 2

Green CRL = 1, 2 CRL = 1 CRL = 1 CRL = 1

As showed in Table 8, conformity range varies in base of KRI (and the service impact) value.Security Domain Risk Level (SDRL) is the CRL average of all control inside the Security Domain.In Phase 5, a picture of all controls defined for every Security Domain and Service is created, highlighting CRL values and a control traffic light status, in base of its conformity state (please refer to Table 8).For every non-conform control is associated a po-tential countermeasure to implement, as showed in Table 9.

Security Domain Control CRL Countermeasure

Security Domain 1 Control 1 SecDom1_Control1_CRL Here is written a suggested countermeasure.

Security Domain 1 Control N SecDom1_ControlN_CRL Here is written a suggested countermeasure.

… … …

Security Domain N Control 1 SecDomN_Control1_CRL

Security Domain N Control N SecDomN_ControlN_CRL Here is written a suggested countermeasure.

In Phase 6, reports can be generated showing re-sults across Security Domains and Controls, using pie chart, bar graph and spider chart. In Figure 4 is represented the overall non-conform controls for an example service. They are divided, in percentage, for the Security Domains considered.

Percentage is calculates as follows:

(Percentage)SD = {[(N° NC_Controls_Yellow)SD + (N° NC_Controls_Red)SD *1,5] / [(N° NC_Controls_Yel-low)TOT + (N° NC_Controls_Red) TOT *1,5]}*100

where:

(N° NC_Controls_Yellow)SD = number of yellow non-conform controls (please, refer to Table 8)

Table 7. Tree Diagram Output Value – CRL Mapping Table.

Table 8. Conformity Table.

Table 9. Total Controls and Countermeasures.

11,3%

8,1%

4,8%

8,1%

11,3%

9,6%

9,6%

6,5%

8,1%

8,1%

9,7%

4,8%

Security Domain 1

Security Domain 2

Security Domain 3

Security Domain 4

Security Domain 5

Security Domain 6

Security Domain 7

Security Domain 8

Security Domain 9

Security Domain 10

Security Domain …

Security Domain N

Figure 4. Service Overall Non-Conform Control.

32


in the Security Domain considered.(N° NC_Controls_Red)SD= number of red non-con-form controls (please, refer to Table 8) in the Securi-ty Domain considered.(N° NC_Controls_Yellow)TOT = number of yellow non-conforms control in the overall Security Do-mains (Service).(N° NC_Controls_Red)TOT= = number of red non-conform controls in the overall Security Domains (Service).

Figure 5 shows the number of non-conform controls against the total one for every Security Domain:

0

2

4

6

8

10

12

14

Non Conform Controls

Total (Conform + Non-Conform) Controls

Figure 6 gives a SDRL representation across all Se-curity Domains:

0,0

1,0

2,0

3,0

4,0Security Domain 1

Security Domain 2

Security Domain 3

Security Domain 4

Security Domain 5

Security Domain 6

Security Domain 7

Security Domain 8

Security Domain 9

Security Domain 10

Security Domain …

Security Domain N

Security Domain Risk Level (SDRL)

It is also possible to have a complete picture of a single Security Domain, showing CRL values of all its controls (please, refer to Figure 7):

3. Case Study

In the following are provided two different IP net-work macro-areas related to the Close Circuit TV Sy-stem:

• IS Governance;• Risk Analysis.

In the first one will be analyzed the hazards that co-mes from a not accurate engineering and bandwidth calculation; in the second one will be presented a case of hazards coming from the connection with “Untrusted Networks”.

A. IS Governance “Close Circuit TV Video Stream Flow Performances”. The remote connection between two nodes (e.g. Me-tro Station and Primary Control Centre) has to be opportunely sized starting from the project require-ments and following the performance needs (please, refer to Figure 8); in the considered scenario the lo-cal Close Circuit TV devices, collect and stores video streams and send them to the main Close Circuit TV Network video recorder, located in the Control Centre.

Figure 5. Service Non-Conform and Total Controls.

Figure 6. Service Security Domain Risk Levels (SDRL).

Figure 7. Security Domain Control Risk Levels (CRL).

0

1

2

3

4Control 1

Control 2

Control 3

Control 4

Control 5

Control 6Control 7

Control 8

Control 9

Control …

Control N

Control Risk Level (CRL)

33


Figure 8. Close Circuit TV Video Stream Flow.

In Table 10 is shown an example of control (pertai-ning of ‘Capacity Planning’ Security Domain) for the considered scenario. This control is not exhaustive and has to be considered only representative.

CCTV Video Stream Flow Performance (PF)

1. Has been made a capacity planning to cor-rectly size the total bandwidth required for the con-sidered station node? Yes Yes, partially NoComments:

2. Has been made a capacity planning to calcu-late the bandwidth required for the Close Circuit TV system deployed in the considered station\node? Yes Yes, partially NoComments:

3. The number of video cameras has been cor-rectly computed and dimensioned following Close Circuit TV best practices guidelines?

Yes, partially NoComments:

4. Has been considered an opportune ban-dwidth to add other cameras for future expansion? Yes Yes, partially NoComments:

5. Codec used for video compression are per-forming adequately for an efficient compression? Yes Yes, partially NoComments:

6. Have been implemented Quality of Service (QoS) Policy on the link between the station \ node and the railway IP network? Yes Yes, partially NoComments:

34


7. The network system provides warning when the bandwidth usage reaches a fixed threshold? Yes Yes, partially NoComments:

and so on.

B. Risk Analysis “External Access to the IP Network and damage to the Close Circuit TV Services”. It will be considered the access to the distributed Close Circuit TV nodes, both for real-time and re-corded video streams, from an external potentially dangerous “Untrusted Network”. In Figure 9 are provided the representative blocks\items to introduce the test case and it must not be considered as a Network exhaustive scheme.

Generally, the connection between the Surveillance Headquarter and the Railway IP Network is realized with a Virtual Private Network LAN-to-LAN that allow to the different operators to connect to the railway network contemporarily and in the mean time to access to their network resource and services. The Virtual Private Network is realized between the Sur-veillance premises and a “front-end”, located in the railway premises, that is represented from a Virtual Private Network concentrator. The VPN concentrator closes the encrypted tunnel between the two networks and can implement the security policies, Access Lists, to secure and control the access from the Untrusted Network.

In the Table 11 and Table 12 are shown two exam-ples of controls (pertaining of ‘Access Control’ Secu-rity Domain) for the considered scenario. In the first one is investigated a network access issue, while in the second one a perimeter security control is provi-ded. These controls are not exhaustive and have to

be considered representative of it.

Table 10. Control Report - Performance.

Figure 9. External Access to the Close Circuit TV.

35


IP Network Network Access Access Control (NA)

1. Are both the Surveillance Network Operation Centre and Railway Virtual Private Network gateways able to protect confidentiality and integrity adequa-tely in base of criticality of information transferred and stored inside the Railway IP Data Network? Yes Yes, partially NoComments:

2. Is the Railway Virtual Private Network front-end able to handle any additional load in case of an increasing of performance requirements? Yes Yes, partially NoComments:

3. Does the Railway Virtual Private Network ga-teway encrypt and storage adequately the pre-sha-red key or certificate? Yes Yes, partially NoComments:

4. Is the Railway Virtual Private Network gate-way in a Deny-by-Default posture (Deny by default, allow by exception)? Yes Yes, partially NoComments:

5. The Network Layer Virtual Private Network solution to connect the Surveillance Network Ope-ration Centre and Railway Data Networks has been made basing on a cost/benefits analysis (e.g., Secu-rity, Quality of Service, etc) against other kind of so-lutions (e.g.: Leased Line, Data Link Layer Solution, etc)? Yes Yes, partially NoComments:

6. Data entering the Railway Virtual Private Net-work gateway is proxied or passes through a firewall configured to implement the content, protocol and flow control inspections (DNS, SMTP, FTP, HTTP)? Yes Yes, partially NoComments:

7. Data entering the Railway Virtual Private Net-work gateway passes through a firewall with ade-quate access control list implemented, such as the following to mitigate spoofing?- Any packet coming into the network must not have a source address of the internal network.- Any packet coming into the network must have a destination address of the internal network.- Any packet leaving the network must have a source address from the internal network.- Any packet leaving the network must not have a destination address from the internal networ-ks.- Any packet coming into the network or lea-ving the network must not have a source or desti-nation address of a private address or an address listed in RFC191S reserved space. Yes Yes, partially NoComments:

8. Has periodically been performed a security assessment to identify any existing security issues related to the Railway Virtual Private Network? Note: assessment should address not only technological issues (e.g.: unneeded accounts, MITM scenario attacks, etc), but also physical and organizational ones, such as:- Inadequate physical security controls.- Separation of duties / need to know princi-ples application. Yes Yes, partially NoComments:

and so on.

Table 11. Control Report – Network Access.

36


Perimeter Security Network Access Control (NA)

1. In case it is allowed to access to the Railway IP Data Network through wireless connections, are implemented adequate measures, such as, for example, the following?- Confine wireless access points in subnets adequately separated from the others.- Limit, as soon as it possible, the power si-gnal emitted, so to reduce propagation outside the physical perimeter.- Adopt adequate measure in order to control radiation emitted.- Encrypt all traffic between the wireless and Railway Virtual Private Network Data Network net-works within a Virtual Private Network tunnel.- Train users (e.g.: to not configure the Virtual Private Network connection to save the username and password, credential thief in case a wireless lap-top is stolen). Yes Yes, partially NoComments:

2. Is performed periodically a security asses-sment to identify the presence of non-authorized remote access way (e.g.: rough access point, non-authorized modem, etc) in the Railway IP Data Net-work premises? Yes Yes, partially NoComments:

3. Is the Physical security based on a layered defense model, implementing different types of physical personnel access control mechanisms to the Control Center basing on area to be accessed (e.g. Server Room, Equipment Room, etc)? Yes Yes, partially NoComments:

4. The categories of personnel (e.g.: staff, ope-rator maintenance, guards, etc), that have access to the Control Center, have been classified and the cor-

responding types of credentials are applied? Yes Yes, partially NoComments:

and so on.

Adding controls to those exemplified above, it could be possible to have a more clear vision about ha-zards related to the macro-areas selected, and have reports showing how is distributed the CRL across Security Domains (i.e.: Figure 7).

Table 12. Control Report – Perimeter Security

37


CONCLUSIONS

Methodology and tool (ASA), as discussed in this paper, give the guidelines to schedule and prepa-re a specific assessment to further investigate the hazards and risks (for both IS Governance and Risk Analysis). Various aspects of the exposed metho-dology are flexible and could be customized to the particular contexts, allowing highlighting areas and topic more critical. In particular, it is possible:

• to define the appropriate level of controls, going more in depth for more vulnerable Security Domains;

• to prioritize Critical Controls (or single question) assigning them a weight, so that they contribute more to the SDRL (or the CRL);

• to calculate the reference target (KRI) and to per-form an evaluation on different categories (Financial Loss, Legal Sanction, etc) for the market area and \ or the strategic objectives of the service;

• to consider more than one service at a time, grou-ping test results and reporting;

and as consequences, it is possible to define the correct [7]:

• Vulnerability Assessment: this activity allows to clearly check the exposure status of the systems to any known vulnerabilities. Checks are carried out very quickly therefore a wide perimeter can be te-sted in a short time providing a very detailed vision. The usage of a robust methodology and automatic tools make possible to check the real vulnerabilities from an attack.

• Penetration Test Activities: Aim of this activity is to provide all-round investigation to find the vulnerabi-lities and security threats in systems and networks. During the study, the risks and attacks caused by ha-ckers to the network were evaluated and the results obtained are a good indicator of the security state of the network. During a penetration test, intrusion si-mulations are carried out in dynamic situation (diffe-rent periods of time) with different attack scenarios and combining manual techniques with automatic tool use. In this way, it is possible to analyze all the exposure to vulnerabilities that cannot be checked by automatic software and also to see how the indi-vidual vulnerabilities combined exploit can have a strong impact on security.

As final step, if the methodology is automated for a specific field, it can be used as a continuous support in order to create a Management System certifiable based on international standards. It is possible to develop questions and controls in accordance to ISO27001, BS25999, and other standards in order

to have a guideline to create a Management System

to be audited for certification.

Biography

Vincenzo Orlando Pannella, Senior Consultant, graduated in Electronic Engineering at University of Naples “Federico II”. After a strong experience on railway systems (SCC – Sistema Supporto Condotta and SCMT – Sistema Controllo Marcia Treno) for various

Altran’s customers, he was engaged as System Engineer on safety and security systems for national and international Metro Projects (Brescia Metro, Florence Tramway, Dubai Metro, London Metro and Thessaloniki Metro).Since May 2011 he is the Solution Manager of the “Security Solution” for the ASD-R Division of Altran Italia. In this role, he is the technical responsible for the turn key projects with an impact on physical security for the Critical Infrastructure (such as Harbours, Airports, Military Depots, Subways, Banks, Hospitals and so on).

38


BIBLIOGRAPHY

[1]. Reliable IP Networks for Rail Operators – Strategic White Paper, Alcatel Lucent (2010).[2]. Railway Security Issues: A Survey of Deve-loping Railway Technology - A.H. Carlson, D. Frin-cke, M. J. Laude (2004).[3]. Guide for Developing Performance Me-trics for Information Security - National Institute of Standards and Technology Special Publication 800-80 (2006).[4]. Recommended Security Controls for Fede-ral Information Systems and Organizations - Na-tional Institute of Standards and Technology Spe-cial Publication 800-53rev3 (2009).[5]. Implementing Passenger Information, En-tertainment, and Security Systems in Light Rail Transit – Valentin Scinteie, Alstom Transport In-formation Solution - Transportation Research Cir-cular E-C058: 9th National Light Rail Transit Con-ference (2004).[6]. Measurement Guide for Information Secu-rity - National Institute of Standards and Techno-logy Special Publication 800-55 rev1 (2008).[7]. Penetration Test - Bernardo Pelazzi, Uni-versità Degli Studi Roma Tre, Dipartimento di In-formatica e Automazione (2008).[8]. Resilience and Friability of Transportation Networks: Evaluation, Analysis and Optimization - IEEE Systems Journal - W. H. Wang, D. (2011).[9]. ISO/IEC 27001-2005 Information techno-logy -- Security techniques -- Information security management systems.[10]. ISO/IEC 27005-2008 Information techno-logy -- Security techniques -- Information security risk management.

39

After the experience in Scalable Video Coding performed in TiLAB (Telecom Italia research

laboratories in Turin) he had worked in Infogroup S.p.A as Project Engineer for the CRF Holding IT Infrastructure and he specialized in Networking and Cabling system (Cisco CCNA 1,2,3,4).In 2007 he joined Altran Italia (ASD-R division) and he worked as Project Engineer for the IP Network, Fiber Optic Network of Dubai Metro.After the successful completion of the project at the end of the 2009, he follows as Project Engineer, the Wireless Data Network design for Dubai Airport Concourse 3 project.Since May 2011 he works at the “Security Solution” for the ASD Division of Altran Italia.

Maurizio Nastro, graduated in Telecommuni-cation Engineering in 2001 at “La Sapienza” University of Rome. After his initial experience in third generation mobileservices (UMTS), where was involved in testing activity coordination within

globally diverse teams working environment and troubleshooting related to standards-conformity, he has been working in the “IT Auditing and Risk Management” Altran Italia LABS expertise center, with activity focused on information security governance (risk analysis, information security auditing, business continuity/disaster recovery, privacy, …).Since April 2011 he works at “Quality&Risk” Altran Italia Programs Office.He is BS7799 / ISO270001 and BS25999 Lead Auditor, and has completed the advanced course in Information Security Management (CEFRIEL- Polytechnic University of Milan).

Piero Sisti, Professional Consultant graduated in Telecommuni-cation Engineering in the 2006 at “Università degli Studi of Florence”.

Documents

Network Security for Metro & Rail Applications - Altran Italiaadmin.altran.it/fileadmin/medias/IT.altran.it/Images/Publication/... · kind of improvements, basing on reference targets