Cybersecurity

Information Security Governance Models and Methodologies (5 hours) SG Best Practices and Guidelines (3 hours) • CSF NIST • ISO 27000 Family Risk Management and Cyber Risks (about 15 hours) • ISO 31000 • A Methodology for establishing a Risk Management Process • Review of existing Risk Management Methodologies • Case Study Security Auditing Threat Modelling (about 15 hours) • Data Flow Diagrams • STRIDE • Attack Trees and Attack Libraries • Attack Graphs Incident Management, SOC and CERT (5 hours) Security Metrics Seminars and case studies (about 15 hours)

The course does not assume any particular prior knowledge. However, basic notions of networking and computer systems are welcome.

At the moment a reference text is not available and slides and Lecture notes will be make available.

The course is delivered in a traditional way through lectures, exercises, seminars

Attendance is not mandatory although it is strongly recommended

The exam will consist of a test with open questions and aims to verify if the student has acquired the methodologies and contents presented during the course.

[1] von Solms, S.H., von Solms, Rossouw "Information Security Governance" Springer, 2009. [2] Refsdal, A,. Solhaug, B., Stolen, K., "Cyber-Risk Management" Springer Briefs in Computer Science, 2015 [3] Shostack, A. "Threat Modeling: Designing for Security", Wiley, 2014 [4] NIST SP 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS), 2007 [5] A. Lazarevic, V. Kumar and J. Srivastava, Intrusion Detection: a Survey. In V. Kumar et al. “Managing Cyber Threats: Issues, Approaches and Challenges”, Springer, 2005. [6] D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford and N. Weaver, The Spread of the Sapphire/Slammer Worm, http://www.cs.berkeley.edu/~nweaver/sapphire/, 2003. [7] D. Powell and R. Stroud, Conceptual Model and Architecture, Deliverable D2, Project MAFTIA IST-1999-11583, IBM Zurich Research Laboratory Research Report RZ 3377, Nov. 2001. [8] NIST Cyber Security Framework https://www.nist.gov/cyberframework [9] S. Staniford, J. A. Hoagland and J. M. McAlerney, Practical automated detection of stealthy portscans, Journal of Computer Security, 10, 105–136, 2002. [10] S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, J. Rowe, S. Staniford-Chen, R. Yip and D. Zerkle, The design of GrIDS: A graph-based intrusion detection system, U.C. Davis Computer Science Department Technical Report CSE-99-2, 1999. [11] M. Roesch, Snort – lightweight intrusion detection for networks, in: Proceedings of the 1999 USENIX LISA Conference, November 1999. http://www.snort.org/. [12] P. Porras and A. Valdes, Live traffic analysis of TCP/IP gateways, in: 1998 Internet Society Symposium on Network and Distributed System Security, San Diego, March 1998. [13] J. Jaeyeon, V. Paxson, A. W. Berger and H. Balakrishnan, Fast portscan detection using sequential hypothesis testing, Proceedings of the IEEE Symposium on Security and Privacy, 2004. [14] NIST SP 800-61, Revision 2 Computer Security Incident Handling Guide - Recommendations of the National Institute of Standards and Technology https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf [15] SANS white paper - SANS: Building a World-Class Security Operations Center: A Roadmap [16] ENISA – Good Practice Guide for Incident Management https://www.enisa.europa.eu/publications/good-practice-guide-for-incident- management [17] SOC (Security operation center) e CERT: definizioni e sinergie per la sicurezza informatica - https://www.agendadigitale.eu/sicurezza/soc-security- operation-center-e-cert-definizioni-differenze-e-sinergie-per-una-migliore- sicurezza/

The course is taught in presence trough regular lectures, case studies and in-class discussion and practical exercises.