Information System Security Management
A.Y. 2023/2024
Learning objectives
The course aims to give students the basic skills in the field of IT risk management and ICT security for the compliance to italian laws: such as the privacy law, the anti corruption law, the law on false accounting and the protection of workers' safety.
In this context there will be a study on the technological measures adopted for risk prevention as well as for giving an account of the measures undertaken to avoid computer intrusions.
In this context there will be a study on the technological measures adopted for risk prevention as well as for giving an account of the measures undertaken to avoid computer intrusions.
Expected learning outcomes
At the end of the course the student will be able to:· identify the main ICT risks of an organization; define and implement the organizational and technological measures needed to prevent computer incidents, and in the alternative, to document it; in the event of an incident, to organize the response team, collect and acquire the relevant information.
Lesson period: Second semester
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course can be attended as a single course.
Course syllabus and organization
Single session
Responsible
Lesson period
Second semester
Course syllabus
Elements of criminal procedure
- Actors, stages, evidence, technical investigations (expert report, ct, perizia, incidente probatorio )
Elements of civil procedure
- actors, stages, evidence, technical inspections (ctu)
The digital document and other
- Definition, electronic signatures, evidence
- Privacy law
- D. Lgs. 231/2001
- Labour law and job act
- Control of employees and collaborators
- Video surveillance
- Intellectual property, trade secret and copyright
Risk assessment, audit, evidence management:
- ISO 27037, 27035, 27038, 19011
- Risk assessment
- Incident response
- Forensic readiness plan
Case studies and simulation
- Actors, stages, evidence, technical investigations (expert report, ct, perizia, incidente probatorio )
Elements of civil procedure
- actors, stages, evidence, technical inspections (ctu)
The digital document and other
- Definition, electronic signatures, evidence
- Privacy law
- D. Lgs. 231/2001
- Labour law and job act
- Control of employees and collaborators
- Video surveillance
- Intellectual property, trade secret and copyright
Risk assessment, audit, evidence management:
- ISO 27037, 27035, 27038, 19011
- Risk assessment
- Incident response
- Forensic readiness plan
Case studies and simulation
Prerequisites for admission
No
Teaching methods
Lectures
Teaching Resources
- Slides available on the Ariel web site of the course
Supplementary materials:
- Books on italian civil procedure, italian criminal procedure, privacy
- C. Davis, M. Schiller, K. Wheeler, IT Auditing Using Controls to Protect Information Assets, McGraw-Hill Education
- ISO 27037, 27035, 27038, 19011
Supplementary materials:
- Books on italian civil procedure, italian criminal procedure, privacy
- C. Davis, M. Schiller, K. Wheeler, IT Auditing Using Controls to Protect Information Assets, McGraw-Hill Education
- ISO 27037, 27035, 27038, 19011
Assessment methods and Criteria
Test with ten multiple choise questions + oral exam
ING-IND/35 - BUSINESS AND MANAGEMENT ENGINEERING - University credits: 6
Lessons: 48 hours
Professor:
Caccavella Donato Eugenio
Professor(s)