Scheda programma d'esame
ICT RISK ASSESSMENT
(NETWORK SECURITY)
FABRIZIO BAIARDI
Anno accademico2021/22
CdSINFORMATICA
Codice303AA
CFU9
PeriodoSecondo semestre
LinguaInglese

ModuliSettoreTipoOreDocente/i
SICUREZZA DELLE RETIINF/01LEZIONI72
FABRIZIO BAIARDI unimap
Obiettivi di apprendimento
Learning outcomes
Conoscenze

Capacità di applicare una analisi ed una gestione del rischio ICT che preveda i seguenti passi

a) analisi vulnerabilità

b) analisi attacchi elementari

c) analisi delle contromisure

d) definizione di politica di sicurezza

e) valutazione del rischio

f) introduzione di contromisure

g) valutazione rischio residuo

Knowledge

Discover vulnerabilities of ICT system Discover the elementary attacks enabled by these vulnerabilities Run a Penetration Test Evaluate and Manage the risk of ICT system Design and deploy countermeasures to manage the risk

Discover vulnerabilities of ICT system Discover the elementary attacks enabled by these vulnerabilities Run a Penetration Test Evaluate and Manage the risk of ICT system Design and deploy countermeasures to manage the risk

Discover vulnerabilities of ICT system Discover the elementary attacks enabled by these vulnerabilities Run a Penetration Test Evaluate and Manage the risk of ICT system Design and deploy countermeasures to manage the risk

Modalità di verifica delle conoscenze

a) progetto sperimentale

b) esame scritto e orale

c) preparazione di una lezione su un tema del corso

Assessment criteria of knowledge

The student will be assessed on his/her demonstrated ability to discuss the main course contents using the appropriate terminology. - During the oral exam the student must be able to demonstrate his/her knowledge of the course material and be able to discuss the reading matter thoughtfully and with propriety of expression.

Methods:

  • Final essay
  • Laboratory report
  • Oral report

 

Further information:
The student can select as a final exam either a seminar or some project work. In the latter case, several students may be involved in the projects

The student will be assessed on his/her demonstrated ability to discuss the main course contents using the appropriate terminology. - During the oral exam the student must be able to demonstrate his/her knowledge of the course material and be able to discuss the reading matter thoughtfully and with propriety of expression.

Methods:

  • Final essay
  • Laboratory report
  • Oral report

 

Further information:
The student can select as a final exam either a seminar or some project work. In the latter case, several students may be involved in the projects

The student will be assessed on his/her demonstrated ability to discuss the main course contents using the appropriate terminology. - During the oral exam the student must be able to demonstrate his/her knowledge of the course material and be able to discuss the reading matter thoughtfully and with propriety of expression.

Methods:

  • Final essay
  • Laboratory report
  • Oral report

 

Further information:
The student can select as a final exam either a seminar or some project work. In the latter case, several students may be involved in the projects

Capacità

capacità di condurre le analisi precedenti e di presentare il risultato 

Modalità di verifica delle capacità

applicazione dell'analisi ad un caso reale svolta mediante produzione di una relazione o di un seminario 

Comportamenti

capacità di interagire con gli utenti di un sistema

Modalità di verifica dei comportamenti

esame di alcuni casi di studio

Prerequisiti (conoscenze iniziali)

conoscenza profonda e matura di 

a) sistemi operativi

b) supporto di linguaggi di programmazione

c) meccanismi di rete

Indicazioni metodologiche

capacità di fondere un atteggiamento di tipo adversarial con conoscenza di sistemi informatici

interesse ad individuare debolezze e difetti di un sistema e valutare la possibilità di sfruttarli per sovvertire il normale funzionamento 

 

Teaching methods

Delivery: face to face

Attendance: Advised

Learning activities:

  • attending lectures
  • participation in seminar
  • preparation of oral/written report
  • participation in discussions
  • individual study
  • Laboratory work

 

Teaching methods:

  • Lectures
  • Seminar
  • project work

 

Delivery: face to face

Attendance: Advised

Learning activities:

  • attending lectures
  • participation in seminar
  • preparation of oral/written report
  • participation in discussions
  • individual study
  • Laboratory work

 

Teaching methods:

  • Lectures
  • Seminar
  • project work

 

Delivery: face to face

Attendance: Advised

Learning activities:

  • attending lectures
  • participation in seminar
  • preparation of oral/written report
  • participation in discussions
  • individual study
  • Laboratory work

 

Teaching methods:

  • Lectures
  • Seminar
  • project work

 

Programma (contenuti dell'insegnamento)

Verranno fornite tutte le nozioni necessarie per valutare e gestire il rischio informatico

Syllabus

The basic notions to evaluate and improve the security of any ICT system: Threat, threat model, vulnerability, attack, complex attack, countermeasure, risk, risk assessment Resiliency, robustness, cost effectiveness Differences between safety and reliability. Peculiarities of security of ICT systems Cloud Computing: definition and enabling technologies Security Problems of Cloud Computing Challenging Security Issues in Cloud Computing

The basic notions to evaluate and improve the security of any ICT system: Threat, threat model, vulnerability, attack, complex attack, countermeasure, risk, risk assessment Resiliency, robustness, cost effectiveness Differences between safety and reliability. Peculiarities of security of ICT systems Cloud Computing: definition and enabling technologies Security Problems of Cloud Computing Challenging Security Issues in Cloud Computing

The basic notions to evaluate and improve the security of any ICT system: Threat, threat model, vulnerability, attack, complex attack, countermeasure, risk, risk assessment Resiliency, robustness, cost effectiveness Differences between safety and reliability. Peculiarities of security of ICT systems Cloud Computing: definition and enabling technologies Security Problems of Cloud Computing Challenging Security Issues in Cloud Computing

Bibliografia e materiale didattico

Sostanzialmente materiale didattico fornito dal docente che comprende materiale preparato dal docente ed i più recenti articoli scientifici sui temi trattati.

Il testo di riferimento a livello metodologico e complessivo resta "Security Engineering" di Ross Anderson di cui esistono 3 versioni, tutte possono essere accedute gratuitamente. 

Bibliography

Security Engineering by Ross Anderson is a recommended but not mandatory reading.

Security Engineering by Ross Anderson is a recommended but not mandatory reading.

Security Engineering by Ross Anderson is a recommended but not mandatory reading.

Indicazioni per non frequentanti

Contattare il docente

Seguire il sito web del corso 

Modalità d'esame

Progetto oppure scritto + orale oppure preparazione di una lezione su un tema trattato nel corso

Stage e tirocini

E' possibile organizzare tirocini presso aziende di sicurezza

Ultimo aggiornamento 13/09/2021 10:38