COMPUTER SYSTEMS SECURITY
Academic year and teacher
If you can't find the course description that you're looking for in the above list,
please see the following instructions >>
- Versione italiana
- Academic year
- 2022/2023
- Teacher
- MASSIMO CARNEVALI
- Credits
- 6
- Didactic period
- Primo Semestre
- SSD
- ING-INF/05
Training objectives
- Main objective of the course is to provide students with the basis for tackling the main issues relating to information security applied to company operations. You will be given the essential information needed for a basic understanding of the issues mentioned in the program.
The main knowledge gained will be:
Basic concepts of computer security
Problems and vulnerabilities of TCP/IP protocol and systems that use it
Applied Cryptography
Fundamentals of developing secure web applications
Organizational infrastructure required to create a less vulnerable work environment
The main skills (the ability to apply acquired knowledge) will be:
Retrieve the information needed to prevent or manage IT breaches, having the tools to assess the reliability of sources
Analyze an IT infrastructure in order to highlight the critical issues in terms of security
Evaluate the potential vulnerabilities of a web application
Identify potential non technological security weaknesses in a business environment Prerequisites
- Basic knowledge of telecommunication networks, computer networks, computer systems, operating systems, and application software.
Knowledge of TCP/IP protocol. Course programme
- The course includes 40 hours of classroom lessons and 20 hours of laboratory exercises. Classroom lessons are divided into the following modules:
1-Summary, fundamentals, information
- Basic concepts
- The levels of the Internet
- Useful sites
2-Risk, certification and governance
- Risk analysis and cost-benefit-simplicity balance
- Certifications
- Outline of IT process management from a security point of view
- Backup
3-Regulations
- Notes on current legislation
- The GDPR
4-Human factor
- The human factor
- BYOD and Shadow-IT
- Social Engineering
- Spam, Phishing and surroundings
- Password management
5-Privacy and online rights
- Privacy
- My information online
- Cookies and other profiling tools
6-The attacks
- Types of attack
7-Who are the bad guys
- Who are the bad guys
- Attacker's behavior (elements of criminology)
- How do bad guys cash out? A few words about Bitcoin and Blockchain
8-Security operation and incident management
- From monitoring to intrusion prevention
- Incident management (Damage Control)
9-Computer forensics
- Digital Forensic
10-Encryption
- Encryption
- Certificates and digital signature
11-Operating systems and virtualization
- Operating systems and virtual infrastructures
12-Vulnerability
- The concept of vulnerability and its life cycle
13-Authentication Authorization
- Authentication, authorization, identification
- Biometric techniques
14-Software security
- Web application security
- Secure software lifecicle
15-Network protocols security
- TCP/IP protocols
- Firewall and surroundings
16-Physical security
- Physical/Hardware layer
17-Internet of Things
- Internet of Things
18-Protection of networks
- Network infrastructure (physical and wifi)
- VPN Didactic methods
- Frontal lectures on all topics of the course.
Exercises at the computer laboratory for the simulation of simple procedures of attack and defense of servers and clients. Learning assessment procedures
- Exam structure:
1. Short thesis (paper or slides) on a topic of the course chosen by the candidate
2. Final question chosen by teacher
1. SHORT THESIS
The aim of this part of the exam is to assess your ability to synthesize complex technical topics. The essay should not exceed the page size (30 to 50 lines); you may alternatively submit up to five slides (including title). For the elaborate display, you will be allowed a maximum of 5 minutes, after the exposition there will be a short discussion with the teacher. If you will be using information outside course material, you are expected to use reliable sources (for example the sites that will be suggested in class) and to quote them in detail.
2. FINAL QUESTIONS
The aim of this final part of the exam is to assess your general understanding of all the points presented during lessons. The teacher will chose the topics.
The final grade is formulated by the teacher that evaluates both tests. To pass the exam you must achieve a minimum level of exposure in both tests.
Passing the exam is proof that you have acquired the knowledge and skills specified in the learning objectives.
At the student's request the exam can also be taken in English. Reference texts
- Teacher’s handouts.
The handouts are available on Google Drive and they are divided into the modules of the program.
Slide projected during the lessons are accompanied by explanatory notes and links to in-depth websites.
Slides are mostly in Italian while the in-depth materials and reference sites are mainly in English.
