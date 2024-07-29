ACN has recently published and distributed the Incident Notification Guide to CSIRT Italy. According to the note, the correct adoption of the cyber incident notification procedure is a crucial element to ensure the security and resilience of networks, information systems and IT services.

The promptness and accuracy of the information provided during the notification process will allow CSIRT Italy to acquire full knowledge of the incident that occurred for the subsequent alert activities, and provide the affected parties with the necessary support for the restoration of the affected services.

The Guide is a ““consolidated text” of the instructions addressed to various public and private entities, required by law to notify incidents, entities included in the National Cyber ​​Security Perimeter (PSNC), those operating in the NIS and Telco fieldsto which are added those specifically addressed to the entities currently considered by law no. 90/2024*. However, it is addressed also to all those subjects, public and private, who, although not obliged to notify, intend to voluntarily report the incident to the CSIRTthus contributing to a better sharing of knowledge on the level and intensity of the threat, to strengthen the resilience of the Italian digital ecosystem.

These are the four phases of the communication process at CSIRT Italy:

1. A preparatory phasewith the aim of collecting the first information suitable to guarantee sufficient knowledge of the event;

2. Incident reporting phasethat happens by filling out a form available on the website of CSIRT Italy. The timing of the reporting is defined in the guidelines, and differently declined depending on the subject’s membership in the different regulatory bodies. In any case, reporting is strictly related to the principle of immediacy of knowledge of the accident, understood in its magnitude and in its character of possible systemic impact;

3. Notification Managementthat is, the “incident handling” operations by the CSIRT Italia staff, to support the victim with effective containment and service restoration actions;

4. the process ends, finally, with the incident closure phase.

This is the link to PDF of the Guide