93470 - Cybersecurity

Academic Year 2021/2022

Learning outcomes

At the end of the course, the student knows the basic principles of computer security and he/she is able to identify the main problems of computer and network security. He/she gets to understand and explain the main protocols and mechanisms used for securing communications and data transfer. He/she is able to perform a critical evaluation of the security of a computing infrastructure and to suggest the best countermeasures to mitigate the vulnerabilities, reduce the risk and increase the resilience to attacks. He/she is also capable of contributing to the design of systems that are secure by design and understanding the basic problems of computer forensics. Finally, he/she is able to design and contribute to the enhancement of the security of devices exposed to the Internet.

Course contents

  1. Computer and network security basics. Threats, Risks, Attacks, and Assets. Security Functional Requirements.
  2. Small introduction to cryptography. Symmetric Encryption. Public-Key Encryption. Digital Signatures and Key Management.
  3. User authentication and authentication-related problems.
  4. Access control.
  5. Malicious software.
  6. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks.
  7. Intrusion Detection Systems (IDS).
  8. Design and implementation of Firewalls.
  9. Security aspects in design and implementation of software.
  10. Security management and risk assessment. Management. Risk analysis and evaluation. Design and implementation of security policies. Social engineering and human-in-the loop. Auditing.
  11. Computer forensics and anti-computer forensics techniques.

Readings/Bibliography

Teaching materials:

  • course book;
  • slides (available on Virtuale;
  • additional resources (i.e. selected scientific papers and technical articles).


The course book is: Computer Security: Principles and Practice, 4/E William Stallings, Lawrie Brown. Global Edition. ISBN-10: 1292220619. ISBN-13: 978-1292220611

The detailed knowledge of the previously listed teaching material is mandatory for a positive outcome of the examination. The study of the slides is not sufficient for getting an adequate knowledge of the course topics.

A list with the parts of the course book that are in the course program is available on Virtuale. Moreover, the course webpage contains a tentative schedule of the lesson and pointers to the selected scientific papers that will be assigned during the course. The reading of these additional resources has the goal to provide a deep knowledge of some specific security aspects.

On Virtuale is also available a list of "Frequently Asked Questions".

Teaching methods

The lesson (52 hours) are used for both teaching (with slides projected during the lessons) and to promote the class discussion on some selected topics. The class discussion is of main importance to foster a "critical thinking" approach among the students.

In specific lessons (scheduled in advance and reported in the course website) a part of the lesson is reserved for the discussion of the scientific papers and technical articles that have been assigned during a previous lesson.

Assessment methods

The final examination has the goal to check if the student has an adequate knowledge of the main course topics and is both able to evaluate the security of modern systems and to propose effective solutions to the main security issues.

The exam consists of a 90-minutes written test (implemented using the EsamiOnLine platform); no books, notes or electronic devices can be accessed during the test. The exam is made of 5 questions that cover all the teaching material. The maximum evaluation score is 30/30.

To attend the exam, each student must sign up via AlmaEsami within a deadline. Those who cannot sign up must immediately communicate the problem to the teaching secretariat (and the teacher). Deciding whether to allow them to attend the exam or not is up to the teacher. Once the test results have been published, each student has some days to decide if (s)he wants to refuse the grade or not.

Teaching tools

The slides and all the additional resources used during the lessons are available on Virtuale.

Office hours

See the website of Gabriele D'Angelo

SDGs

Quality education Industry, innovation and infrastructure Sustainable cities

This teaching activity contributes to the achievement of the Sustainable Development Goals of the UN 2030 Agenda.