Knowledge of information security techniques. Ability to assess the security level of some common software systems and to plan improvement actions.
Course Prerequisites
Knowledge of operating systems principles and applications, computer networking protocols and data base technologies.
Teaching Methods
Frontal, face-to-face lectures
Assessment Methods
Learning outcome will be verified through a written test. The candidate shall have to answer 4 open questions.
Texts
- Stallings, William, Cryptography And Network Security: Principles And Practice, Global Edition (8th ed.), Pearson ed.
- Lecture notes and online references provided by the instructor.
Contents
Introduction Security vs. Safety. Physical security. Information security: privacy, avaliability, integrity, authenticity. Information security threats and countermeasures.
Basic Information Theory and Cryptography Introduction to information theory and cryptography. Historical developement. Symmetric and asymmetric ciphers. Hashing functions and MACs. Pseudo-Random Number Generators. Digital certificates. Cryptanalysis.
Digital Signature Digital documents and digital signatures. Creation, preservation and validation of digital documents. Digital documents as court evidence. Public key infrastructures. Italian and EU laws concerning digital signatures.
Intellectual property Introduction to copyright law. Software and database protection. Audio, video and picture protection. Digital rights management (DRM). Watermarking and steganography.
Communication Protection Information communication and diffusion. Synchronous and asynchronous communication. E-mail. The Web as an information diffusion media. Communication privacy protection. Threats to the freedom and privacy of communications and countermeasures. Phishing.
Systems and Networks Protection Access control: authentication, authorization and accounting. Physical and logical information protection. Networks protection. Firewalls. Threats to systems and communication networks. Malware.
Incident Response e Digital Forensics Incident detection and response. System audit and log analysis.
