top of page

3SG - 3rd Millennium Security Guard

Intro

3SG will be an intelligent framework for application security and role management, fully integrated with the Company’s Security Standards.
It will support management in defining, controlling, and governing roles, permissions, and access levels, ensuring compliance with the principles of least privilege, segregation of duties, and operational traceability.
It will also integrate continuous self-verification functionalities aimed at identifying and managing inconsistent or potentially risky configurations, through centralized collection and analysis of security alerts from external platforms (such as Microsoft, Darktrace, and other security systems).
Automated reporting functionalities are also planned to support both internal monitoring and external audit and verification activities.
3SG is designed as a foundational component of the new corporate security architecture, combining governance, automation, and adaptability to future regulatory and technological developments, and is intended to operate in a SaaS environment, similarly to 3FS.

Goals

3SG – 3rd Millennium Security Guard pursues the following objectives:

  • creation of a unified view of security events through the integration and correlation of alerts from internal and external security platforms and services;

  • enablement of capabilities for automatic detection, classification, and management of incidents, vulnerabilities, and risk situations, supporting the identification of corrective actions consistent with security policies;

  • support for control, verification, and audit processes through the automated and continuous production of compliance evidence and reports for management and oversight bodies.

Results to be achieved

Expected results fall within the strengthening of security governance, compliance, and continuous control, and include:

  • availability of a centralized, governed, and integrated system for managing roles, permissions, and application access, based on RBAC models and aligned with Azure Entra ID configurations;

  • enhancement of preventive detection capabilities for incidents, vulnerabilities, security events, and non-compliant configurations, through integration and correlation of data from external security services (e.g., Microsoft Purview, Sentinel, Darktrace, …) and internal systems;

  • reduction of operational and compliance risk through the introduction of automatic control mechanisms, continuous monitoring, and assisted remediation actions, operating according to predefined policies and subject to management human interaction;

  • structured, continuous, and traceable production of compliance reports, metrics, and dashboards (e.g., NIS, DORA, incidents, remediation), suitable for supporting internal and external audit activities and ensuring transparency toward stakeholders and oversight bodies.

bottom of page