llm-automation-docs-and-remediation-engine/templates/05_sicurezza.md

# 05 - Sicurezza

**Ultimo Aggiornamento**: [DATA_AGGIORNAMENTO]  
**Versione Documento**: [VERSIONE]  
**Responsabile**: [NOME_RESPONSABILE]

---

## 1. Security Overview

### 1.1 Security Posture
- **Security Framework**: [ISO27001/NIST/CIS]
- **Compliance**: [GDPR/PCI-DSS/HIPAA/SOC2]
- **Last Audit**: [DATA]
- **Next Audit**: [DATA]
- **Security Score**: [SCORE]/100

---

## 2. Identity and Access Management

### 2.1 Directory Services
| Servizio | Tipo | Domain | Domain Controllers | Users | Groups | Replication |
|----------|------|--------|-------------------|-------|--------|-------------|
| [NOME] | [AD/LDAP/AZURE_AD] | [DOMAIN] | [N] | [N] | [N] | [STATUS] |

### 2.2 Authentication
- **Primary Method**: [AD/LDAP/SAML/OAUTH]
- **MFA Enabled**: [SI/NO] - Coverage: [%]%
- **SSO Configured**: [SI/NO] - Applications: [N]
- **Password Policy**: [DESCRIZIONE]

### 2.3 Privileged Access Management
- **PAM Solution**: [CYBERARK/THYCOTIC/HASHICORP]
- **Privileged Accounts**: [N]
- **Session Recording**: [ENABLED/DISABLED]
- **Just-in-Time Access**: [SI/NO]

---

## 3. Network Security

### 3.1 Perimeter Security
| Device | Type | Model | Rules | Throughput | IPS Enabled | Status |
|--------|------|-------|-------|------------|-------------|--------|
| [DEVICE] | [FW/UTM/NGFW] | [MODEL] | [N] | [GBPS] | [SI/NO] | [ACTIVE] |

### 3.2 Segmentazione Rete
| Segment | VLAN | Purpose | Trust Level | Access Control | Hosts |
|---------|------|---------|-------------|----------------|-------|
| [SEGMENT] | [VLAN] | [PURPOSE] | [LOW/MEDIUM/HIGH] | [ACL/FW] | [N] |

### 3.3 IDS/IPS
- **Solution**: [VENDOR/MODEL]
- **Deployment**: [INLINE/TAP]
- **Sensors**: [N]
- **Alerts/Day**: [N]
- **False Positive Rate**: [%]

---

## 4. Endpoint Security

### 4.1 Antivirus/EDR
- **Solution**: [VENDOR/PRODUCT]
- **Coverage**: [N] endpoints ([%]%)
- **Detection Rate**: [%]
- **Latest Threats Detected**: [N] (last 30 days)

### 4.2 Endpoint Protection Status
| OS Type | Total Devices | Protected | Updated | Quarantined Items | Threats Blocked |
|---------|---------------|-----------|---------|-------------------|-----------------|
| Windows | [N] | [N] | [%] | [N] | [N] |
| Linux | [N] | [N] | [%] | [N] | [N] |
| MacOS | [N] | [N] | [%] | [N] | [N] |

---

## 5. Vulnerability Management

### 5.1 Scanning
- **Scanner**: [NESSUS/QUALYS/OPENVAS]
- **Scan Frequency**: [WEEKLY/MONTHLY]
- **Last Scan**: [DATA]
- **Assets Scanned**: [N]

### 5.2 Vulnerability Status
| Severity | Count | Oldest | Avg Age (days) | Remediation SLA | SLA Compliance |
|----------|-------|--------|----------------|-----------------|----------------|
| Critical | [N] | [DATA] | [N] | [N days] | [%] |
| High | [N] | [DATA] | [N] | [N days] | [%] |
| Medium | [N] | [DATA] | [N] | [N days] | [%] |
| Low | [N] | [DATA] | [N] | [N days] | [%] |

---

## 6. Patch Management

### 6.1 Patch Status
| System Type | Total | Fully Patched | Missing Critical | Missing High | Compliance % |
|-------------|-------|---------------|------------------|--------------|--------------|
| Windows Servers | [N] | [N] | [N] | [N] | [%] |
| Linux Servers | [N] | [N] | [N] | [N] | [%] |
| Network Devices | [N] | [N] | [N] | [N] | [%] |
| Applications | [N] | [N] | [N] | [N] | [%] |

---

## 7. Encryption

### 7.1 Encryption Coverage
| Data Type | At Rest | In Transit | Key Management | Standard |
|-----------|---------|------------|----------------|----------|
| Database | [SI/NO] | [SI/NO] | [METHOD] | [AES256/RSA] |
| File Storage | [SI/NO] | [SI/NO] | [METHOD] | [AES256] |
| Backup | [SI/NO] | [SI/NO] | [METHOD] | [AES256] |
| Email | [SI/NO] | [SI/NO] | [METHOD] | [TLS/S-MIME] |

---

## 8. Security Monitoring

### 8.1 SIEM
- **Solution**: [SPLUNK/ELK/QRADAR]
- **Events/Day**: [N]
- **Data Sources**: [N]
- **Retention**: [DAYS]
- **Use Cases**: [N]

### 8.2 Security Alerts
| Severity | Last 7 Days | Last 30 Days | MTTR (hours) | False Positive Rate |
|----------|-------------|--------------|--------------|---------------------|
| Critical | [N] | [N] | [N] | [%] |
| High | [N] | [N] | [N] | [%] |
| Medium | [N] | [N] | [N] | [%] |

---

## 9. Backup Security

### 9.1 Backup Protection
- **Backup Encryption**: [ENABLED]
- **Offsite Copies**: [N]
- **Air-Gapped**: [SI/NO]
- **Immutable Storage**: [SI/NO]
- **3-2-1 Rule Compliance**: [SI/NO]

---

## 10. Incident Response

### 10.1 IR Capabilities
- **IR Plan**: [EXISTS] - Last Update: [DATA]
- **IR Team**: [N] members
- **24/7 SOC**: [SI/NO]
- **Mean Time to Detect (MTTD)**: [HOURS]
- **Mean Time to Respond (MTTR)**: [HOURS]

### 10.2 Incidents (Last 30 days)
| Date | Type | Severity | Status | Resolution Time | Root Cause |
|------|------|----------|--------|-----------------|------------|
| [DATA] | [TYPE] | [LEVEL] | [STATUS] | [HOURS] | [CAUSA] |

---

## 11. Security Awareness

### 11.1 Training
- **Program**: [ACTIVE/INACTIVE]
- **Coverage**: [%]% employees
- **Last Training**: [DATA]
- **Phishing Simulations**: [N]/year
- **Click Rate**: [%]%

---

## 12. Compliance Status

### 12.1 Regulations
| Regulation | Applicable | Status | Last Audit | Next Audit | Gaps |
|------------|------------|--------|------------|------------|------|
| GDPR | [SI/NO] | [COMPLIANT/NON-COMPLIANT] | [DATA] | [DATA] | [N] |
| PCI-DSS | [SI/NO] | [COMPLIANT/NON-COMPLIANT] | [DATA] | [DATA] | [N] |
| ISO27001 | [SI/NO] | [CERTIFIED/NON-CERTIFIED] | [DATA] | [DATA] | [N] |

---

**Token Utilizzati**: [CONTEGGIO_APPROSSIMATIVO]  
**Prossimo Aggiornamento Previsto**: [DATA]