Information System Security Management
A.Y. 2019/2020
Learning objectives
The course aims to give students the basic skills in the field of IT risk management and ICT security for the compliance to italian laws: such as the privacy law, the anti corruption law, the law on false accounting and the protection of workers' safety.
In this context there will be a study on the technological measures adopted for risk preventionas well as for giving an account of the measures undertaken to avoid computer intrusions.
In this context there will be a study on the technological measures adopted for risk preventionas well as for giving an account of the measures undertaken to avoid computer intrusions.
Expected learning outcomes
At the end of the course the student will be able to:· identify the main ICT risks of an organization; define and implement the organizational and technological measures needed to prevent computer incidents, and in the alternative, to document it; in the event of an incident, to organize the response team, collect and acquire the relevant information.
Lesson period: Second semester
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course cannot be attended as a single course. Please check our list of single courses to find the ones available for enrolment.
Course syllabus and organization
Single session
Lesson period
Second semester
Course syllabus
Elements of law
Elements of criminal proceedings
o Actors of the criminal trial
o Stages of criminal proceedings
o Means of gathering evidence in criminal proceedings
o Technical investigations in criminal proceedings (expert report, ct, evidentiary incident )
Elements of civil procedure
o Types of proceedings (civil, protective)
o Steps of civil proceedings
o Means of gathering evidence in the civil process
o Technical inspections in the civil process
The digital document
o Definition of IT document
o Electronic signatures: technical and legal aspects
o The evidentiary value of the computer document
Other relevant standards
o Normativa privacy
o Criminal liability of institutions: Legislative Decree no. 231/2001
o Relevant aspects on the management of the informative systems regarding D.Lgs. 231/2001
o Labour law and job act
o Control of employees and collaborators
o Video surveillance of workplaces
o Intellectual property, industrial secrecy and copyright
Technical aspects of risk assessment, prevention and control
ISO standard
o ISO/IEC 27037
o ISO/IEC 27035
o ISO/IEC 27038
o ISO/IEC 19011
Response to IT incidents
o The risk assessment phase
o The incident response
o Forensic readiness plan
Cases of study
o Management of company information systems for the protection of industrial property
o Management of company information systems for staff control
o Management of health information systems
o Technical measures for process and software certification
simulation
o A practical case: risk assessment
o A Practical Case: Response to the Accident
o A practical case: trial simulation
Finally, the teaching also includes reproductions in technical laboratories, practical exercises and real simulations of debates, aimed at deepening roles, skills and dynamics both corporate but also for some cases of trial.
Elements of criminal proceedings
o Actors of the criminal trial
o Stages of criminal proceedings
o Means of gathering evidence in criminal proceedings
o Technical investigations in criminal proceedings (expert report, ct, evidentiary incident )
Elements of civil procedure
o Types of proceedings (civil, protective)
o Steps of civil proceedings
o Means of gathering evidence in the civil process
o Technical inspections in the civil process
The digital document
o Definition of IT document
o Electronic signatures: technical and legal aspects
o The evidentiary value of the computer document
Other relevant standards
o Normativa privacy
o Criminal liability of institutions: Legislative Decree no. 231/2001
o Relevant aspects on the management of the informative systems regarding D.Lgs. 231/2001
o Labour law and job act
o Control of employees and collaborators
o Video surveillance of workplaces
o Intellectual property, industrial secrecy and copyright
Technical aspects of risk assessment, prevention and control
ISO standard
o ISO/IEC 27037
o ISO/IEC 27035
o ISO/IEC 27038
o ISO/IEC 19011
Response to IT incidents
o The risk assessment phase
o The incident response
o Forensic readiness plan
Cases of study
o Management of company information systems for the protection of industrial property
o Management of company information systems for staff control
o Management of health information systems
o Technical measures for process and software certification
simulation
o A practical case: risk assessment
o A Practical Case: Response to the Accident
o A practical case: trial simulation
Finally, the teaching also includes reproductions in technical laboratories, practical exercises and real simulations of debates, aimed at deepening roles, skills and dynamics both corporate but also for some cases of trial.
Prerequisites for admission
No one
Teaching methods
Lectures
Teaching Resources
Elementi Maior di Diritto Processuale Civile
A cura di Antonella Comite
Simone Editore
Elementi Maior di Diritto Processuale Penale
Simone Editore
Elementi Maior di Legislazione in materia di documentazione e semplificazione amministrativa
Simone Editore
Privacy e Pubblica Amministrazione
Autori Beatrice Locoratolo
Simone Editore
Manuale di Organizzazione Aziendale
Autori Antonio Sortino
Simone Editore
IT Auditing Using Controls to Protect Information Assets,
C. Davis, M. Schiller, K. Wheeler, McGraw-Hill Education
Health and Safety, Environment and Quality Audits: A risk-based approach
S. Asbury, Routledge
A Guide to Effective Internal Management System Audits: Implementing Internal Audits as a Risk Management Tool
A. W. Nichols, IT Governance Publishing
Il processo
Franz Kafka
I fratelli Kramazov
Fëdor Dostoevskij
Rashom
Akira Kurosawa
FILM
A cura di Antonella Comite
Simone Editore
Elementi Maior di Diritto Processuale Penale
Simone Editore
Elementi Maior di Legislazione in materia di documentazione e semplificazione amministrativa
Simone Editore
Privacy e Pubblica Amministrazione
Autori Beatrice Locoratolo
Simone Editore
Manuale di Organizzazione Aziendale
Autori Antonio Sortino
Simone Editore
IT Auditing Using Controls to Protect Information Assets,
C. Davis, M. Schiller, K. Wheeler, McGraw-Hill Education
Health and Safety, Environment and Quality Audits: A risk-based approach
S. Asbury, Routledge
A Guide to Effective Internal Management System Audits: Implementing Internal Audits as a Risk Management Tool
A. W. Nichols, IT Governance Publishing
Il processo
Franz Kafka
I fratelli Kramazov
Fëdor Dostoevskij
Rashom
Akira Kurosawa
FILM
Assessment methods and Criteria
Examination tests shall consist of a written test consisting of 7 questions, the free answer of which must not exceed approximately 700 typr - duration 1 hour
ING-IND/35 - BUSINESS AND MANAGEMENT ENGINEERING - University credits: 6
Lessons: 48 hours
Professor:
Caccavella Donato Eugenio
Shifts:
-
Professor:
Caccavella Donato Eugenio