Training

Path

Version: 2024.1
January 2024
Index

Introduction to Training Path 2024 .................................................................... 2

GOVERNANCE AREA......................................................................................................................... 3
Integrated ICT Compliance ............................................................................................................. 4
Design Thinking .............................................................................................................................. 5
TECHNOLOGICAL & CYBER SECURITY AREAS .................................................................................. 6
Telecommunication Infrastructure and Standards .......................................................................... 7
Blockchain....................................................................................................................................... 9
Electronic Signature ...................................................................................................................... 10
Cyber Security in Eni ICT Projects ................................................................................................. 11
Cyber Security Controls for Industrial Facilities ............................................................................ 12
Eni Security Principles for Cloud Computing.................................................................................. 13
The “TLC, IT and Cyber Security Mandatory Rules” Procedure ...................................................... 14
SYNOPTIC TABLE .......................................................................................................................... 15
TRAINING PATH LIFECYCLE .......................................................................................................... 17
CONTACTS AND USEFUL LINKS ..................................................................................................... 18

1
 Introduction to Training Path 2024

Eni Headquarter and Subsidiary companies share the same DIT world made of
technologies, processes, softwares, and above all they share the same target: to serve as
best as possible Eni as a whole to reach its objectives.
For this reason it is very important to promote the collaboration and the alignment among
the different DITs, only this way DIT function can assist business activities in an effective
and efficient manner where standardization plays a key role.
Given the geographical distances, an additional challenge is represented by the delivery
methods, being unthinkable to have only “on place” training courses.
For this reason this training is also a true laboratory where innovative solutions such as
webinar, pre-recorded videos, etc., are tested “on the ground”.

Apply for the courses leaving a post in the Workplace group “Training Path
DIT” or writing to the Mbx_ICT_International_Governance mailbox.

Eni DIT
Governance

Eni DIT
Technologies

Eni DIT informal communication

2
 GOVERNANCE AREA

Direction, coordination ad monitoring of the implementation of activities connected with

the DIT process.

G1 Integrated ICT Compliance

G2 Design Thinking

3
 Integrated ICT Compliance

Speaker: F. Meluzzi

Didactic Approach: Webinar Duration: Half day

Level: Intermediate to Expert Prerequisite: Basic Knowledge of ICT Governance

Objectives
To present GCC evolution in the eni SpA ICT department and relationship among HQ and subsidiaries
as far as compliance is regarded.

Participants
The course is addressed to individuals responsible for compliance activities.

Contents
Module 1: Controls and Risks
❖ The Internal Control and Risk Management System
❖ Controlling bodies and ICT role

Module 2: Regulatory Sources

❖ External Regulatory sources
❖ Eni’s regulatory system
❖ General Computer Controls Methodology

Module 3: Towards an integrated compliance (process and regulatory)

❖ ICT processes, allowing an “integrated compliance”
❖ GCC matrix, way for the evaluation of regulatory compliance
o GCC on going monitoring
o GCC independent monitoring (internal audit and external auditor)
o Monitoring results reporting and reconciliation
❖ GCC: the way to assess the ICT compliance
❖ ICT compliance trend

Module 4: Relationship among HQ and subsidiaries

❖ Eni Ict policy and control role
o Reporting
o Analysis and support
❖ Eni Ict services supplier role
o Delegation process

4
 Design Thinking

Speaker: Silvia Cardella, Chiara Torti

Didactic Approach: Webinar Duration: Half day

Level: Basic Pre-requisite: None

Description

Design Thinking originated as an approach to innovation adopted by Design

agencies and firms, and today it is widely used in a variety of industries and
multiple fields as a design model that draws on the tools of Design to solve
complex problems using creative vision and management, by generating
innovative value for businesses that embrace it.

This methodology proposes a human-centric perspective, and it is defined as

the set of cognitive, strategic and practical processes for developing the design
of products and services within businesses and social contexts.

Objectives

This course is for those who want to learn the fundamental principles and tools
of Design Thinking that can be applied in their work to address business
challenges, identify business opportunities, and generate innovative solutions
to solve complex and unknown problems or to improve existing services.

This methodology is also quoted in the “Solution concept” section of the new
ICT Process MSG.

Participants
Technical or non-Technical ICT personnel.

Contents

• Definition and History of Design Thinking

• The Fields of Design
• The key principles of Design Thinking
• The Double Diamond Framework
• Case Studies in Eni
• Take Away

5
 TECHNOLOGICAL & CYBER SECURITY AREAS

Assuring the correct functioning and upgrading of infrastructures currently in use and

ICT Security.

T1 Telecommunication Infrastructure & Standards

T2 Blockchain

T3 Electronic Signature and Secure Mngt of Digital Transactions

T4 Cyber Security in Eni ICT projects

T5 Cyber Security Controls for ICT ICS Environment

T6 Eni Security Controls for Cloud Solutions

T7 The “TLC, IT and Cyber Security Mandatory Rules” Procedure

6
 Telecommunication Infrastructure and Standards

Speaker: Emilio Garavaglia – TLC Architecture manager and Knowledge owner

Didactic approach: Webinar Duration: 2 half days

Level: Intermediate Prerequisite: Basic knowledge of telecommunication networking

Description
The course is tailored to TLC and ICT technical project managers and operational personnel
involved in the specifications and operations of ICT ant TLC services for Eni or affiliates.

Objective
The purpose of the course is to provide to Eni and affiliate’s personnel a common
understanding on the Eni internetworking model for Converged, Local, Wide area services,
and its evolution in respect to new paradigms like UCC, IoT, IPv6, and so on.

Contents
• Goals of this course
o What this course is about
o What this course is not about.
• Goal of Telecommunication Architecture
o Eni integration models
o Eni ICT infrastructures
o Eni TLC business requirements
• Goal of standardization
o Infrastructural convergence
o Infrastructural industrial general requirements
o Structural safety
o Uniform reachability / Robustness
o Uniform resource identification / Services interoperability
o Consistent and organized implementation
• The process of standardization
o Rate of change
o Solutions adaptability
• Reference stadards
o The general communication problem
o OSI and IETF models
o Regulatory constrains
• Technological offer
o IP and Ethernet
o Devices types and nature
o Software defined networks
• Consistent implementation
7
 o Organization layering
• Facilities
o Work-area / Consolidation-points
o Floor / Building / Campus requirements
o Data Room requirements
• Physical
o Floor / Building / Capus schemes
o Racks arrangements
• Devices
o End node requirements
o Wireless access points
o Distribution / Core devices
o Border security
o Interconnections
• Segregation / Redundancy (aka: infrastructural security)
o Redundancy schemes ad coherence
o Tier segregation
• Internetwork
o The integration modes
o Network operational models
o The intranet (Name spaces / Address spaces / Routing domains)
o Address Schemes / Address assignment
o Leaf / Routed segments
o QOS prerequisites
• Company backbone
o Purpose
o Model
o Ownership and belongings
o Interfacing the backbone
• The internet
o As a user service
o As a carrier
• Applications
o Voice / Video / UCC
o IOT / Automation
o Security services

8
 Blockchain

Speaker: Simone Vittori

Didactic Approach: Webinar Duration: Half day

Level: Basic Pre-requisite: None

Description

A blockchain is an open, distributed ledger that can record transactions between

two parties efficiently and in a verifiable and permanent way.
For use as a distributed ledger, a blockchain is typically managed by a peer-to-
peer network collectively adhering to a protocol for inter-node communication
and validating new blocks. Once recorded, the data in any given block cannot
be altered retroactively without alteration of all subsequent blocks, which
requires consensus of the network majority.
Although blockchain records are not unalterable, blockchains may be
considered secure by design and exemplify a distributed computing system with
high Byzantine fault tolerance.
(Source: Wikipedia)

Objectives

To provide participants with the right tools to understand Blockchain technology,

its potential areas of application and limitations.
To describe its working principles and introduce field testings carried out in Eni.

Participants
Technical or non-Technical ICT personnel.

Contents

1. Key-concepts and scope of practice

✓ What it is: Blockchain and Cripto-currencies
✓ Distributed Ledger Technology (DLT) points of strength
✓ Scope of practice: Peer Network and Business Network
✓ Application cases

2. Architecture and working principles

✓ How a Blockchain is made
✓ Blockchain VS centralized system
✓ Types of Blockchains
✓ Smart contracts
✓ Consensus
✓ Eni experiences

9
 Electronic Signature
and Secure Management of Digital Transactions

(Electronic processes and integrated workflow for straight-through-processing of

document)

Speaker: Giuseppe Roselli

Duration: Half day Level: Basic Language: English

Didactic Approach: webinar

Pre-requisite: Basic concepts of company documents and processes

Description
The course provides the key concept and terms used in the electronic signature and secure
management of digital document. A specific focus will be provided on organizational change
through the use of digital technologies to materially improve performance with electronic
processes and integrated workflow for straight-through-processing of document (e.g. signed
and e-notarized proxies, contracts, e-invoices, e-statements, etc.).
The course is expanded with:
• content reflecting the significant evolution of the signing services in Eni,
• blockchain as a digital signature scheme
• Global Positioning System (GPS) signature

Objectives
Provide key concepts and terms of digital transformation applied to electronic signed
document, secure long term archiving and straight-through-processing.

Participants
ICT personnel (Technical or non-Technical) and related managers

Contents

▪ Legal compliance (EU and Extra EU Regulations, Directives and other acts for Electronic
Signatures and Data protection)
▪ Technical standards (ETSI, IETF)
▪ PKI signing keys (e.g. on smartcard or USB tokens)
▪ Electronic signature, digital signature and qualified certificate
▪ e-Notarization & Secure Archiving
▪ Long term preservation of electronic documents
▪ Moderns electronic signature solutions
▪ Electronic processes and integrated workflow for straight-through-processing of
document
▪ The “Eni Signing Services”: use cases, service integration, cost model and time to
business

10
 Cyber Security in Eni ICT Projects

Speaker: R. D’Alba

Didactic approach: Webinar Duration: Half day

Level: Intermediate Prerequisite: Basic Knowledge of IT systems

Description
This course will show general criteria about Security. It will introduce guidelines,
architectural blueprints, methodologies and services made available by Eni ICT Cyber
Security department. Participants will learn how to build safer systems integrated with ENI
IT services, and how to evolve them.

Objective
The purpose of the course is to provide an understanding of the most common Cyber
Security concerns. It is designed for ICT technical project managers and for operational
personnel involved in the demand, development and operations of ICT and TLC services,
for Eni or affiliates. It wants to give them guidelines and will show Eni approach to the
countermeasures selection with respect to international standards and best practices.

Contents
Cyber Security risks landscape
Cyber Security concerns
Objectives
Principles
Attacks and targets
Secure Lifecycle development
Eni methodology
Contest analysis
Deliverables
Vulnerability Assessment and Remediation plan
CYSE engagement
Approach to Cloud security
When to consider
Provider selection
Integration with Eni systems

11
 Cyber Security Controls for Industrial Facilities

Speaker: D. Capuano and A. Rizzati

Didactic approach: Webinar Duration: Half day

Level: Intermediate Prerequisite: Basic Knowledge of IT systems

Description

The course is tailored to ICT\ICS technical project managers and operational personnel
involved in the specifications and operations of ICS, ICT and TLC services for Eni or
affiliates.

Objective

The purpose of the course is to provide to Eni and affiliate’s personnel an understanding of
the most common Cyber Security attacks in Industrial Facilities for both ICT and ICS
environments, and the implementation of the countermeasures with respect to
international standards and Eni’s best practices.

Contents

• Cyber Security risks landscape

o The Cyber Security challenges
o Attacks and targets
• Threat and attacks overview
o Attack typologies
o Network security
• Industrial control system security
o IEC62443
o Industrial components
o Architecture of industrial Facilities ( ICT & ICS )
o Industrial attacks case studies
o Real cases of industrial targeted attacks
o Controls and Countermeasures
• Eni’s Cyber Security Standards
o ICS Cyber Security Baseline
o Security Blueprint
• Risk assessments Overview

12
 Eni Security Principles for Cloud Computing

Speaker: A. Rizzati - R. D'Alba

Didactic approach: Webinar Duration: Half day

Level: Intermediate Prerequisite: Basic Knowledge of IT systems

Description
This course will show general criteria about Eni Security approach to cloud solutions. It will
introduce guidelines and architectural blueprints for services selection and integration. Also
it will give an outlook to methodologies used in Eni ICT Cyber Security department.
Participants will learn how to build safer systems integrated with ENI IT services, and how
to evolve them.

Objective
The purpose of the course is to provide an understanding of the most common Cyber
Security concerns related to deploy in Cloud environments. It is designed for ICT technical
project managers and for operational personnel involved in the demand, development and
operations of ICT and TLC services, for Eni or affiliates.
It wants to give them guidelines and will show Eni approach to the countermeasures
selection with respect to international standards and best practices.

Contents
Pros and drawbacks of Cloud Solutions
Cloud Security Blueprints
Key Technologies and tools
Eni approach
Cloud solutions selection
Tools and Deliverables
Integration with Eni systems

13
 The “TLC, IT and Cyber Security Mandatory Rules” Procedure

Speaker: L. Gervasini, E. Garavaglia, M. Villani

Didactic approach: Webinar Duration: Half day

Level: Intermediate Prerequisite: Basic Knowledge of IT/OT systems

Description

The course is tailored to ICT/ICS ICT/Cyber security managers and operational personnel
involved in the specifications and operations of ICS, ICT and TLC services for Eni or
affiliates.

Objective

To provide to Eni and affiliate’s personnel an understanding of the newly released

Professional Operating Instruction regarding TLC, IT and Cybersecurity mandatory rules,
with a particular emphasis on the new sections about TLC and CS.

To highlight cyber security topic deepening CRGM – Cyber Risk Governance Model concept
and the tools used to ensure a correct approach to the IT and industrial cyber security.

Contents

• Introduction to new OPI 004 (Cyse D / IntGov)

o Eni regulatory rules
o Why a new OPI
o Eni subisidiaries: task and expectations

• TLC Mandatory rules: (Inod G – E. Garavaglia)

o General rules and principles
o IP address
o Name resolution
o Intranet IP backbone
o Transportation services
o Internet access architecture
o TLC infrastructures management

• IT Mandatory rules (Tips B2 – M. Villani)

o Basic principles
o Identity management
o End user environment
o Server

• CYBER SECURITY mandatory rules (Cyse A2 – L. Gervasini)

o Eni and International scene;
o Cyber Security as a top Eni Risk;
▪ Introduction to Cyber Security Risk Evaluation;
o General rules and principles;
o Industrial control system cyber security;
o CRGM Model
▪ Approach;
▪ Tools.
14
 SYNOPTIC TABLE

Title Contents Days Delivery Notes

Rules of compliance and how they have
G1 Integrated ICT Compliance 0,5 Webinar
to be adopted in the foreign subsidiaries.
Principles and tools of the Design
G2 Design Thinking Thinking methodology, quoted also in 0,5 Webinar
the new ICT Process MSG.
The course is tailored to TLC and ICT
The Eni technical project managers and
Telecommunication operational personnel involved in the
T1 1 Webinar
Infrastructure and specifications and operations of ICT ant
Standards TLC services for Eni or affiliates.
Tools to understand Blockchain
technology and its potential areas of
T2 Blockchain 0,5 Webinar
application and limitations. Field
testings carried out in Eni.
Provides key concepts and terms of
Electronic Signature and digital transformation applied to
T3 Secure Management of electronic signed document, secure long 0,5 Webinar
Digital Transactions term archiving and straight-through-
processing.
General criteria about Security:
guidelines, architectural blueprints,
Cyber Security in Eni ICT
T4 methodologies and services made 0,5 Webinar
Projects
available by Eni ICT Cyber Security
department.
Overview of the most common Cyber
Security attacks in both ICT and ICS
Cyber Security Controls for environments, description of
T5 0,5 Webinar
ICT ICS Environment countermeasures with respect to
international standards and best
practices.

Security principles for Most common Cyber Security concerns

T6 0,5 Webinar
Cloud Solutions related to deploy in Cloud environments.

The new “TLC, IT and Deepening of the new procedure with an

T7 Cyber Security Mandatory highlight on the CRGM – Cyber Risk 0,5 Webinar
Rules” Procedure Governance Model.

15
 A SMART MOVE: THE LIBRARY

Can’t find anymore a course already delivered? Would like to attend a course off-line?
Follow the Training Path in the new Collaboration site and find the whole library, with the
presentations already delivered and the link to the videos.

Pages - International Training (eni.it)

16
 TRAINING PATH LIFECYCLE

TP is an on-going process ready to enlist new courses and to delete the outdated ones.
Don’t miss the opportunity to suggest new courses through Workplace group “ICT Training
Path” or writing a mail to Mbx_International_Governance.

17
 CONTACTS AND USEFUL LINKS

To apply for a course, participate to the Q&A sessions, leave a feedback, propose a new
course or post a comment…

DIT International Training in Workplace

If you have problems accessing Workplace, send a mail to Mbx ICT International
Governance.

To see old courses and any related document, download regulatory documents, forms, and
other useful items…
ICT International Governance Collaboration site

e-mail Mbx ICT International Governance

phone Massimiliano Ferretti +39-06598-89457
Domenico Fiorentini +39-06598-89486
Roberta Mangano +39-06598-89546

18