Teaching code

4S011693

Credits

6

Coordinator

Federica Maria Francesca Paci

Language

Italian

Scientific Disciplinary Sector (SSD)

ING-INF/05 - INFORMATION PROCESSING SYSTEMS

Courses Single

Authorized

Moodle Seminars 0

The teaching is organized as follows:

Learning objectives

This course aims to give an overview of cyber security. The course will equip students with a clear view of the current cyber security landscape considering not only technical measures and defences, but also the other subject areas that apply, including legal, management, crime, risk, social and human factors. At the end of the course, students will have the necessary knowledge and understanding of : the importance of taking a multi-disciplinary approach to cyber security, the cyber threat landscape, both in terms of recent emergent issues and those issues which recur over time, general principles and strategies that can be applied to systems to make them more robust to attack, and issues surrounding privacy, anonymity and pervasive passive monitoring.

Prerequisites and basic notions

No specific knowledge is required.

Program

1) Cyber security definition, Key cyber security properties, categories of threat actors
2) The cyber security threat landscape
- Malware attacks
- Cloud attacks
- IoT attacks
- Supply Chain Attacks
- Cyber War and Attacks to Critical Infrastructures
- Social Engineering Attacks
- Cyber Kill Chain
- MITRE Att&ck Matrix
3) Authentication and Authorization Techniques and Protocols
- User authentication: token-based authentication, biometric authentication, password based authentication
- attacks to password-based authentication systems
- Digital Identities, Single Sign On, Federated Identities, SAML, Shibboleth
- Access Control Models: DAC, RBAC, ABAC
- OAuth authorization protocol
4) Management of Cyber Risks
- Risk Management
- NIST Cyber Security Framework
- Cyber Essentials
- 10 Steps to Cyber Security
5) Privacy
- privacy definitions
- cyber attacks to privacy
- privacy enhancing technologies
- data anonymization: k-anonimity, l-diversity, t-closeness, differential privacy
- legals aspects of personal data protection

Bibliography

Didactic methods

Frontal lectures
Practical Lab exercises

Learning assessment procedures

Students will be evaluated based on
- A practical or theoretical project
- An oral examination on any of the topics taught in the course
The projects will elaborate on topics taught in the course. The topics for the projects will be proposed by the teacher, but students can also propose their own topics to the teacher. The project must be done in a group of a maximum of 2 students.
The students must prepare a written report to present the results of the project.
During the oral examination, the students will present the project to the teacher, who will ask questions about the project and any of the topics taught during the course.
At the end of the oral exam, the teacher will propose a final mark.
The date of the oral examination must be agreed with the teacher during the exam session.

Evaluation criteria

Assessment criteria are specific to the project chosen by the students. The criteria will be published by the teacher along with the projects' description.

Criteria for the composition of the final grade

The final mark will be given by the average of the mark assigned to the project and the mark assigned to the oral exam.

Exam language

Italiano

Sustainable Development Goals - SDGs

This initiative contributes to the achievement of the Sustainable Development Goals of the UN Agenda 2030. More information on sustainability