Risk Analysis and Management
A.Y. 2019/2020
Learning objectives
The objective of the course is to provide students with a wide overview on Risk Analysis, which is characterized by strong multidisciplinarity and a long tradition in fields like Economy, Finance, Business Management, Public Health and Infrastructures. The aim of this course is then to familiarize students with Risk Analysis and Management principles and methods, providing them with analytical and conceptual means for analyzing complex phenomena in the area of information security, evaluating technical aspects and technologies, and approaching how to adopt standard management practices of information security in a corporate environment.
Expected learning outcomes
At the end of the couse, the student should be able to critically analyze international reports/surveys about cybersecurity, in particular evaluating the reliability of statistics. With respect to quantitative models, the student should demonstrate to have learner the fundamentals of models for decision under risk. The student should also be able to evaluate the effectiveness of qualitative models largely adopted for cyber risks analyses, with respect to different classes of risks. Finally, with regard to international standards for Information Security, the student should demontrate to know the steps of a risk assessment process and the evaluation methodology for software vulnerabilities.
Lesson period: First semester
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course cannot be attended as a single course. Please check our list of single courses to find the ones available for enrolment.
Course syllabus and organization
Single session
Responsible
Lesson period
First semester
Course syllabus
1. Survey as information sources
2. Definitions and the information security context
3. Classic Risk Analysis: The Expected Utility Model
4. Beyond the classic model: Prospect Theory
5. Common Vulnerability Scoring System (CVSSv3)
6. Qualitative methods and heuristics
7. International standards for security risk management
2. Definitions and the information security context
3. Classic Risk Analysis: The Expected Utility Model
4. Beyond the classic model: Prospect Theory
5. Common Vulnerability Scoring System (CVSSv3)
6. Qualitative methods and heuristics
7. International standards for security risk management
Prerequisites for admission
None
Teaching methods
Class lectures
Teaching Resources
No official course book.
The teaching material, fully available on the Ariel's course site, is composed by:
- documents written by the instructor
- surveys, articles, and documents freely accessible online
The teaching material, fully available on the Ariel's course site, is composed by:
- documents written by the instructor
- surveys, articles, and documents freely accessible online
Assessment methods and Criteria
Written exam (open questions). During the exam, candidates could bring the teaching material available on the course's site. The evaluation is based on the knowledge level demonstrated with respect to the course's content, the ability to present clear and precise analyses, and the clarity of exposition.
INF/01 - INFORMATICS - University credits: 6
Lessons: 48 hours
Professor:
Cremonini Marco
Shifts:
-
Professor:
Cremonini MarcoProfessor(s)