This course, delivered in English during the second semester of the second year of the Master’s Degree in Cybersecurity, is a mandatory course of the Cyber Analyst track. It explores key approaches, methodologies, and technologies related to intelligence, as well as best practices and strategies for effective incident management. The knowledge gained provides a critical foundation in cybersecurity governance and management, forming an essential part of any cybersecurity expert's professional and cultural toolkit.

Students will develop knowledge, skills, and a comprehensive understanding of the strategies and methodologies underpinning the following areas, with varying levels of depth depending on the topic: • Understanding of key concepts in security governance and how it differs from security management. • Familiarity with methodologies for identifying assets, vulnerabilities, threats, and appropriate security controls. • Awareness of the main risk treatment options and their implications. • Comprehension of the cybersecurity learning continuum and its role in continuous professional development. • Ability to apply various threat modeling and analysis techniques in practical scenarios. • Competence in conducting both qualitative and quantitative risk assessments. • Proficiency in implementing best practices for incident management. • Capability to design a security plan and define a coherent and effective security policy.

Knowledge about computer networks and cloud computing technologies as obtained in “Computer networks and cloud technologies”, the first module of the course “Networks & Cloud Technologies and Security”. Knowledge about fundamental aspects of cybersecurity as obtained in the “Information Systems Security” course, such as security definitions and properties, and the main categories of attacks (e.g., sniffing, spoofing, DOS). Knowledge about network security (e.g., about secure communications, firewall, IDS, IPS) as obtained in “Network and Cloud Security”, the second module of the course “Networks & Cloud Technologies and Security”.

• Fundamentals of Security Governance and Management 0.9 CFU • Threat Modelling and Intelligence 1.5 CFU • Information Risk Assessment 1.5 CFU • Human Resources Security 0.3 CFU • Security Incident Response and Business Continuity 1.5 CFU • Security Auditing 0.3CFU

The course consists mainly of classroom lectures. These are complemented by supervised classroom exercise sessions in which students can apply the concepts learned during the lectures to realistic use cases and discuss them with the instructor. Finally, for a subset of the topics, the course includes lab sessions to help retain the concepts learned during the lectures by observing the related technologies in action. Specifically, the course is structured into lectures in the classroom, laboratories and support to project realization.

The teachers will provide the material (copy of slides and links to online resources) on the course website.

Slides; Esercizi; Esercitazioni di laboratorio; Video lezioni dell’anno corrente; Strumenti di auto-valutazione; Strumenti di collaborazione tra studenti;

Modalità di esame: Prova scritta (in aula); Elaborato progettuale in gruppo;

Exam: Written test; Group project;

... The exam consists of i) the realization of a group project and ii) a written test. Both exam parts are mandatory. For what concerns the project, each group of students is expected to carry out a full-fledged study/activity related to relevant use cases for the course topics (e.g., creating a threat model, or investigating incident response techniques in certain thematic areas). The group composition will be defined partially by the students and partially by the teachers, in order to allow for group heterogeneity. At the end, each group will have to deliver a report and give an oral presentation on the results and findings of their activity. In case of adequately documented needs, the group project may be replaced by an individual project. The maximum grade that can be assigned to the project is 16/32. For what concerns the written test, it may include closed-answer questions, open-answer questions, or exercises to check that the student has acquired the expected knowledge and skills on the topics addressed during the course (i.e., Fundamentals of Security Governance and Management, Threat Modelling and Intelligence, Information Risk Assessment, Human Resources Security, Security Incident Response and Business Continuity, Security Auditing). For the part about skills, the questions may be related to the tools experimented with in the laboratories (i.e., some questions on the topics covered in the laboratory activities may be asked). The test is closed book, i.e., the student cannot consult any material during the test or use any electronic device. Moreover, the test duration is 1 hour. The maximum grade that can be assigned to the written test is 16/32. The final grade is the sum of the grades assigned to the group project and the written test results. If this sum is greater than or equal to 18, it can also be increased by evaluating extra activities. A sample exam test will be available to the students.

Gli studenti e le studentesse con disabilità o con Disturbi Specifici di Apprendimento (DSA), oltre alla segnalazione tramite procedura informatizzata, sono invitati a comunicare anche direttamente al/la docente titolare dell'insegnamento, con un preavviso non inferiore ad una settimana dall'avvio della sessione d'esame, gli strumenti compensativi concordati con l'Unità Special Needs, al fine di permettere al/la docente la declinazione più idonea in riferimento alla specifica tipologia di esame.