Unit INFORMATION SECURITY COMPLIANCE, CERTIFICATION AND DIGITAL FORENSICS

Course: Informatics
Study-unit Code: A003520
Curriculum: Artificial intelligence
CFU: 6
Course Regulation: Coorte 2022
Offered: 2023/24
Type of study-unit: Opzionale (Optional)
Type of learning activities: Attività formativa integrata

COMPLIANCE AND CERTIFICATION

Code	A003521
CFU	4
Teacher	Alfredo Milani
Teachers	Alfredo Milani
Hours	42 ore - Alfredo Milani
Learning activities	Affine/integrativa
Area	Attività formative affini o integrative
Academic discipline	INF/01
Type of study-unit	Opzionale (Optional)
Language of instruction	English
Contents	1 Information Security policies Information security standards and certification process 2 Risk analysis and management 3 Product certification and Common Criteria ISO/IEC 15408 4 Process certification and ISO27001 ISO 27002 5 Business Continuity and Disaster recovery 6 Secure Coding best practice and standards 7 Cybersecurity early warning, monitoring and response infrastructures 8 Digital and Computer Forensics
Reference texts	All the reference material is available http://unistudium.unipg.it (ISO standard ISO are available for consultation on request) Lecture notes and slides Auditing Guidelines Documents describing Common Criteria Standard and ISO 2700* standards
Educational objectives	Knowledge of main available standard for Information Security and IT product/process security. Knowledge of main software vulnerability and secure programming best practice Knowledge of main local and international infrastructures for service of monitoring, reactions to critical cybersecutiry events.- Ability of analyzing and assessing the aspects of an IT process/product relate to IT security issues, and their certification. Ability of making a motivated adoption of secure programming techniques. Knowledge of main issue and ability of implementing a process of computer forensics , including digital evidence collection and maintenance
Prerequisites	General knowledge of IT systems, DB management. Basics of computer programming in a standard programming language. Basic principles of cybersecnagement systems, Network maurity
Teaching methods	Front lessons. Case studied and discussions. Expert seminars. Flipped lessons. Students report presentations, Final project
Other information	Elearning platform for student-lecturer interaction and communication (lectures notes, online assignments etc.) http://www.unistudium.unipg.it Classes time tab e and Exams Schedule http://www.dmi.unipg.it/didattica/corsi-di-studio-in-informatica/informatica-magistrale The digital forensic classes will also host seminars from professional expert in the fiels
Learning verification modality	Written Final Examination and final project for students non attending the course. Continuous assessment with assignments and projects for students attending the course. Continuous assignment consisting in students report presentation. Final project will be on assigned topic about information security/digital forensic
Extended program	Programme: 1 Introduction: Information Security policies, example of policies. General principles: logical and physical security. 2 Information security certification: actors of the certification process. Standards and Certification. Product certification: ITSEC, Common Criteria (TOE, assurance level). Process Certification from BS7799 to ISO17799 and to ISO2700* family. The main certification authority and actors in Italy. Auditor professionals certification. 3 Risk analysis and Risk Management. Vulnerabilities and information assets. Quantitative/Qualitative methods. Residual risk. Countermeasures. Emergency and information security disaster management. Information security. Backup policies and techniques. 4 Product Certification for Information Security: ISO/IEC 15408 Common Criteria certification: general structure, Target of Evaluation, Security Target (security target components, security requirement rationale etc.). Security Functional classes and Assurance classes, structurt (classes, families, components, dipendency). The assurance level EAL. Protection Profiles Case studied on CC certificated product. 5 Process certification for Information Security: ISO27001/2 e BS7799 certification. The PDCA process. Structure and goals of an ISMS, the 11 areas of interests. ISO27002 control points. Case studied: auditing a process according to ISO27002. Other certifications e.g. Health Informatics. 6 Secure Coding: most common software errors and vulnerabilities' (guidelines, areas and common weakness enumeration) Secure programming best practice standards. : rules and recommendation, structure, level and assessment of risk and vulnerability 7 Cybersecurity early warning, monitoring and response infrastructures. CERT/CSIRT e ISAC, goals and functions. Situation of CERTs in Italy, Europe and the world. Italian AgID, ENISA CWE Common Weakness enumeration and resources 8 Digital and Computer Forensics: Techniques and methods of digital forensic. Protocols of acquisition, custody chain and integrity of digita evidence The main hardware and software tools. Analysis of non standard digital devices. Counter-forensics.
Obiettivi Agenda 2030 per lo sviluppo sostenibile	Quality Education Industry , Innovation, Infrastrucures Sustainable cities and communities

DIGITAL FORENSICS

Code	A003522
CFU	2
Teacher	Alfredo Milani
Teachers	Alfredo Milani
Hours	42 ore - Alfredo Milani
Learning activities	Affine/integrativa
Area	Attività formative affini o integrative
Academic discipline	INF/01
Type of study-unit	Opzionale (Optional)
Language of instruction	English
Contents	1 Information Security policies Information security standards and certification process 2 Risk analysis and management 3 Product certification and Common Criteria ISO/IEC 15408 4 Process certification and ISO27001 ISO 27002 5 Business Continuity and Disaster recovery 6 Secure Coding best practice and standards 7 Cybersecurity early warning, monitoring and response infrastructures 8 Digital and Computer Forensics
Reference texts	All the reference material is available http://unistudium.unipg.it (ISO standard ISO are available for consultation on request) Lecture notes and slides Auditing Guidelines Documents describing Common Criteria Standard and ISO 2700* standards
Educational objectives	Knowledge of main available standard for Information Security and IT product/process security. Knowledge of main software vulnerability and secure programming best practice Knowledge of main local and international infrastructures for service of monitoring, reactions to critical cybersecutiry events.- Ability of analyzing and assessing the aspects of an IT process/product relate to IT security issues, and their certification. Ability of making a motivated adoption of secure programming techniques. Knowledge of main issue and ability of implementing a process of computer forensics , including digital evidence collection and maintenance
Prerequisites	General knowledge of IT systems, DB management. Basics of computer programming in a standard programming language. Basic principles of cybersecnagement systems, Network maurity
Teaching methods	Front lessons. Case studied and discussions. Expert seminars. Flipped lessons. Students report presentations, Final project
Other information	Elearning platform for student-lecturer interaction and communication (lectures notes, online assignments etc.) http://www.unistudium.unipg.it Classes time tab e and Exams Schedule http://www.dmi.unipg.it/didattica/corsi-di-studio-in-informatica/informatica-magistrale The digital forensic classes will also host seminars from professional expert in the fiels
Learning verification modality	Written Final Examination and final project for students non attending the course. Continuous assessment with assignments and projects for students attending the course. Continuous assignment consisting in students report presentation. Final project will be on assigned topic about information security/digital forensic
Extended program	Programme: 1 Introduction: Information Security policies, example of policies. General principles: logical and physical security. 2 Information security certification: actors of the certification process. Standards and Certification. Product certification: ITSEC, Common Criteria (TOE, assurance level). Process Certification from BS7799 to ISO17799 and to ISO2700* family. The main certification authority and actors in Italy. Auditor professionals certification. 3 Risk analysis and Risk Management. Vulnerabilities and information assets. Quantitative/Qualitative methods. Residual risk. Countermeasures. Emergency and information security disaster management. Information security. Backup policies and techniques. 4 Product Certification for Information Security: ISO/IEC 15408 Common Criteria certification: general structure, Target of Evaluation, Security Target (security target components, security requirement rationale etc.). Security Functional classes and Assurance classes, structurt (classes, families, components, dipendency). The assurance level EAL. Protection Profiles Case studied on CC certificated product. 5 Process certification for Information Security: ISO27001/2 e BS7799 certification. The PDCA process. Structure and goals of an ISMS, the 11 areas of interests. ISO27002 control points. Case studied: auditing a process according to ISO27002. Other certifications e.g. Health Informatics. 6 Secure Coding: most common software errors and vulnerabilities' (guidelines, areas and common weakness enumeration) Secure programming best practice standards. : rules and recommendation, structure, level and assessment of risk and vulnerability 7 Cybersecurity early warning, monitoring and response infrastructures. CERT/CSIRT e ISAC, goals and functions. Situation of CERTs in Italy, Europe and the world. Italian AgID, ENISA CWE Common Weakness enumeration and resources 8 Digital and Computer Forensics: Techniques and methods of digital forensic. Protocols of acquisition, custody chain and integrity of digita evidence The main hardware and software tools. Analysis of non standard digital devices. Counter-forensics.
Obiettivi Agenda 2030 per lo sviluppo sostenibile	Quality Education Industry , Innovation, Infrastrucures Sustainable cities and communities

Il Portale utilizza cookie tecnici in forma anonima, per migliorare l'esperienza di navigazione e cookie tecnici analitici in forma aggregata e anonima, per la raccolta di informazioni statistiche sulle modalità di utilizzo, entrambi necessari. Selezionando "Accetto" si dà il consenso all'utilizzo di cookie di profilazione di terze parti. Selezionando "Non accetto" non sarà possibile utilizzare il servizio "Cerca nel Portale" o altri servizi che utilizzano cookie di profilazione, mentre sarà possibile continuare la navigazione.
Ulteriori informazioni nell'informativa estesa