Unit

Course

Legal services

Study-unit Code

A003056

Location

PERUGIA

Curriculum

Law and technologies

Teacher

Paolo Poletti

Teachers

Paolo Poletti

Hours

42 ore - Paolo Poletti

CFU

Course Regulation

Coorte 2022

Offered

2023/24

Type of study-unit

Opzionale (Optional)

Type of learning activities

Attività formativa monodisciplinare

Language of instruction

ENGLISH

Contents

It is crucial to train experts in information security due to the ongoing evolution of cyber threats. The pivotal role of the Chief Information Security Officer (CISO) or Information Security Manager is highlighted, as they must define and implement strategies to enhance the security of businesses or public administrations. According to ENISA, an excessive technical focus can be a barrier to raising awareness among management. Therefore, the Information Security Manager should act as a consultant, setting guidelines for security policies and ensuring they are adhered to.

Reference texts

Lecture notes and slides prepared by the teacher.

Educational objectives

The course aims to provide knowledge for roles in the field of cyber security, such as Information Security Manager, consultants, auditors, security architects, and compliance, privacy, and risk officers. These roles are in demand across various organizations such as companies, public administrations, and professional firms. The course is designed to:
develop an understanding and management of cyber threats, which are increasingly complex and numerous, and the planning of prevention systems;
apply cyber security knowledge to the practical resolution of cases, implementing appropriate technological measures and managing responsibility related to cyber risk.

Prerequisites

Knowledge of public law and EU law

Teaching methods

The course is organized as follows:
lectures;
analysis of real-life cases.

Other information

************

Learning verification modality

The learning assessment consists of an oral exam with questions on the topics covered in the program. The exam aims to determine the level of knowledge achieved by the student. The final grade will take into account the accuracy and completeness of the answers, the correctness of the legal-technical language, and the ability to present and argue. The duration of the exam varies depending on how the assessment proceeds.

Extended program

Security and Its Domains
Physical, logical, cyber, and safety security;
How digitalization changes the domains of security;
Related risks;
. Security and privacy in digital transformation.
Cyber Threat 1
Threat Actors;
Goals;
. Geopolitical factors influencing the threat.
Cyber Threat 2
Cybercrime;
Hactivism;
. Cyber espionage.
Networks
IT and OT Networks: Characteristics and Purposes;
. Cyber Physical Systems (CPS), Internet of Medical Things (IoMT), IT/OT convergence.
Threat Modelling
NIST - Special Publication 800-53 Rev. 5);
Stages of an attack;
Malware and its families;
Ransomware: types and economics;
Social Engeneering;
Man in the Middle;
Denial-of-Service;
SQL Injection;
Drive By;
Zero Day Exploit;
Tunneling DNS;
Botnet;
. Third Party Attack.
Cybersecurity domains
ISO 27002:2022;
ISO/IEC 27032;
. NIST Special Publication 800-53.
CISO
Domain 1: Governance;
Domain 2: Security Risk Management, Controls, and Audit Management;
Domain 3: Security Program Management and Operations;
Domain 4: Information Security Core Concepts;
. Domain 5: Strategic Planning, Finance, and Vendor Management.
Incident Handling
Incident Response Plan;
Business Continuity Plan;
. Disaster Recovery Plan.

Obiettivi Agenda 2030 per lo sviluppo sostenibile

Code	A003056
Location	PERUGIA
CFU	2
Teacher	Paolo Poletti
Learning activities	Caratterizzante
Area	Discipline giuridiche d'impresa e settoriali
Academic discipline	ING-INF/05
Type of study-unit	Opzionale (Optional)

Code	A003056
Location	PERUGIA
CFU	4
Teacher	Paolo Poletti
Learning activities	Caratterizzante
Area	Discipline giuridiche d'impresa e settoriali
Academic discipline	ING-INF/05
Type of study-unit	Opzionale (Optional)