Those who have not enrolled in the master's or postgraduate course in Cybersecurity and Critical Infrastructure Protection still have until 7/6/2024 to enroll in the individual teachings of Part III, the more specialized one that can be recognized both by degree program committees as elective teachings and automatically for a future enrollment in the master's or postgraduate course in one of the next editions.
The specificity of the third part also represents a unique opportunity for those who are already employed to update or expand their skills useful for their working career or to change jobs.
All teachings are held in online streaming mode.
Here are the subject details of the specializations in Cyber Defense of IT/OT Systems and GRC for Critical Infrastructure Protection and the Enterprise:
Translated with DeepL.com (free version)
Incident Response and Forensics Analysis
🟣 Responsible: Mattia Epifani, Hours: 24
🟣 Prerequisites: Have attended and passed the "Fundamentals of Computer Forensics" course exam.
🟣 Program:
Incident Handling procedure for IT/IoT (NIST 800-61) (8 hours) (Massa)File system forensic analysis (8 hours) (Picasso)Window forensic analysis (8 hours) (Epifani)Mobile forensics analysis (4 hours) (Epifani)Case studies (4 hours) (Picasso-Meda)
🟣 Main skills learned:Provide the foundation for implementing an incident management procedure based on NIST recommendations (sp 800-61rev.2);Provide the basic skills for the collection of computer evidence sources and their analysis for possible use in court
Incident Response and Forensics Analysis (DFIR) is a cybersecurity field that combines two processes to manage cyber threats:
Digital Forensic Analysis: It focuses on the collection, preservation and analysis of digital evidence. This helps to understand what happened during a cyber attack, how the attackers got into the system, and what data was compromised.Incident Management: Deals with the immediate response to a cyber attack to contain it, eradicate it, and prevent further damage. This may involve isolating infected systems, disrupting attacker access, and removing malware.
Translated with DeepL.com (free version)
In summary, the DFIR provides a thorough understanding of a cyber attack and the necessary steps to restore systems and prevent future attacks.
🟣 Cost: 448 euros
Malware Analysis
🟣 Responsible: Danilo Massa Hours: 24
🟣 Prerequisites: Having attended the Incident Response and Forensic Analysis course; Basic knowledge on network protocols (DNS, HTTP/S, SMB/CIFS,...); Basic knowledge in development languages (C/C++, Python, ...)
🟣 Program:
Malware functionalitiesStatic and dynamic analysis techniques (basic and advanced)Commercial and open source sandboxesRealization of a virtual lab for secure analysis of malicious samplesReverse engineering of malicious executablesMalware scriptsIdentification and use of IoCs (indicators of compromise) inherent in malware
🟣 Major skills learned: Analysis procedure; Identification of IoCs to detect, contain, and eradicate malware; Tools and techniques for analysis of suspicious samples (files)
Malware analysis is an investigative activity of the cyber security field that deals with analyzing malicious software to understand its operation, origins and objectives. It essentially involves inspecting the source code or components of these malicious software to:
Identify the threats they may pose to the computer system.Discover the functionality of the malware.Understand how the malware acts and what kind of damage it can cause.
Through malware analysis, cybersecurity experts are able to develop strategies to neutralize threats and create countermeasures to protect systems from future attacks.
🟣 Cost: 448 euros
Mobile Security
🟣 Responsible: Alessio Merlo Hours: 12
🟣 Pre-requisites: Knowledge of object-oriented programming languages and basics of operating systems; Web, Computer and Network Security course content
🟣 Program:
Fundamentals of the Android operating systemSecurity mechanisms of AndroidStatic and dynamic analysis techniques for mobile applicationsMobile malware evasion techniquesUse of Android app analysis tools: ApkTools, dex2Jar, JD-GUI, MobFSAnalysis of real Android malware on emulated devices
🟣 Main skills learned: Knowledge of Android app structure; Methodologies and tools for analyzing mobile apps; Knowledge of the main techniques adopted by malware on Android
Mobile Security is the set of practices, technologies and solutions designed to protect mobile devices, such as smartphones, tablets and enterprise laptops, from evolving cyber threats.
Its purpose is to safeguard sensitive data, personal information, and systems from:
Malware: Malicious software that can steal data, spy on activity, or compromise the device.Phishing attacks: Attempts to trick users into revealing personal information or login credentials.Unauthorized access: Theft or loss of the device that exposes the data on it.Vulnerability exploitation: Flaws in systems or apps that malicious attackers can use to compromise them.
🟣 Cost: 232 euros
Cloud Security
🟣 Responsible: Alessio Merlo Hours: 12
🟣 Pre-requisites: Web Security skills (OWASP testing guide - Web Security course); VirtualBox virtualization software installed and running
🟣 Program:
The Cyber Exercise is divided into two training phases in which participants will first have to act as attackers (red team) and later as incident handlers (blue team).
In more detail, the first phase consists of a boot2root CTF (capture the flag) challenge, in which participants will have to search for some 0-day web vulnerabilities on a provided virtual machine and exploit them to gain unauthorized access, while in the second phase, participants will have to analyze the machine itself to identify artifacts that indicate the attack and compromise operations they performed.
🟣 Main skills learned: Perform application vulnerability research and execute specific attacks; Identify indicators of compromise to be used to instruct possible identification/protection tools.
Cloud Security is the set of policies, controls and technologies that safeguard data, applications and infrastructure in a cloud computing environment. It is a shared responsibility between cloud service provider (CSP) and customer.
Main goals:
Protect data privacy and confidentiality: Ensure that only authorized users can access data stored in the cloud.Preserve data integrity: Maintain the accuracy and completeness of data in the cloud.Ensure availability of data and applications: Ensure continuous and reliable access to data and applications running in the cloud.Prevent cyber attacks: Protect the cloud environment from malware, phishing and other threats.
Cloud Security covers several aspects:
Network Security: Measures to protect the networks that connect users' devices to the cloud.Application Security: Procedures to ensure the security of applications running in the cloud.Data Security: Controls to protect data stored in the cloud, both at rest and in transit.Access and identity management: Methods to authenticate and authorize users to access cloud resources.
Cloud Security is critical for companies migrating data and processes to the cloud, enabling them to take advantage of the benefits of cloud computing securely and reliably.
🟣 Cost: 232 euros
Cyber Defense and Cyber Intelligence
🟣 Responsible: Rodolfo Zunino Hours: 24
🟣 Pre-requisites: Knowledge of issues related to CyberCrime and Social Engineering.
🟣 Program:
Advance Persistent Threat (APT) (Zunino)Artificial Intelligence for Cyber Security (Zunino)Text mining for OSINT intelligence (Zunino)Cyber Warfare: specific aspects and defense methodologies (Rebora)Intelligence for preventive defense and CyberWarfare (Rebora)Analysis Methods for Preventive Cyber Defense (Martinazzo)Corporate Defense Techniques against Cyber Attacks (Prosperi/Castagnara)
Main skills learned:Methodologies and procedures for preventing and countering APT attacks; Methodologies and procedures for OSINT
Cyber Defense is the set of strategies and actions designed to protect networks, systems and data from cyber attacks. It focuses on prevention, detection, and response to threats.
🟣 Cost: €448.
Standards for ISMS and BCMS Certification: ISO/IEC 27001, ISO 22301
🟣 Responsible: Alessandro Cerasoli Hours: 24
(20 hours Eng. Alessandro Cerasoli, 4 Dr. Fabio Andresi)
🟣 Pre-requisites: Information Security & Risk Management module or equivalent; Business Continuity and Crisis Management module or equivalent.
🟣 Program:
The setting of standards for Management Systems: HLS structure and requirementsHints on the guidelines of the ISO/IEC 270xx and ISO 223xx familiesThe Requirements of ISO/IEC 27001 and ISO 22301: Understanding management and organizational aspectsThe approach to risk in ISO standards (nods to ISO 31000) and how to implement it for ISMSs and BCMSsOverview of ISO/IEC 27002 controlsExamples of applying controls in real-world situationsExtension of ISO/IEC 27002 to the application of security controls in the cloud - ISO/IEC 27017Third-party certification; objectives and benefits for organizationsThe third-party audit process: planning and execution
🟣 Major skills learned: Knowledge of standards related to information security; Approach for Setting up an Information Security Management System and Business Continuity Management System based on ISO standards ; Knowledge of security countermeasures in traditional and cloud environments; Basic knowledge of conducting audit activities
ISO/IEC 27001: Information Security Management Systems (ISMS).
ISO/IEC 27001 is an international standard that specifies requirements for implementing an Information Security Management System (ISMS).Focus: Protecting an organization's confidential information, including financial data, intellectual property and personal information.
ISO 22301: Business Continuity Management Systems (BCMS).
ISO 22301 is an international standard that specifies requirements for implementing a Business Continuity Management System (BCMS).Focus: Ensuring that the organization can quickly restore its critical functions after an unforeseen incident.
In summary, ISO/IEC 27001 and ISO 22301 are complementary standards that help organizations protect their information assets and ensure business continuity.
🟣 Cost: 448 euros
Physical Security
🟣 Responsible: Antonio Rebora Hours: 12
(8 hours Eng. Antonio Rebora, 2 hours Dr. Tiziana Alliani, 2 hours Eng. Andrea Conca)
🟣 Pre-requisites: Knowledge of basic concepts on Critical Infrastructure; Basic knowledge of the main components that constitute a critical infrastructure; Basic knowledge of the main security risks of critical infrastructure;
🟣 Program:
The domain of physical security and its interdependencies with other domains.Concept of interconnection.Concept of security depth. PolicyAnalysis of risk, recalls of basic conceptsThreats, countermeasures and enabling capabilitiesThe architecture of a physical security system in a critical infrastructureThe Operations CenterPhysical and logical structureThe domain of preventionCrisis managementQuick Response TeamCommunication in Emergencies and external relationsBusiness ContinuityCritical Infrastructure and the Country System, public-private partnership: Relationships, methodologies, operational protocols, responsible institutionsTraining, drills, awarenessVisits to security facilities of Critical Airport Infrastructure and Strategic Industries
🟣 Main skills learned: Basic concepts for managing security in a critical infrastructure in the disciplines complementary to the Cyber domain.
Physical Security, or physical security, refers to the set of measures and controls designed to protect:
Establishments: Corporate buildings, offices, data centers and any physical facility that needs protection.Equipment: Computers, servers, mobile devices and any other hardware that contains sensitive data.Resources: Paper documents, confidential information and any other tangible assets of the organization.Personnel: Employees, visitors and anyone within the protected facilities.
It is basically about protecting the company's physical assets from unauthorized access, theft, accidental or intentional damage, and intrusion.
🟣 Cost: 232 euros
Risk Propagation in Interconnected Infrastructures
🟣 Responsible: Paola Girdinio Hours: 12
(4 hours Prof. Paola Girdinio. 8 hours D.ssa Federica Livelli)
🟣 Pre-requisites: Knowledge of basic concepts on Critical Infrastructure; National and international regulations on Critical Infrastructure.
🟣 Program:
Dependency and interdependency.Dimensions for describing interdependencies: formulation of Rinaldi, Peerenboom, KellyHierarchical holographic modelingIntra and Inter dependency between critical infrastructure layersModels and simulationHolistic methodsLeontief's modelTopological approachesSimulations based on agent-based methods
Main skills learned:Knowledge of damage propagation methods in Critical Infrastructure; Predictive models.
Risk propagation in interconnected infrastructures, also known as the domino or cascade effect, is a phenomenon in which an initial disruption or incident within an infrastructure system propagates and amplifies across its connected infrastructures.
Here is a breakdown of the key terms:
Risk: The possibility of an event occurring that could cause damage or loss.Propagation: The act of spreading or transmitting something from one place or person to another.Infrastructure: The basic physical and organizational structures and facilities necessary for the operation of a company or enterprise.Interconnected: Connected to each other in a reciprocal way.
In essence, when critical infrastructure, such as power grids, transportation networks, or communication systems, are interconnected, a problem in one system can have ripple effects on others. These effects can be amplified as each disruption propagates through the interconnected systems.
Here are some key aspects of risk propagation in interconnected infrastructures:
Interdependencies: Modern infrastructures are highly interdependent, meaning they depend on each other to function properly. An outage in one system can quickly create problems in others.Amplification: As the initial outage propagates, it can become more severe due to interconnectedness. For example, a power outage can disrupt communication systems, which in turn can hinder emergency response.Cascading effects: Impacts can accumulate, causing widespread service disruptions, disruptions in service and even physical damage to multiple infrastructures.
By proactively addressing risk propagation, we can improve the overall resilience of critical infrastructure and minimize the impact of incidents on society.
🟣 Cost: 232 euros