Business partnerships

Awareness, continuous education, information sharing are the most powerfool instruments against security problems.

CLUSIT was born based on the experiences of other European Information Security Asociations such as CLUSIB (Belgium), CLUSIF (France), CLUSIS (Switzerland), CLUSSIL (Luxembourg), having been the references regarding Information Security since the last 10 years.

CLUSIT invites all persons and Organizations involved or interested in Information Security to join us.

@ Mediaservice.net has been one of the first CLUSIT associated among all the italian-based security companies; the company actively supports many of the CLUSIT activities, both with speakers for CLUSIT EDU and its seminars, writing targeted "CLUSIT booklets" such as “La verifica della sicurezza di applicazioni Web-based ed il progetto OWASP”, supporting as well the selection and publishing phases, as it happened with the white paper “Introduzione alla protezione di reti e sistemi di controllo e automazione (DCS, SCADA, PLC)”.

Last but not least, Raoul Chiesa, our Chief Technical Officer, is among the original CLUSIT Founders, a member of the Board of Directors since the foundation of the association (2000) and a member of the Technical-Scientific Committee.

Further information on CLUSIT and how to became an associated can be found here (in italian): http://www.clusit.it/associarsi.htm

Fondazione Ugo Bordoni (FUB, Ugo Bordoni Foundation) has been recognized by the Italian law n.° 3, dated January16th, 2003, as an high-culture private institution.

The Foundation elaborates and proposes development strategies in the telecommunication field, supported in those national and international competent centers.
FUB works in an operating mode with the Italian Ministry of Communication in order to analyze and fix technical, economical, financial, management, laws and regulatory issues, via organic and cross-based solutions.
In particular Ugo Bordoni Foundation works along with Istituto Superiore delle Comunicazioni e delle Tecnologie dell´Informazione (ISCOM, Superior Institute for the Communications and Information
Technologies) in the management of the Organismo di Certificazione della Sicurezza Informatica (OCSI, Information Security Certification Agency), set up with the DPCM dated October 30th, 2003.

In February 2008 it has been officialized an understanding protocol, stating a mutual support by @ Mediaservice.net and FUB, which goals are to converge worlds that apparently are distant each others, such as the certification standard for ICT products and systems (ISO/IEC IS15408, derived by the Common Criterias and by European criterias
ITSEC) and the OSSTMM methodology by ISECOM.

Further information can be found here (in italian and english):
http://www.fub.it
http://www.ocsi.isticom.it

Information Systems Audit and Control Association (ISACA) got its start in 1967, when a small group of individuals with similar jobs—auditing controls in the computer systems that were becoming increasingly critical to the operations of their organizations—sat down to discuss the need for a centralized source of information and guidance in the field. In 1969, the group formalized, incorporating as the EDP Auditors Association. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

Today ISACA memberships are more than 75.000 living in more than 160 countries, with its 175 local chapters in 70 countries worldwide.

Members cover a variety of professional IT-related positions, such as Information Security Audit, Consultant, Educator, Security Professional, Chief Information Officer, Internal Auditor: it's a mixed world, where IS auditing and the IS control standards themselves represent its core.

ISACA's Certified Information Systems Auditor (CISA) certification is recognized globally and has been earned by more than 60,000 professionals since inception. The Certified Information Security Manager (CISM) certification uniquely targets the information security management audience and has been earned by more than 9,000 professionals.
ISACA and ITGI (IT Governance Institute) also created the COBIT framework (Control Objectives for Information and related Technology), an Information Technology best practices commonly agreed as the standard approach in the IS field.

@ Mediaservice.net operated with ISACA's Rome Chapter, partecipating to its seminars, building cross alliances towards ISECOM and OWASP, building common initiatives, aimed to aware people on the issues related to information security.

Our company's collegues have been speakers at the ISACA's Rome Chapter in the following seminars:

• 2005, Introduzione alla metodologia OSSTMM ed alle certificazioni professionali OPST ed OPSA
• 2005, The truth about Ethical Hacking: a perspective from the OSSTMM
• 2007, La Computer Forensics in Italia

For further information on ISACA and the Rome Chapter activities (in italian):
http://www.isacaroma.it/html/Capitolo.html

If you want to subscribe to ISACA's Rome Chapter:
http://www.isacaroma.it/html/Associarsi.html

The Institute for Security and Open Methodologies (ISECOM) was founded in 2000 by Pete Herzog, aiming to develop and share open methodologies related to the Information Security.

ISECOM most worldwide known project is the OSSTMM (Open Source Security Testing Methodology Manual), became today's de-facto standard for the professional Penetration Tests and targeted security analysis; among some of the important ISECOM projects we can also find HPP (Hacker’s Profiling Project), SOMA (Security Operations Maturity Architecture) and HHS (Hacker High School).

@ Mediaservice.net and, particularly, the DSD staff, supports ISECOM as *OSSTMM Key-Contributor**s* since the release 1.5 until the actual release, 3.0.

Thanks to this strong background, @ Mediaservice.net is an *exclusive* ISECOM Training Partner <http://www.isecom.org/tp.shtml> in the following countries:

• Italy
• San Marino republic
• Vatican City
• Greece

In year 2005 the company becames ISECOM Affiliate for the above-mentioned geographical areas, representing ISECOM in those countries.
Further information on this subject can be found here (in english): http://www.isecom.org/affiliates.shtml

During 2006 @ Mediaservice.net has been awarded by ISECOM with the rank of *OSSTMM Platinium Auditor* into the ILA program (ISECOM Licensed Auditors), thanks to its acknowledgment in proofed experience with the OSSTMM methodology and the extremely high percentage of OPST and OPSA certified personnel into its Tiger Team.

This acknowledgment allows @ Mediaservice.net to run the OSSTMM Compliance Auditing Process on those reports written by other companies, allowing Clients the certification of the Security Report itself.

Further information can be found at (in english):http://www.isecom.org/auditors.shtml

The International User Group (IUG) meets the ISMS (Information Security Management System) users under the standard ISO 27000 (ex BS7799) and those linked ones.

The Italian Chapter (ISMS Chapter) aims to reach the following goals:

• support the disclosing of the ISO 27000 standard and its connected norms in Italy, helping the development and the spread of the information security culture, organizing meetings, workshops, publications and trainings;
• exchange experiences and information with anyone (associations, research groups, universities, schools, public administrations, companies, professionals, etc..) interested in information security management and those linked topics;
• interact with all the existing abroad chapters on the application issues of the ISO 27000 series and on the application's goals, spreading this kind of information on the italian market. Support the market (companies, consultants, certification bodies, associations, universities, etc..) when applying the standard;
• build business opportunities, granting qualification and certification processes, aiming to assure a constant and elevated professionality.

The Chapter is open to everybody wants to contribute in developping these topics, needs to be informed on the information security.
Chapter's rules are detailed in the Charter that every associated must accept when subscribing.

In the afore mentioned approaches @ Mediaservice.net - being an associated company to the italian IUG - carries on research projects aiming to a combined use of Proactive Security and Risk Analysis methodologies, with the final goal of an higher qualitative status in the italian market.

If you want to subscribe to the Italian ISMS Chapter (in italian): http://www.ismsiugitaly.net/