This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
security_engineering [2018/08/25 15:28] fabio.massacci@unitn.it [Past Lectures] |
security_engineering [2018/08/25 15:44] fabio.massacci@unitn.it |
||
---|---|---|---|
Line 21: | Line 21: | ||
Regular and active participation in the teaching activities offered by the course (lectures, laboratories and group work) and in independent study and project activities will enable students to: | Regular and active participation in the teaching activities offered by the course (lectures, laboratories and group work) and in independent study and project activities will enable students to: | ||
- | * understand the fundamentals of risk management; | + | * understand the fundamentals of risk management; |
* identify the relevant assets and the corresponding impacts of possible threats for a moderately complex case study; | * identify the relevant assets and the corresponding impacts of possible threats for a moderately complex case study; | ||
* mitigate threats with control according to the risk appetite of a relevant stakeholder; | * mitigate threats with control according to the risk appetite of a relevant stakeholder; | ||
Line 69: | Line 69: | ||
In the report students working in group or alone apply the concepts learned during the course to analyze a real case study. The report will be discussed with the lecturer and a company representative owning the case study. If the work for the report has been done in group, all the group members will normally be assigned the same mark. | In the report students working in group or alone apply the concepts learned during the course to analyze a real case study. The report will be discussed with the lecturer and a company representative owning the case study. If the work for the report has been done in group, all the group members will normally be assigned the same mark. | ||
- | * Step-by-Step Qualita/ve RA Exercises during the course: 16 points | + | * Step-by-Step Qualita/ve RA Exercises during the course: 12 points |
* Identify Assets, Threats, Pre and Post Controls | * Identify Assets, Threats, Pre and Post Controls | ||
- | * Technical Assessment of Cyber Vulnerabilities: 6 points | + | * Technical Assessment of Cyber Vulnerabilities: 8 points |
* Students will use the CVSS (Common Vulnerabilities Scoring System), world standard to identify risk | * Students will use the CVSS (Common Vulnerabilities Scoring System), world standard to identify risk | ||
* from descriptions as they arrive in a CERT Bulletin | * from descriptions as they arrive in a CERT Bulletin | ||
* as they apply to one's own security architecture | * as they apply to one's own security architecture | ||
- | * Final Project: 12 points | + | * Final Project: 14 points |
* A complete detailed quantitative risk assessment of the industrial automation case study security architecture | * A complete detailed quantitative risk assessment of the industrial automation case study security architecture | ||
* Evaluation by Industry experts from the case study | * Evaluation by Industry experts from the case study | ||
Line 82: | Line 82: | ||
Being able to defend one's ideas in class is an important part of the evaluation (if a student cannot explain why s/he choses something him/her will get a negative vote for the relative exercise). | Being able to defend one's ideas in class is an important part of the evaluation (if a student cannot explain why s/he choses something him/her will get a negative vote for the relative exercise). | ||
+ | |||
+ | |||
+ | ==== Reference and Bibliographic Material ==== | ||
+ | |||
+ | The following books might be useful: | ||
+ | * [[http://www.jblearning.com/catalog/9781284055955/|Gibson. "Managing Risk in Information Systems"]]. Jones and Bartlett. ISBN13: 9781284055955 | ||
+ | |||
+ | Other recommended texts are | ||
+ | * [[http://www.cl.cam.ac.uk/~rja14/book.html|Anderson. "Security Engineering"]] For which a old version is also on the web. | ||
+ | * [[https://www.wiley.com/WileyCDA/WileyTitle/productCd-0470741155,miniSiteCd-BSG.html|Gollmann. "Computer Security"]] which is mostly a reference book for Security Technologies. | ||
===== Detailed Schedule and Additional Material ===== | ===== Detailed Schedule and Additional Material ===== | ||
Line 98: | Line 108: | ||
^ Date ^ Weekday ^ Hours ^ Topic ^ Slides ^ Additional materials ^ | ^ Date ^ Weekday ^ Hours ^ Topic ^ Slides ^ Additional materials ^ | ||
+ | To be filled when the course schedule is known (around January). | ||
==== Assigned Exercises (Graded) ==== | ==== Assigned Exercises (Graded) ==== |