Risk Analysis and Management

A.Y. 2024/2025
6
Max ECTS
48
Overall hours
SSD
INF/01
Language
Italian
Learning objectives
The objective of the course is to provide students with a wide overview on Risk Analysis, which is characterized by strong multidisciplinarity and a long tradition in fields like Economy, Finance, Business Management, Public Health and Infrastructures. The aim of this course is then to familiarize students with Risk Analysis and Management principles and methods, providing them with analytical and conceptual means for analyzing complex phenomena in the area of information security, evaluating technical aspects and technologies, and approaching how to adopt standard management practices of information security in a corporate environment.
Expected learning outcomes
At the end of the course, the student should be able to demonstrate a sound understanding of risk analysis principle, and in particular ISO31000:2018 international guideline. He / she will have to possess an appropriate vocabulary in the domain of risk management and understand the interrelationships that characterize the discipline with greater depth regarding the issues relating to IT security
Single course

This course can be attended as a single course.

Course syllabus and organization

Single session

Responsible
Lesson period
First semester
Course syllabus
The teaching will cover the following topics: enterprise information systems, information security, introduction to management systems and international best practices, risk management with ISO 31000, information security management systems with ISO/IEC 27000:2018, the risk management process, threat database, security controls. In addition, some vertical insights on opportunities, risks and recommendations of digital transformation (cloud, IoT, artificial intelligence) and finally on the role of the Chief Information Security Officer.
Prerequisites for admission
There are no mandatory prerequisites to participate in this course but given the subject matter it is useful to have a knowledge of information systems of public and private companies, hacker threats, vulnerabilities of hardware/software infrastructures and security measures to protect corporate assets.
Teaching methods
The teaching will be based on lectures and external testimonies from professionals from the world of work. Students will be invited to study collateral topics and volunteers will be able to present their work during the lessons with short interventions.
Teaching Resources
The reference texts, other than the PPT explained in class, are:
1)
Diego Fiorito; Risk management: how to achieve personal and business goals. ISBN 9798686535879 / Except chapter III (pages 59-70). In English.

2)
Risk Management - The ISO 31000 standard. The methodology for effectively applying risk management in all contexts. Third updated edition with 5 case studies. ISBN 8891149837. In Italian.

3)
ISO 31000:2018; Risk management - Guidelines. https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en In English.

4)
ISO/IEC 27000:2018; Information technology - Security techniques - Information security management systems - Overview and vocabulary. https://standards.iso.org/ittf/PubliclyAvailableStandards/index.html In English

5)
Cesare Gallotti; Information security (2022 edition). ISBN 9791220888196 (e-book) and 9791220388450 (hard copy) https://www.cesaregallotti.it/libro.html in Italian. Or Cesare Gallotti; Information Security (2022 edition). ISBN 9791220888851 (e-book) and 9791220388474 (hardcopy) https://www.cesaregallotti.it/libro-ENG.html (English alternative).

Optional books (6-12):
- I primi 100 giorni del Responsabile della Sicurezza delle Informazioni (in Italian) or The first 100 days of the Information Security Manager (in English) downloadable free of charge from https://c4s.clusit.it/

Other books (in Italian) downloadable free of charge from https://c4s.clusit.it/ and in particular the most recent ones such as
- Rischio Digitale Innovazione e Resilienza
- Supply Chain Security
- Intelligenza Artificiale e Sicurezza
- IoT Security e Compliance
- Consapevolmente Cloud.

Finally
- Alan Calder; NIST Cybersecurity Framework. A pocket guide. ISBN 9781787780408 in English


Translated with www.DeepL.com/Translator (free version)
Assessment methods and Criteria
Verification of learning will be through an oral exam. The assessment will strongly consider the correct use of terms and definitions of ISO 31000:2018, the ability to document some hypothetical business risk scenarios, and the understanding of information security (ISO / IEC 27000: 2018).
INF/01 - INFORMATICS - University credits: 6
Lessons: 48 hours
Professor: Vallega Alessandro