Programma Information Security Management and Legals

Responsible: Ermete Meda
Hours: 24

Prerequisites:
None

Program:

Global Scenario and the Need for an Information Security Management System (ISMS):

The 4th Industrial Revolution, the orientation toward the 5th, Cyberspace
The evolution of ICT and Cyber Security
The evolution of threats with a brief history of cyberattacks and incidents
The flaws of technology: vulnerabilities of networks, systems and applications – the human factor, the lifecycle of a vulnerability
The evolution of an incident: from its potential possibility to its actual occurrence
The ICT and Cyber Security Budget – Relations with and Issues involving Top Management

Nature of an ISMS:

Basic concepts and principles of information security
The CIA triad (Confidentiality, Integrity and Availability)
Information Security and Cybersecurity
The meaning and contents of “Doing Security”: the three temporal phases (Prevention, Detection & Reaction) and the three areas involved (Technological, Organizational and Legal)
Example of an ISMS process flowchart

Organizational Area:

The Deming PDCA cycle and the ISMS process
Information Security Governance within business processes, separation of roles and responsibilities, the CIO and the IT function, the CISO and the IS function, the RACI matrix, KPIs, and the documentation corpus required to define and implement an ISMS.
The GRC triad: Governance, Risk and Compliance and its fundamental influence on strategies for defining the ISMS process
Definition of SOC, CERT and Computer Forensics

Legal Area:

Introduction to European and Italian legislation relating to Information Security and Cybersecurity. Impact on ISMS-related activities

Technological Area:

Cybersecurity and Critical Infrastructure Protection

Master universitario di II livello e corso di perfezionamento