The course deals with the evaluation of cyber risks that can damage an enterprise information system, the methodologies to mitigate these risks and the necessary countermeasures to be applied with the aim of making the company or public institution secure from the IT point of view.
The course deals with the relationships between the operating mechanisms of information systems and computer networks and the computer threats to which they may be subject, the mechanisms for identifying and opposing attacks and their implementation through the application of specific countermeasures to reduce cyber risk. Particular attention is paid to the practical application of the notions learned through the analysis of case studies and exercises. The basic reference for the Risk Management course is the ISO 27005 standard, complemented by the NIST SP 800-30 framework.
Knowledge and understanding
Analyze the most common and dangerous threats, relating them to the vulnerabilities of systems and networks on which threats can have an impact. Assess the business risks associated with this impact and recommend the implementation of appropriate countermeasures; alternatively, suggest criteria for accepting the risks identified. Explain the basic mechanisms used to identify intrusion attempts into computers and networks. Determine and establish continuous improvement processes.
Application of knowledge and understanding
At the end of the course, students will be able to identify and assess the risks that can affect the functioning and security of an information system and their impacts. Based on the risk analysis and management methodologies learned in the course, the students will develop the ability to identify and select the appropriate countermeasures to protect the information system, from a technical, administrative, and cost point of view, determining the best governance profile of the security process.
Students will develop the analytical skills necessary to evaluate different alternatives during the process of identifying the security risks of an Information System, with particular reference to the assessment of the architectural choices and the risks that they may involve and the security objectives imposed on the system in relation to the level of sensitivity of the information it manages.
Students will learn how to document their choices, including through the use of automated reporting tools. They will also have acquired the ability to prepare presentations on topics related to risk management.
Ability to continue learning in an autonomous way
The notions acquired during the course will provide students with a basic knowledge in order to further deepen the more technical aspects, and to keep themselves informed about the continuous developments and updates of the assessment of cybersecurity risks of systems and networks.
STEFANO ZATTI Teacher profile
CARMELO ASARO Teacher profile
|Exam reservation date start||Exam reservation date end||Exam date|
- Academic year: 2020/2021
- Curriculum: Curriculum unico
- Year: Second year
- Semester: First semester
- SSD: SECS-P/11
- CFU: 6
- Attività formative affini ed integrative
- Ambito disciplinare: Attività formative affini o integrative
- Exercise (Hours): 36
- Lecture (Hours): 24
- CFU: 6.00
- SSD: SECS-P/11