IT security and privacy in Italy

CSI Piemonte, an Italian public sector co-operative visited Sun yesterday to talk about today and tomorrow’s Security with Alec Muffet and Dave Walker, and I had the honour of hosting and MC’ing the meeting. This article looks at tools for implementing defence in depth and looks at the Italian privacy laws.

While discussing data centre networks i.e the network inside the firewall and how to build the firewalls, a number of products and companies were discussed, these include CSE Piemonte themselves, Tripwire for intrusion detection, Zeus, traffic management, ActivIdentity, part of an SSO solution, Tier-3, leveraging Behavioural Intelligence, Sun’s Access Manager, “Privacy on the Line” a book by Whitfield Diffie and Susan Landau, Endevours Technologies, Sun’s Security Community’s publications, Shibboleth, for single sign-on, and juniper.net/, looking at their virtual firewalls. Alec also spoke about some of the ideas he developed in his blog article Hankering For A World Without “Identity” or “Federation”. This latter conversation was very wide ranging and reviewed the significant differences between the UK and Italian data privacy laws, particularly in the field of medical data and records. The Italian laws seem very citizen-centric, which is what we’d hope for in a democratic Republic. The CSI Piemonte people told us that

“The Italian Government is prohibited from asking for citizen’s information twice”

which is really cool but it still has problems sharing it around the government between departments and bodies. In the UK, this is causing me problems with the Student Finance company at the moment. I’d like the Passport Agency and the Inland Revenue to pass my details on to them, so I don’t have to collect all the stuff they ask for. I suppose that they can’t ask the Inland Revenue because they want to know more than they do. Go figure.

ooOOOoo

Originally posted on my sun/oracle blog, and reposted here in July 2016.