Scheda programma d'esame
ICT RISK ASSESSMENT
(NETWORK SECURITY)
FABRIZIO ENRICO ERMINIO BAIARDI
Anno accademico2018/19
CdSINFORMATICA
Codice303AA
CFU9
PeriodoSecondo semestre
LinguaInglese

ModuliSettore/iTipoOreDocente/i
SICUREZZA DELLE RETIINF/01LEZIONI72
FABRIZIO ENRICO ERMINIO BAIARDI unimap
Obiettivi di apprendimento
Learning outcomes
Conoscenze

Capacità di applicare una analisi ed una gestione del rischio ICT che preveda i seguenti passi

a) analisi vulnerabilità

b) analisi attacchi elementari

c) analisi delle contromisure

d) definizione di politica di sicurezza

e) valutazione del rischio

f) introduzione di contromisure

g) valutazione rischio residuo

Knowledge

Discover vulnerabilities of ICT system Discover the elementary attacks enabled by these vulnerabilities Run a Penetration Test Evaluate and Manage the risk of ICT system Design and deploy countermeasures to manage the risk

Discover vulnerabilities of ICT system Discover the elementary attacks enabled by these vulnerabilities Run a Penetration Test Evaluate and Manage the risk of ICT system Design and deploy countermeasures to manage the risk

Discover vulnerabilities of ICT system Discover the elementary attacks enabled by these vulnerabilities Run a Penetration Test Evaluate and Manage the risk of ICT system Design and deploy countermeasures to manage the risk

Modalità di verifica delle conoscenze

a) progetto sperimentale

b) esame scritto e orale

c) preparazione di una lezione su un tema del corso

Assessment criteria of knowledge

The student will be assessed on his/her demonstrated ability to discuss the main course contents using the appropriate terminology. - During the oral exam the student must be able to demonstrate his/her knowledge of the course material and be able to discuss the reading matter thoughtfully and with propriety of expression.

Methods:

  • Final essay
  • Laboratory report
  • Oral report

 

Further information:
The student can select as a final exam either a seminar or some project work. In the latter case, several students may be involved in the projects

The student will be assessed on his/her demonstrated ability to discuss the main course contents using the appropriate terminology. - During the oral exam the student must be able to demonstrate his/her knowledge of the course material and be able to discuss the reading matter thoughtfully and with propriety of expression.

Methods:

  • Final essay
  • Laboratory report
  • Oral report

 

Further information:
The student can select as a final exam either a seminar or some project work. In the latter case, several students may be involved in the projects

The student will be assessed on his/her demonstrated ability to discuss the main course contents using the appropriate terminology. - During the oral exam the student must be able to demonstrate his/her knowledge of the course material and be able to discuss the reading matter thoughtfully and with propriety of expression.

Methods:

  • Final essay
  • Laboratory report
  • Oral report

 

Further information:
The student can select as a final exam either a seminar or some project work. In the latter case, several students may be involved in the projects

Capacità

capacità di condurre le analisi precedenti

Modalità di verifica delle capacità

applicazione dell'analisi ad un caso reale

Comportamenti

capacità di interagire con gli utenti di un sistema

Modalità di verifica dei comportamenti

esame di alcuni casi di studio

Prerequisiti (conoscenze iniziali)

conoscenza profonda e matura di 

a) sistemi operativi

b) supporto di linguaggi di programmazione

c) meccanismi di rete

Indicazioni metodologiche

capacità di fondere un atteggiamento di tipo adversarial con conoscenza di sistemi informatici

 

Teaching methods

Delivery: face to face

Attendance: Advised

Learning activities:

  • attending lectures
  • participation in seminar
  • preparation of oral/written report
  • participation in discussions
  • individual study
  • Laboratory work

 

Teaching methods:

  • Lectures
  • Seminar
  • project work

 

Delivery: face to face

Attendance: Advised

Learning activities:

  • attending lectures
  • participation in seminar
  • preparation of oral/written report
  • participation in discussions
  • individual study
  • Laboratory work

 

Teaching methods:

  • Lectures
  • Seminar
  • project work

 

Delivery: face to face

Attendance: Advised

Learning activities:

  • attending lectures
  • participation in seminar
  • preparation of oral/written report
  • participation in discussions
  • individual study
  • Laboratory work

 

Teaching methods:

  • Lectures
  • Seminar
  • project work

 

Programma (contenuti dell'insegnamento)

Verranno fornite tutte le nozioni necessarie per valutare e gestire il rischio informatico

Syllabus

The basic notions to evaluate and improve the security of any ICT system: Threat, threat model, vulnerability, attack, complex attack, countermeasure, risk, risk assessment Resiliency, robustness, cost effectiveness Differences between safety and reliability. Peculiarities of security of ICT systems Cloud Computing: definition and enabling technologies Security Problems of Cloud Computing Challenging Security Issues in Cloud Computing

The basic notions to evaluate and improve the security of any ICT system: Threat, threat model, vulnerability, attack, complex attack, countermeasure, risk, risk assessment Resiliency, robustness, cost effectiveness Differences between safety and reliability. Peculiarities of security of ICT systems Cloud Computing: definition and enabling technologies Security Problems of Cloud Computing Challenging Security Issues in Cloud Computing

The basic notions to evaluate and improve the security of any ICT system: Threat, threat model, vulnerability, attack, complex attack, countermeasure, risk, risk assessment Resiliency, robustness, cost effectiveness Differences between safety and reliability. Peculiarities of security of ICT systems Cloud Computing: definition and enabling technologies Security Problems of Cloud Computing Challenging Security Issues in Cloud Computing

Bibliografia e materiale didattico

Sostanzialmente materiale didattico fornito dal docente che comprende materiale preparato dal docente ed i più recenti articoli scientifici sui temi trattati.

Bibliography

Security Engineering by Ross Anderson is a recommended but not mandatory reading.

Security Engineering by Ross Anderson is a recommended but not mandatory reading.

Security Engineering by Ross Anderson is a recommended but not mandatory reading.

Indicazioni per non frequentanti

Contattare il docente

Modalità d'esame

Progetto oppure scritto + orale oppure preparazione di una lezione su un tema trattato nel corso

Stage e tirocini

Verrà organizzato un ciclo di seminari di ditte ed organizzazioni esterne che siano in grado di offrire tirocini, stage, tesi di laurea ed interessate ad assumere laureati che abbiano seguito il corso .

Ultimo aggiornamento 25/06/2019 11:21