CERTFin – CERT Finanziario Italiano is a public-private cooperative initiative aimed at increasing the cyber risk management capacity of financial operators and the cyber resilience of the Italian financial system through operational and strategic support activities for prevention, preparation and response to cyber attacks and security incidents.
CERTFin performs its activities in line with the national strategy and with other country-wide institutional initiatives relating to cybersecurity and the protection of critical infrastructure, helping to further develop the national and international network of institutional partners and experts.
CERTFin activities are developed on a cooperative basis for the benefit of all participating financial institutions.
- Create a Single Point of Contact (PoC) for the financial sector
- Promote public-private and intersectoral cooperation
- Foster the exchange of information on incidents, cyber threats, vulnerabilities, and lessons learned
- Study specific cyber events and assess their impact on the system
- Support incident response and the crisis management process (CODISE)
- Establish guidelines, methodologies, practices and tools to manage cyber risk
- Promote awareness and security culture (training / education)
- Develop international cooperation
Governance and organisation
CERTFin, jointly led by the Bank of Italy and ABI (Italian Banking Association) is operated by ABI Lab under the guidance of a Strategic Committee whose task is to set out policies and lines of development, and a Steering Committee, in charge of defining and overseeing the operational and economic management. Within the Strategic Committee, the insurance sector is represented by IVASS and ANIA, while Consob speaks for the financial sector.
directs CERTFin management policies and defines the lines of development for the sector in view of the evolving threat of frauds and cyber attacks.
defines the operational management of services offered to members and provides the Strategic Committee with an overall view of unfolding events, their impact on the industry and of the effective measures to be taken both collectively and by individual banks.
coordinates operational activities and the development of CERTFin.
some CERTFin members contribute their own resources to the institution's activities through participation in the virtual team under the decentralised "campus" organisational model, which provides:
- central coordination by Operations Management
- the virtual team’s contribution to the activities