Unit
- Course
- Legal services
- Study-unit Code
- A003056
- Location
- PERUGIA
- Curriculum
- Law and technologies
- Teacher
- Paolo Poletti
- Teachers
-
- Paolo Poletti
- Hours
- 42 ore - Paolo Poletti
- CFU
- 6
- Course Regulation
- Coorte 2022
- Offered
- 2023/24
- Type of study-unit
- Opzionale (Optional)
- Type of learning activities
- Attività formativa monodisciplinare
- Language of instruction
- ENGLISH
- Contents
- It is crucial to train experts in information security due to the ongoing evolution of cyber threats. The pivotal role of the Chief Information Security Officer (CISO) or Information Security Manager is highlighted, as they must define and implement strategies to enhance the security of businesses or public administrations. According to ENISA, an excessive technical focus can be a barrier to raising awareness among management. Therefore, the Information Security Manager should act as a consultant, setting guidelines for security policies and ensuring they are adhered to.
- Reference texts
- Lecture notes and slides prepared by the teacher.
- Educational objectives
- The course aims to provide knowledge for roles in the field of cyber security, such as Information Security Manager, consultants, auditors, security architects, and compliance, privacy, and risk officers. These roles are in demand across various organizations such as companies, public administrations, and professional firms. The course is designed to:
develop an understanding and management of cyber threats, which are increasingly complex and numerous, and the planning of prevention systems;
apply cyber security knowledge to the practical resolution of cases, implementing appropriate technological measures and managing responsibility related to cyber risk. - Prerequisites
- Knowledge of public law and EU law
- Teaching methods
- The course is organized as follows:
lectures;
analysis of real-life cases. - Other information
- ************
- Learning verification modality
- The learning assessment consists of an oral exam with questions on the topics covered in the program. The exam aims to determine the level of knowledge achieved by the student. The final grade will take into account the accuracy and completeness of the answers, the correctness of the legal-technical language, and the ability to present and argue. The duration of the exam varies depending on how the assessment proceeds.
- Extended program
- Security and Its Domains
Physical, logical, cyber, and safety security;
How digitalization changes the domains of security;
Related risks;
. Security and privacy in digital transformation.
Cyber Threat 1
Threat Actors;
Goals;
. Geopolitical factors influencing the threat.
Cyber Threat 2
Cybercrime;
Hactivism;
. Cyber espionage.
Networks
IT and OT Networks: Characteristics and Purposes;
. Cyber Physical Systems (CPS), Internet of Medical Things (IoMT), IT/OT convergence.
Threat Modelling
NIST - Special Publication 800-53 Rev. 5);
Stages of an attack;
Malware and its families;
Ransomware: types and economics;
Social Engeneering;
Man in the Middle;
Denial-of-Service;
SQL Injection;
Drive By;
Zero Day Exploit;
Tunneling DNS;
Botnet;
. Third Party Attack.
Cybersecurity domains
ISO 27002:2022;
ISO/IEC 27032;
. NIST Special Publication 800-53.
CISO
Domain 1: Governance;
Domain 2: Security Risk Management, Controls, and Audit Management;
Domain 3: Security Program Management and Operations;
Domain 4: Information Security Core Concepts;
. Domain 5: Strategic Planning, Finance, and Vendor Management.
Incident Handling
Incident Response Plan;
Business Continuity Plan;
. Disaster Recovery Plan. - Obiettivi Agenda 2030 per lo sviluppo sostenibile
Code | A003056 |
---|---|
Location | PERUGIA |
CFU | 2 |
Teacher | Paolo Poletti |
Learning activities | Caratterizzante |
Area | Discipline giuridiche d'impresa e settoriali |
Academic discipline | ING-INF/05 |
Type of study-unit | Opzionale (Optional) |
Code | A003056 |
---|---|
Location | PERUGIA |
CFU | 4 |
Teacher | Paolo Poletti |
Learning activities | Caratterizzante |
Area | Discipline giuridiche d'impresa e settoriali |
Academic discipline | ING-INF/05 |
Type of study-unit | Opzionale (Optional) |