Supply Chain Security Book

La transizione alla ISO/IEC 27001:2022
Effetti e impatti sui sistemi di gestione integrati
La soluzione


GDPR e Cloud

I risultati del comitato congiunto federale tedesco DSK

previous arrow
next arrow


Help public and private organizations to govern the challenges of digitalization and be resilient to the impact of cyber risk, planning and optimizing the necessary investments over time.


We support our customers
in the digital transformation
process and in implementing

resilient it technologies
on premise, in the cloud
and in smart-working.

We support our clients in the
development of tailor-made paths
of corporate resilience
to cyber risk, paths that include inter alia:
risk analysis and assessment,
regulatory compliance, security assessment,
security governance, security by design,
incident management process,
testing and verification of
digital operational resilience,
third party risk management,
audit of outsourced services
and support to certification.


The partner team is
made up of professionals
who have made the Internet
great in Italy and in the world,
participating in the development of infrastructures,
services and network security.

Operation Partners

Senior Partner

35Y+ in IT/Cybersecurity
Master’s degree ICT & Internet Engineering
– MCmicrocomputer, BYTE Italia
– MC-link
– Capgemini
– Professor @ LUISS, Unilink, Unicampus, SIOI
– Teacher @ Formez, SNA
– CISM, CRISC, C|CISO, Lead Auditor ISO 27001
– CLUSIT Board Member

Senior Partner

35Y+ in IT/Cybersecurity
Political Science Degree
– Fuigi Italiana, AST, Oracle, eSpin
   (JV Fiat, Oracle, Cap Gemini ErnstYoung)
– Partners4Innovation
– / GDPR
– Lecturer in computer security @UNIMI
– Founder and Chairman Clusit Community
   for Security
– CLUSIT Board Member

Senior Partner

30Y+ in IT/Cybersecurity
Electronic Engineering PoliMi
MIT Master Management
– System Robot Automation
– Bull Honeywell
– Siosistemi
– I.NET /BT Global Services
– Varonis
– Skybox Security
– CLUSIT Board Member
– Lecturer at CEFRIEL


35Y+ in IT/Cybersecurity
Degree in Economics
– Arthur Andersen
– McKinsey (founded BTO Italy)
– Capitalia (COO)
– Enel (CITO)
– Oliver Wyman


35Y+ in IT/Cybersecurity
Bachelor in Computer Science
Founded/participated in:
– ARS Informatics
– GLAMM / Dataservice
– Eximia
– Virthualis
– GTI Gaming
– Human Mobility

Senior Partner

Consulting, Audit, Assessment and Training: IT Service Management, Information Security, Risk Management, Incident Management, Business Continuity, Disaster Recovery.
– Security: Supply Chain, IT / OT, Awareness
– Lead auditor certified in international registers
– Certified ICT Security Manager
– Qualified auditor ISO 9001, ISO/IEC 27001,
   20000-1,  22301
– Designer and lead tutor of registered courses
– Member of UNINFO UNI/CT 510 “Sicurezza Informatica” and ISO/IEC JTC1 SC27/WG1

Technical Partner

Venture Partners

Angelomario Moratti
Seven Srl

Simone Brunozzi


Garden Ventures 2


The whirlwind digitalization of the way of producing and communicating in recent years has privileged some aspects of quality and business (speed, ease of use, integration) and widely underestimated

the security requirements of architectures, applications and systems. This underestimation, linked to the lack of awareness of what could happen, has created large security gaps that criminals on the one hand, and forces linked to opposing states, on the other, have used to take advantage of all kinds…

We refer here to the theft of information for industrial and commercial espionage, fraud and extortion (ransomware) and sabotage for terrorist or demonstration purposes.

This peak of the accident, measured in every international report that deals with the subject (for Italy the Clusit Report), first got the attention of the press and the media: there are countless articles also in the generalistic newspapers that deal with the accidents of cybersecurity and, then, of the national legislator and and everyone who has introduced rules, laws and internationals that oblige companies and companies of this type to take appropriate security measures, organizational guarantees and security guarantees of third parties (citizens, the market, customers, patients etc.).

It is now common opinion that these measures will be proportional and commensurate with the risk. Modern laws do not take a specific list of things to do, but writes that appropriate measures are taken according to these analyzes, refer to international best practices and require the company or organization to be accountable and can understand their degree of empowerment.

At the same time it is now obvious to all professionals that absolute safety does not exist and that a greater investment in safety only increases the degree of safety up to a certain point. It is therefore all the more necessary to start an investment in safety starting from an initial assessment and risk analysis and then determine which is the most useful level of investment in the specific business context and decline it over time.

The resulting crisis combines cybersecurity, risk and compliance. A mature approach to the problem considering these aspects together. The purpose of initiatives in this area must be to create an organization capable of guaranteeing the right level of confidentiality, integrity and availability of information, and, more importantly, being able to survive the inevitable cyber security incidents that will occur.
So be resilient!


< Milan | Corso Venezia, 54

< Rome | Piazza Finocchiaro Aprile, 3

Share capital Eur 15.000,00 – Fully paid-up investment capital Eur 1.000.000,00