Unit INFORMATION SECURITY COMPLIANCE, CERTIFICATION AND DIGITAL FORENSICS
- Course
- Informatics
- Study-unit Code
- A003520
- Curriculum
- Artificial intelligence
- Teacher
- Alfredo Milani
- CFU
- 6
- Course Regulation
- Coorte 2023
- Offered
- 2024/25
- Type of study-unit
- Opzionale (Optional)
- Type of learning activities
- Attività formativa integrata
COMPLIANCE AND CERTIFICATION
Code | A003521 |
---|---|
CFU | 4 |
Teacher | Alfredo Milani |
Teachers |
|
Hours |
|
Learning activities | Affine/integrativa |
Area | Attività formative affini o integrative |
Academic discipline | INF/01 |
Type of study-unit | Opzionale (Optional) |
Language of instruction | English |
Contents | 1 Information Security policies Information security standards and certification process 2 Risk analysis and management 3 Product certification and Common Criteria ISO/IEC 15408 4 Process certification and ISO27001 ISO 27002 5 Business Continuity and Disaster recovery 6 Secure Coding best practice and standards 7 Cybersecurity early warning, monitoring and response infrastructures 8 Digital and Computer Forensics |
Reference texts | All the reference material is available http://unistudium.unipg.it (ISO standard ISO are available for consultation on request) Lecture notes and slides Auditing Guidelines Documents describing Common Criteria Standard and ISO 2700* standards |
Educational objectives | Knowledge of main available standard for Information Security and IT product/process security. Knowledge of main software vulnerability and secure programming best practice Knowledge of main local and international infrastructures for service of monitoring, reactions to critical cybersecutiry events.- Ability of analyzing and assessing the aspects of an IT process/product relate to IT security issues, and their certification. Ability of making a motivated adoption of secure programming techniques. Knowledge of main issue and ability of implementing a process of computer forensics , including digital evidence collection and maintenance |
Prerequisites | General knowledge of IT systems, DB management. Basics of computer programming in a standard programming language. Basic principles of cybersecnagement systems, Network maurity |
Teaching methods | Front lessons. Case studied and discussions. Expert seminars. Flipped lessons. Students report presentations, Final project |
Other information | Elearning platform for student-lecturer interaction and communication (lectures notes, online assignments etc.) http://www.unistudium.unipg.it Classes time tab e and Exams Schedule http://www.dmi.unipg.it/didattica/corsi-di-studio-in-informatica/informatica-magistrale The digital forensic classes will also host seminars from professional expert in the fiels |
Learning verification modality | Written Final Examination and final project for students non attending the course. Continuous assessment with assignments and projects for students attending the course. Continuous assignment consisting in students report presentation. Final project will be on assigned topic about information security/digital forensic |
Extended program | Programme: 1 Introduction: Information Security policies, example of policies. General principles: logical and physical security. 2 Information security certification: actors of the certification process. Standards and Certification. Product certification: ITSEC, Common Criteria (TOE, assurance level). Process Certification from BS7799 to ISO17799 and to ISO2700* family. The main certification authority and actors in Italy. Auditor professionals certification. 3 Risk analysis and Risk Management. Vulnerabilities and information assets. Quantitative/Qualitative methods. Residual risk. Countermeasures. Emergency and information security disaster management. Information security. Backup policies and techniques. 4 Product Certification for Information Security: ISO/IEC 15408 Common Criteria certification: general structure, Target of Evaluation, Security Target (security target components, security requirement rationale etc.). Security Functional classes and Assurance classes, structurt (classes, families, components, dipendency). The assurance level EAL. Protection Profiles Case studied on CC certificated product. 5 Process certification for Information Security: ISO27001/2 e BS7799 certification. The PDCA process. Structure and goals of an ISMS, the 11 areas of interests. ISO27002 control points. Case studied: auditing a process according to ISO27002. Other certifications e.g. Health Informatics. 6 Secure Coding: most common software errors and vulnerabilities' (guidelines, areas and common weakness enumeration) Secure programming best practice standards. : rules and recommendation, structure, level and assessment of risk and vulnerability 7 Cybersecurity early warning, monitoring and response infrastructures. CERT/CSIRT e ISAC, goals and functions. Situation of CERTs in Italy, Europe and the world. Italian AgID, ENISA CWE Common Weakness enumeration and resources 8 Digital and Computer Forensics: Techniques and methods of digital forensic. Protocols of acquisition, custody chain and integrity of digita evidence The main hardware and software tools. Analysis of non standard digital devices. Counter-forensics. |
Obiettivi Agenda 2030 per lo sviluppo sostenibile | Quality Education Industry , Innovation, Infrastrucures Sustainable cities and communities |
DIGITAL FORENSICS
Code | A003522 |
---|---|
CFU | 2 |
Teacher | Alfredo Milani |
Teachers |
|
Hours |
|
Learning activities | Affine/integrativa |
Area | Attività formative affini o integrative |
Academic discipline | INF/01 |
Type of study-unit | Opzionale (Optional) |
Language of instruction | English |
Contents | 1 Information Security policies Information security standards and certification process 2 Risk analysis and management 3 Product certification and Common Criteria ISO/IEC 15408 4 Process certification and ISO27001 ISO 27002 5 Business Continuity and Disaster recovery 6 Secure Coding best practice and standards 7 Cybersecurity early warning, monitoring and response infrastructures 8 Digital and Computer Forensics |
Reference texts | All the reference material is available http://unistudium.unipg.it (ISO standard ISO are available for consultation on request) Lecture notes and slides Auditing Guidelines Documents describing Common Criteria Standard and ISO 2700* standards |
Educational objectives | Knowledge of main available standard for Information Security and IT product/process security. Knowledge of main software vulnerability and secure programming best practice Knowledge of main local and international infrastructures for service of monitoring, reactions to critical cybersecutiry events.- Ability of analyzing and assessing the aspects of an IT process/product relate to IT security issues, and their certification. Ability of making a motivated adoption of secure programming techniques. Knowledge of main issue and ability of implementing a process of computer forensics , including digital evidence collection and maintenance |
Prerequisites | General knowledge of IT systems, DB management. Basics of computer programming in a standard programming language. Basic principles of cybersecnagement systems, Network maurity |
Teaching methods | Front lessons. Case studied and discussions. Expert seminars. Flipped lessons. Students report presentations, Final project |
Other information | Elearning platform for student-lecturer interaction and communication (lectures notes, online assignments etc.) http://www.unistudium.unipg.it Classes time tab e and Exams Schedule http://www.dmi.unipg.it/didattica/corsi-di-studio-in-informatica/informatica-magistrale The digital forensic classes will also host seminars from professional expert in the fiels |
Learning verification modality | Written Final Examination and final project for students non attending the course. Continuous assessment with assignments and projects for students attending the course. Continuous assignment consisting in students report presentation. Final project will be on assigned topic about information security/digital forensic |
Extended program | Programme: 1 Introduction: Information Security policies, example of policies. General principles: logical and physical security. 2 Information security certification: actors of the certification process. Standards and Certification. Product certification: ITSEC, Common Criteria (TOE, assurance level). Process Certification from BS7799 to ISO17799 and to ISO2700* family. The main certification authority and actors in Italy. Auditor professionals certification. 3 Risk analysis and Risk Management. Vulnerabilities and information assets. Quantitative/Qualitative methods. Residual risk. Countermeasures. Emergency and information security disaster management. Information security. Backup policies and techniques. 4 Product Certification for Information Security: ISO/IEC 15408 Common Criteria certification: general structure, Target of Evaluation, Security Target (security target components, security requirement rationale etc.). Security Functional classes and Assurance classes, structurt (classes, families, components, dipendency). The assurance level EAL. Protection Profiles Case studied on CC certificated product. 5 Process certification for Information Security: ISO27001/2 e BS7799 certification. The PDCA process. Structure and goals of an ISMS, the 11 areas of interests. ISO27002 control points. Case studied: auditing a process according to ISO27002. Other certifications e.g. Health Informatics. 6 Secure Coding: most common software errors and vulnerabilities' (guidelines, areas and common weakness enumeration) Secure programming best practice standards. : rules and recommendation, structure, level and assessment of risk and vulnerability 7 Cybersecurity early warning, monitoring and response infrastructures. CERT/CSIRT e ISAC, goals and functions. Situation of CERTs in Italy, Europe and the world. Italian AgID, ENISA CWE Common Weakness enumeration and resources 8 Digital and Computer Forensics: Techniques and methods of digital forensic. Protocols of acquisition, custody chain and integrity of digita evidence The main hardware and software tools. Analysis of non standard digital devices. Counter-forensics. |
Obiettivi Agenda 2030 per lo sviluppo sostenibile | Quality Education Industry , Innovation, Infrastrucures Sustainable cities and communities |