User Tools

Site Tools


security_engineering

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
security_engineering [2018/08/25 13:31]
fabio.massacci@unitn.it [Assessment Methods and Criteria]
security_engineering [2021/01/29 10:58] (current)
Line 17: Line 17:
  
 The course will introduce students to the key principles of Security Risk Assessment (Risk and Threat Analysis, Risk Assessment, Control Frameworks) both qualitatively and quantitatively. The student will identify threats and the corresponding security controls appropriate for two industrial case studies. The course will introduce students to the key principles of Security Risk Assessment (Risk and Threat Analysis, Risk Assessment, Control Frameworks) both qualitatively and quantitatively. The student will identify threats and the corresponding security controls appropriate for two industrial case studies.
 +
 +//Students interested in further exploring the research topics behind this area can also take a Software Project (6ECTS) or a Research Project (12ECTS) by contacting the lecturers.//​
 +
  
 ==== Intended learning outcomes ==== ==== Intended learning outcomes ====
  
 Regular and active participation in the teaching activities offered by the course (lectures, laboratories and group work) and in independent study and project activities will enable students to: Regular and active participation in the teaching activities offered by the course (lectures, laboratories and group work) and in independent study and project activities will enable students to:
- * understand the fundamentals of risk management;+  ​* understand the fundamentals of risk management;
   * identify the relevant assets and the corresponding impacts of possible threats for a moderately complex case study;   * identify the relevant assets and the corresponding impacts of possible threats for a moderately complex case study;
   * mitigate threats with control according to the risk appetite of a relevant stakeholder;​   * mitigate threats with control according to the risk appetite of a relevant stakeholder;​
Line 82: Line 85:
  
 Being able to defend one's ideas in class is an important part of the evaluation (if a student cannot explain why s/he choses something him/her will get a negative vote for the relative exercise). Being able to defend one's ideas in class is an important part of the evaluation (if a student cannot explain why s/he choses something him/her will get a negative vote for the relative exercise).
 +
 +
 +==== Reference and Bibliographic Material ====
 +
 +The following books might be useful:
 +  * [[http://​www.jblearning.com/​catalog/​9781284055955/​|Gibson. "​Managing Risk in Information Systems"​]]. Jones and Bartlett. ISBN13: 9781284055955
 +
 +Other recommended texts are 
 +  * [[http://​www.cl.cam.ac.uk/​~rja14/​book.html|Anderson. "​Security Engineering"​]] For which a old version is also on the web.
 +  * [[https://​www.wiley.com/​WileyCDA/​WileyTitle/​productCd-0470741155,​miniSiteCd-BSG.html|Gollmann. "​Computer Security"​]] which is mostly a reference book for Security Technologies.
  
 ===== Detailed Schedule and Additional Material ===== ===== Detailed Schedule and Additional Material =====
security_engineering.1535203893.txt.gz ยท Last modified: 2021/01/29 10:58 (external edit)