COMPUTER SYSTEMS SECURITY

Academic year and teacher
If you can't find the course description that you're looking for in the above list, please see the following instructions >>
Versione italiana
Academic year
2017/2018
Teacher
MASSIMO CARNEVALI
Credits
6
Didactic period
Primo Semestre
SSD
ING-INF/05

Training objectives

Main objective of the course is to provide students with the basis for tackling the main issues relating to information security applied to company operations. You will be given the essential information needed for a basic understanding of the issues mentioned in the program.

The main knowledge gained will be:

Basic concepts of computer security
Problems and vulnerabilities of TCP/IP protocol and systems that use it
Applied Cryptography
Fundamentals of developing secure web applications
Organizational infrastructure required to create a less vulnerable work environment
The main skills (the ability to apply acquired knowledge) will be:

Retrieve the information needed to prevent or manage IT breaches, having the tools to assess the reliability of sources
Analyze an IT infrastructure in order to highlight the critical issues in terms of security
Evaluate the potential vulnerabilities of a web application
Identify potential non technological security weaknesses in a business environment

Prerequisites

Basic knowledge of telecommunication networks, computer networks, computer systems, operating systems, and application software.
Knowledge of TCP/IP protocol.

Course programme

The course forecasts 40 hours of classroom lessons and 20 hours of labs exercises. Classroom lessons are divided into the following three modules:

1. Cyber Security fundamentals
* Basic concepts
* Risk analysis and cost-benefit-simplicity evaluation
* Who is connecting to my network (wired and wireless)
* Vulnerabilities life cycle
* Data security (backups, disaster recovery, redundancy)
* From monitoring to intrusion prevention
* Most diffuse kinds of threats
* Damage control
* Outline of current legislation and certifications
* Useful links

2. Applied Cyber Security
* Encryption fundamentals
* Practical encryption (certificates, digital signature)
* Internet protocols insecurity
* Firewalls and related items
* Expand you network: VPN
* Cookies fundamentals
* Security in web application development
* IOT security
* Biometrics

3. Human and organizational items
* Basic concepts
* BYOD and Shadow IT, two non technological problems
* Who are the "villains"
* How they become "villains" (criminology fundamentals)
* Social Engineering, a rising threat
* Spam, phishing and surroundings
* Bitcoin
* Internet levels
* Password management
* Basic elements of IT process management

Didactic methods

Frontal lectures on all topics of the course.
Exercises at the computer laboratory for the simulation of simple procedures of attack and defense of servers and clients. In the course site there will be the hardware and software prerequisites to be able to follow the exercises with your own PC.

Learning assessment procedures

Exam structure:

1. Short thesis (paper or slides) on a topic of the course chosen by the candidate

2. Final question chosen by teacher

1. SHORT THESIS

The aim of this part of the exam is to assess your ability to synthesize complex technical topics. The essay should not exceed the page size (30 to 50 lines); you may alternatively submit up to five slides (including title). For the elaborate display, you will be allowed a maximum of 3 minutes, after the exposition there will be a short discussion with the teacher. If you will be using information outside course material, you are expected to use reliable sources (for example the sites that will be suggested in class) and to quote them in detail.

2. FINAL QUESTIONS

The aim of this final part of the exam is to assess your general understanding of all the points presented during lessons. The teacher will chose the topics. Students will be required to show a general knowledge of the various items listed in the course program.

The final grade is formulated by the teacher that evaluates all two tests. To pass the exam you must achieve a minimum level of exposure in both tests.

Passing the exam is proof that you have acquired the knowledge and skills specified in the learning objectives.

At the student's request the exam can also be taken in English.

Reference texts

Teacher’s handouts.

The handouts are available on this site, they are divided into the three modules foreseen by the program.
Slide projected during the lessons are accompanied by explanatory notes and links to in-depth websites.
There are also some general study papers on course topics.
Slides are in Italian while the in-depth material and reference sites are mainly in English.