Study-unit

Course name	Legal services
Study-unit Code	A003056
Location	PERUGIA
Curriculum	Law and technologies
Lecturer	Paolo Poletti
Lecturers	Paolo Poletti
Hours	42 ore - Paolo Poletti
CFU	6
Course Regulation	Coorte 2022
Supplied	2023/24
Supplied other course regulation
Type of study-unit	Opzionale (Optional)
Type of learning activities	Attività formativa monodisciplinare
Partition
Language of instruction	ENGLISH
Contents	It is crucial to train experts in information security due to the ongoing evolution of cyber threats. The pivotal role of the Chief Information Security Officer (CISO) or Information Security Manager is highlighted, as they must define and implement strategies to enhance the security of businesses or public administrations. According to ENISA, an excessive technical focus can be a barrier to raising awareness among management. Therefore, the Information Security Manager should act as a consultant, setting guidelines for security policies and ensuring they are adhered to.
Reference texts	Lecture notes and slides prepared by the teacher.
Educational objectives	The course aims to provide knowledge for roles in the field of cyber security, such as Information Security Manager, consultants, auditors, security architects, and compliance, privacy, and risk officers. These roles are in demand across various organizations such as companies, public administrations, and professional firms. The course is designed to: develop an understanding and management of cyber threats, which are increasingly complex and numerous, and the planning of prevention systems; apply cyber security knowledge to the practical resolution of cases, implementing appropriate technological measures and managing responsibility related to cyber risk.
Prerequisites	Knowledge of public law and EU law
Teaching methods	The course is organized as follows: lectures; analysis of real-life cases.
Other information	************
Learning verification modality	The learning assessment consists of an oral exam with questions on the topics covered in the program. The exam aims to determine the level of knowledge achieved by the student. The final grade will take into account the accuracy and completeness of the answers, the correctness of the legal-technical language, and the ability to present and argue. The duration of the exam varies depending on how the assessment proceeds.
Extended program	Security and Its Domains Physical, logical, cyber, and safety security; How digitalization changes the domains of security; Related risks; . Security and privacy in digital transformation. Cyber Threat 1 Threat Actors; Goals; . Geopolitical factors influencing the threat. Cyber Threat 2 Cybercrime; Hactivism; . Cyber espionage. Networks IT and OT Networks: Characteristics and Purposes; . Cyber Physical Systems (CPS), Internet of Medical Things (IoMT), IT/OT convergence. Threat Modelling NIST - Special Publication 800-53 Rev. 5); Stages of an attack; Malware and its families; Ransomware: types and economics; Social Engeneering; Man in the Middle; Denial-of-Service; SQL Injection; Drive By; Zero Day Exploit; Tunneling DNS; Botnet; . Third Party Attack. Cybersecurity domains ISO 27002:2022; ISO/IEC 27032; . NIST Special Publication 800-53. CISO Domain 1: Governance; Domain 2: Security Risk Management, Controls, and Audit Management; Domain 3: Security Program Management and Operations; Domain 4: Information Security Core Concepts; . Domain 5: Strategic Planning, Finance, and Vendor Management. Incident Handling Incident Response Plan; Business Continuity Plan; . Disaster Recovery Plan.
Obiettivi Agenda 2030 per lo sviluppo sostenibile

Code	A003056
Location	PERUGIA
CFU	2
Lecturer	Paolo Poletti
Learning activities	Caratterizzante
Area	Discipline giuridiche d'impresa e settoriali
Sector	ING-INF/05
Type of study-unit	Opzionale (Optional)

Code	A003056
Location	PERUGIA
CFU	4
Lecturer	Paolo Poletti
Learning activities	Caratterizzante
Area	Discipline giuridiche d'impresa e settoriali
Sector	ING-INF/05
Type of study-unit	Opzionale (Optional)