Abstract
Il Joint Lab per la Cybersecurity di FBK: verso una nuova governance della sicurezza
FBK, istituto di ricerca italiano con circa 1000 dipendenti, ha creato un Joint Lab per la Cybersecurity che unisce ricerca e operatività IT. L'infrastruttura è complessa ed eterogenea (BYOD, IoT, cloud ibrido), il che richiede un approccio Zero Trust adottato prima ancora della Direttiva NIS2. Le misure principali includono MFA anti-phishing, micro-segmentazione di rete, VPN granulare (NetBird), monitoraggio continuo e backup immutabili. La quasi totalità delle categorie Zero Trust ha raggiunto lo stato "Advanced". Per il 2026-2028, FBK punta su formazione degli utenti, IAM federato con Just-in-Time Access e uno stack SIEM/XDR open source (Wazuh, OpenCTI) per garantire sovranità digitale. L'esperienza FBK dimostra che partire da Zero Trust rende la compliance NIS2 un approfondimento, non un'emergenza.
Presentazioni
- DOCUMENTO
Video
Bio
He began his career as a developer and, in 2026, joined FBK’s Joint Lab for Cybersecurity.
Within this unit, he supports the IT services and infrastructure team in maintaining services, acting as a bridge between operations and the cybersecurity domain.
Abstract
FBK’s Joint Lab for Cybersecurity: towards a new security governance model
FBK, an Italian research institute with around 1,000 employees, has established a Joint Lab for Cybersecurity that brings together research and IT operations. Its infrastructure is complex and heterogeneous (BYOD, IoT, hybrid cloud), requiring a Zero Trust approach adopted even before the NIS2 Directive. Key measures include phishing-resistant MFA, network micro-segmentation, granular VPN access (NetBird), continuous monitoring, and immutable backups. Almost all Zero Trust categories have reached an “Advanced” level of maturity. For the 2026–2028 period, FBK is focusing on user training, federated IAM with Just-in-Time Access, and an open-source SIEM/XDR stack (Wazuh, OpenCTI) to ensure digital sovereignty. FBK’s experience shows that starting with Zero Trust turns NIS2 compliance into a refinement process rather than an emergency response.
Attribuzione 4.0 Internazionale