ANSSAIF is a not for profit association; its name stands for: National Association of Security Specialists in Financial Intermediation Companies.
It was established on December 15, 2003.
All decision are taken by the Board of Directors and the President. They are elected by the Members reunited in assembly. They remain in charge for two years.
The present President is Mr. Cecil Wright, Master Degree in Civil Engineering, with a long experience in ICT, Security and Business Continuity.
The present members of the Board of Directors are, or have been, managers in Bank of Italy and in the main Italian and international banks (Unicredit, Monte dei Paschi di Siena, BNL, ICCREA, Intesa San Paolo, BNP-Paribas-France, Barclays).
The main objectives of the association are:
· contribute to create more awareness on the need of protecting all assets from the loss of confidentiality, availability and integrity;
· promote studies and researches in ICT Security, in particular in integrating logical and physical security;
· use the knowledge and experience of those experts who have retired;
· share ideas and experiences among members;
· assist Universities and Companies in forming new young specialists.
Also due to the instructions on DRP and BCP by Bank of Italy, great emphasis is given by the Association to disaster recovery planning, business continuity planning and management, and crisis management, as can be understood by the number of Seminars and Congresses that are being held on these areas.
In fact, the majority of the members of the board were involved in the working groups, managed by the Italian banking association and Bank of Italy, on writing the methodology to BCP (ABILab: Metodologia sulla business continuity), in the first group, and planning how to mitigate risks in case of disasters affecting the italian financial system, in the latter (CODISE Group).
The Association’s projects are, at present, in three main directions:
- Creating awareness in the outer world,
- Sharing information with other Associations,
- Sharing experiences and opinions within its members.
The Association’s objectives are reached using simultaneous and different techniques:
· Collecting data inside the member banks in anonymous form and sharing average data collected or “lesson learned” by the experts;
· Creating occasions for around the table discussions;
· Opening laboratories on technical issues.
· Publishing pamphlets or pocket guides together with the Consumers’ Associations.
· Participating in meetings and working groups with other Associations.
· Participating or giving scientific consultancy in the planning and managing of Conferences or Seminars.
Following are some recent project.
Permanent observatory on the trend in ICT risk within the Italian banking sector.
This is achieved through a self evaluation of a panel of banking groups of the level of risk, investment required to mitigate the risks, impact on the capital.
A global risk index is published yearly and main findings discussed in a Conference.
Survey on customers opinion on the quality of payments tools offered by the banks in the payment systems area.
Social Networking: Survey on citizens’ awareness of risks
Techniques used, level of diffusion in Italy, organizational issues, countermeasures put in place by the organizations world wide, are part of the main work performed by the experts involved.
Data are shared only within the Association.
As Italian banks are moving towards a better resilience to threats, the Association keeps an ongoing observatory and information sharing on main issues.
WHO ARE THE MEMBERS
Members are managers experts in information security and auditing in banking, still operating in their companies or retired.
Sponsors are at present:REGULATORY Consulting
AN EXPERIMENT: THE CREATION OF A STUDY AND RESEARCH CENTER (CSR) WITHIN A UNIVERSITY
In 2012 it was decided to open a CSR togehter with LUSPIO University (now: UNINT) in Rome and it was named ANSSAIF, as it stands for: National Accademy for the Study of Security in Insurance companies and Financial Intermediaries.
The participation inside the Research and Services Centre within the University LUSPIO in Rome, was approved by the Board of the University on march 5th, 2012.
On October 6th, 2012, in occasion of the annual congress of the members of ANSSAIF Association (see below for a description of the association) in Barberino del Mugello, the assembly of the members unanimously approved the closure of the association and the “migration” of the members, mission, experiences in the new subject, the so called Accademy (in order to keep the acronim ANSSAIF).
The members at the date of closure of the association became experts in the University; the academy board of directors is composed by the association’s board of directors, plus the top management of the University.
After one year, the CSR was not fully operative and the organizational structure was not formally approved by the University. Therefore, ANSSAIF board of directors understood that the academy (CSR) had some limits and decided to make the association operative again.