The objective of the course is to provide students with a wide overview on Risk Analysis, which is characterized by strong multidisciplinarity and a long tradition in fields like Economy, Finance, Business Management, Public Health and Infrastructures. The aim of this course is then to familiarize students with Risk Analysis and Management principles and methods, providing them with analytical and conceptual means for analyzing complex phenomena in the area of information security, evaluating technical aspects and technologies, and approaching how to adopt standard management practices of information security in a corporate environment.
Expected learning outcomes
At the end of the couse, the student should be able to critically analyze international reports/surveys about cybersecurity, in particular evaluating the reliability of statistics. With respect to quantitative models, the student should demonstrate to have learner the fundamentals of models for decision under risk. The student should also be able to evaluate the effectiveness of qualitative models largely adopted for cyber risks analyses, with respect to different classes of risks. Finally, with regard to international standards for Information Security, the student should demontrate to know the steps of a risk assessment process and the evaluation methodology for software vulnerabilities.
Lesson period: First semester
(In case of multiple editions, please check the period, as it may vary)
1. Survey as information sources 2. Definitions and the information security context 3. Classic Risk Analysis: The Expected Utility Model 4. Beyond the classic model: Prospect Theory 5. Common Vulnerability Scoring System (CVSSv3) 6. Qualitative methods and heuristics 7. International standards for security risk management
Prerequisites for admission
No official course book. The teaching material, fully available on the Ariel's course site, is composed by: - documents written by the instructor - surveys, articles, and documents freely accessible online
Assessment methods and Criteria
Written exam (open questions). During the exam, candidates could bring the teaching material available on the course's site. The evaluation is based on the knowledge level demonstrated with respect to the course's content, the ability to present clear and precise analyses, and the clarity of exposition.