This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
security_engineering [2018/08/25 15:31] fabio.massacci@unitn.it [Assessment Methods and Criteria] |
security_engineering [2018/08/25 15:44] fabio.massacci@unitn.it |
||
---|---|---|---|
Line 21: | Line 21: | ||
Regular and active participation in the teaching activities offered by the course (lectures, laboratories and group work) and in independent study and project activities will enable students to: | Regular and active participation in the teaching activities offered by the course (lectures, laboratories and group work) and in independent study and project activities will enable students to: | ||
- | * understand the fundamentals of risk management; | + | * understand the fundamentals of risk management; |
* identify the relevant assets and the corresponding impacts of possible threats for a moderately complex case study; | * identify the relevant assets and the corresponding impacts of possible threats for a moderately complex case study; | ||
* mitigate threats with control according to the risk appetite of a relevant stakeholder; | * mitigate threats with control according to the risk appetite of a relevant stakeholder; | ||
Line 71: | Line 71: | ||
* Step-by-Step Qualita/ve RA Exercises during the course: 12 points | * Step-by-Step Qualita/ve RA Exercises during the course: 12 points | ||
* Identify Assets, Threats, Pre and Post Controls | * Identify Assets, Threats, Pre and Post Controls | ||
- | * Technical Assessment of Cyber Vulnerabilities: 10 points | + | * Technical Assessment of Cyber Vulnerabilities: 8 points |
* Students will use the CVSS (Common Vulnerabilities Scoring System), world standard to identify risk | * Students will use the CVSS (Common Vulnerabilities Scoring System), world standard to identify risk | ||
* from descriptions as they arrive in a CERT Bulletin | * from descriptions as they arrive in a CERT Bulletin | ||
* as they apply to one's own security architecture | * as they apply to one's own security architecture | ||
- | * Final Project: 12 points | + | * Final Project: 14 points |
* A complete detailed quantitative risk assessment of the industrial automation case study security architecture | * A complete detailed quantitative risk assessment of the industrial automation case study security architecture | ||
* Evaluation by Industry experts from the case study | * Evaluation by Industry experts from the case study | ||
Line 82: | Line 82: | ||
Being able to defend one's ideas in class is an important part of the evaluation (if a student cannot explain why s/he choses something him/her will get a negative vote for the relative exercise). | Being able to defend one's ideas in class is an important part of the evaluation (if a student cannot explain why s/he choses something him/her will get a negative vote for the relative exercise). | ||
+ | |||
+ | |||
+ | ==== Reference and Bibliographic Material ==== | ||
+ | |||
+ | The following books might be useful: | ||
+ | * [[http://www.jblearning.com/catalog/9781284055955/|Gibson. "Managing Risk in Information Systems"]]. Jones and Bartlett. ISBN13: 9781284055955 | ||
+ | |||
+ | Other recommended texts are | ||
+ | * [[http://www.cl.cam.ac.uk/~rja14/book.html|Anderson. "Security Engineering"]] For which a old version is also on the web. | ||
+ | * [[https://www.wiley.com/WileyCDA/WileyTitle/productCd-0470741155,miniSiteCd-BSG.html|Gollmann. "Computer Security"]] which is mostly a reference book for Security Technologies. | ||
===== Detailed Schedule and Additional Material ===== | ===== Detailed Schedule and Additional Material ===== |