Risk Analysis and Management | Università degli Studi di Milano Statale

A.Y. 2024/2025

Max ECTS

Overall hours

SSD

INF/01

Language

Italian

Included in the following degree programmes

Informatics Security (Classe LM-66)-Enrolled from 18/19 Academic Year Until 23/24

Informatics Security (Classe LM-66)-Enrolled from 2024/25 Academic Year

Computer Science (Classe LM-18)-Enrolled from 2014/2015 Academic Year

Learning objectives

The objective of the course is to provide students with a wide overview on Risk Analysis, which is characterized by strong multidisciplinarity and a long tradition in fields like Economy, Finance, Business Management, Public Health and Infrastructures. The aim of this course is then to familiarize students with Risk Analysis and Management principles and methods, providing them with analytical and conceptual means for analyzing complex phenomena in the area of information security, evaluating technical aspects and technologies, and approaching how to adopt standard management practices of information security in a corporate environment.

Expected learning outcomes

At the end of the course, the student should be able to demonstrate a sound understanding of risk analysis principle, and in particular ISO31000:2018 international guideline. He / she will have to possess an appropriate vocabulary in the domain of risk management and understand the interrelationships that characterize the discipline with greater depth regarding the issues relating to IT security

Lesson period: First semester

Lessons timetable

Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi

Exams calendar

Single course

This course cannot be attended as a single course. Please check our list of single courses to find the ones available for enrolment.

Search a single course

Course syllabus and organization

Single session

Responsible

Vallega Alessandro

Lesson period

First semester

Syllabus

Course syllabus

The teaching will cover the following topics: enterprise information systems, information security, introduction to management systems and international best practices, risk management with ISO 31000, information security management systems with ISO/IEC 27000:2018, the risk management process, threat database, security controls. In addition, some vertical insights on opportunities, risks and recommendations of digital transformation (cloud, IoT, artificial intelligence) and finally on the role of the Chief Information Security Officer.

Prerequisites for admission

There are no mandatory prerequisites to participate in this course but given the subject matter it is useful to have a knowledge of information systems of public and private companies, hacker threats, vulnerabilities of hardware/software infrastructures and security measures to protect corporate assets.

Teaching methods

The teaching will be based on lectures and external testimonies from professionals from the world of work. Students will be invited to study collateral topics and volunteers will be able to present their work during the lessons with short interventions.

Teaching Resources

The reference texts, other than the PPT explained in class, are:
1)
Diego Fiorito; Risk management: how to achieve personal and business goals. ISBN 9798686535879 / Except chapter III (pages 59-70). In English.

2)
Risk Management - The ISO 31000 standard. The methodology for effectively applying risk management in all contexts. Third updated edition with 5 case studies. ISBN 8891149837. In Italian.

3)
ISO 31000:2018; Risk management - Guidelines. https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en In English.

4)
ISO/IEC 27000:2018; Information technology - Security techniques - Information security management systems - Overview and vocabulary. https://standards.iso.org/ittf/PubliclyAvailableStandards/index.html In English

5)
Cesare Gallotti; Information security (2022 edition). ISBN 9791220888196 (e-book) and 9791220388450 (hard copy) https://www.cesaregallotti.it/libro.html in Italian. Or Cesare Gallotti; Information Security (2022 edition). ISBN 9791220888851 (e-book) and 9791220388474 (hardcopy) https://www.cesaregallotti.it/libro-ENG.html (English alternative).

Optional books (6-12):
- I primi 100 giorni del Responsabile della Sicurezza delle Informazioni (in Italian) or The first 100 days of the Information Security Manager (in English) downloadable free of charge from https://c4s.clusit.it/

Other books (in Italian) downloadable free of charge from https://c4s.clusit.it/ and in particular the most recent ones such as
- Rischio Digitale Innovazione e Resilienza
- Supply Chain Security
- Intelligenza Artificiale e Sicurezza
- IoT Security e Compliance
- Consapevolmente Cloud.

Finally
- Alan Calder; NIST Cybersecurity Framework. A pocket guide. ISBN 9781787780408 in English

Translated with www.DeepL.com/Translator (free version)

Assessment methods and Criteria

Verification of learning will be through an oral exam. The assessment will strongly consider the correct use of terms and definitions of ISO 31000:2018, the ability to document some hypothetical business risk scenarios, and the understanding of information security (ISO / IEC 27000: 2018).

Course structure

INF/01 - INFORMATICS - University credits: 6

Lessons: 48 hours

Professor: Vallega Alessandro

Professor(s)

Vallega Alessandro

Web site