Course 2019-2020 a.y.

20650 - CYBER SECURITY TECHNOLOGIES, PROCEDURES AND POLICIES

Cross-institutional study L. Bocconi - Politecnico Milano

Course taught in English
Go to class group/s: 25
CYBER (6 credits - I sem. - OB  |  INF/01)
Course Director:
STEFANO ZANERO

Classes: 25 (I sem.)
Instructors:
Class 25: STEFANO ZANERO


Mission & Content Summary

MISSION

Cybersecurity is a complex problem, in part technical, in part social, in part procedural. For this reason, it needs to be addressed with a complex array of technologies, procedures and policies. This course will introduce the main goals of cybersecurity in an organization (confidentiality, integrity and availability), and then introduce the technologies and the processes that are used to ensure them. For each type of technology or process we will discuss risk-based design and deployment assumptions, common pitfalls, and work through case-based and incident-based discussions. As a specifically important subject, a large part of the course will be dedicated to the use of Artificial Intelligence and in particular machine learning techniques, which have become prevalent in, and integral to, many cybersecurity applications including threat prediction, detection, and prevention. Understanding the capabilities and limitations of this technology is thus critical for assessing and managing cyber risk within an organization. Students will be introduced specifically to the main AI technologies used for classification, clustering and anomaly detection with practical applications in areas including malware analysis, and network security.

CONTENT SUMMARY

The course addresses the most relevant technologies, procedures and policies needed to ensure confidentiality, integrity and availability in an enterprise context, with a specific reference to:
- Cryptographic techniques

- Authentication technologies

- Authorization and access controls technologies and policies

- Network admission control and firewalling technologies and policies

- Secure and anonymous communication protocols

- Secure data storage policies and processes

- Malware prevention technologies, processes and policies

- Incident management technologies and processes

 

All of these technologies will be used in case studies where a risk-based methodology is applied.

 

A specific focus will be dedicated to the use of AI concepts and data analysis methods and technologies employed in security related applications. The contents include:

- Artificial intelligence and machine learning

- Uses and limitations of machine learning for security

- Popular classification algorithms (logistic regression, decision trees, etc.)

- The training of classifiers (data preparation, feature selection, overfitting, evaluation)

- Clustering and anomaly detection techniques

 - Practical investigation of malware analysis, network security and abuse detection

 - Advanced concepts: building production systems, and adversarial machine learning

 - Open source intelligence tools


Intended Learning Outcomes (ILO)

KNOWLEDGE AND UNDERSTANDING

At the end of the course student will be able to...

After successful completion of this course students will understand:

  • The intertwined complexity of confidentiality, integrity and availability needs of organizations
  • The cyber security threat landscape.
  • The basics of risk assessment as applied to cybersecurity technology and process design
  • The internal design, vulnerabilities and pitfalls of the listed classes of cybersecurity technologies, procedures and policies
  • the artificial intelligence techniques commonly used in cyber security applications, such as classification, clustering and anomaly detection techniques
  • the capabilities and limitations of machine learning techniques for security applications including the types of threats that can and cannot be handled by them.

APPLYING KNOWLEDGE AND UNDERSTANDING

At the end of the course student will be able to...

After successful completion of this course students will be able to:

  • Analyze confidentiality, integrity and availability needs for enterprise organizations and processes
  • Execute a risk-based design approach using different types of cybersecurity technologies
  • Analyze and propose process and policy approaches that complement those technologies
  • Decide which artificial intelligence tools are appropriate for dealing with certain security threats to organisations and reason about the level of protection afforded by the tools
  • Apply classification technology to develop a threat detection system by collecting appropriate training data and training appropriate classifiers
  • Apply clustering and anomaly detection techniques to identify anomalous behavior in log data
  • Discuss practical aspects of training and testing threat detection systems
  • Reason about future security threats that could result from adversarial machine learning techniques.

Teaching methods

  • Face-to-face lectures
  • Guest speaker's talks (in class or in distance)
  • Exercises (exercises, database, software etc.)
  • Case studies /Incidents (traditional, online)
  • Individual assignments
  • Interactive class activities (role playing, business game, simulation, online forum, instant polls)

DETAILS

The learning experience of this course includes, in addition to face-to-face lectures, thought experiments, case discussions, real examples and interactions with guest speakers from different organizations.

During the course small individual assignments will be handed out for later discussion or role playing in class.

 

Theoretical discussions and practical (programming) exercises will be performed in class, making attendance critical for achieving the desired learning outcomes.


Assessment methods

  Continuous assessment Partial exams General exam
  • Written individual exam (traditional/online)
    x
  • Individual assignment (report, exercise, presentation, project work etc.)
x    
  • Active class participation (virtual, attendance)
x    

ATTENDING STUDENTS

  • Interactions in class / roleplay / debate (10% of the final grade) designed to verify the student ability to: i) choose and apply the most appropriate technologies and processes and evaluate them against a basic risk landscape; ii) prepare a report, presentation or engage in a discussion on such topics;
  • Individual assignments: 20% of final grade
  • Final written exam (70% of the final grade), which aims to assess the student’s learning level of theoretical knowledge and the ability to apply it to real scenarios.

NOT ATTENDING STUDENTS

  • Individual assignments (submitted via email): 20% of final grade
  • Final written exam (80% of the final grade), which aims to assess the student’s learning level of theoretical knowledge and the ability to apply it to real scenarios.

Teaching materials


ATTENDING STUDENTS

  • Teaching notes, suggested readings
  • Textbook: Anderson, Security Engineering
  • Textbook: Clarence Chio & David Freeman, “Machine Learning & Security: Protecting Systems with Data and Algorithms”,  O’Reilly.

NOT ATTENDING STUDENTS

  • Teaching notes, suggested readings
  • Textbook: Anderson, Security Engineering
  • Textbook: Shostack, Threat Modeling
  • Textbook: Clarence Chio & David Freeman, “Machine Learning & Security: Protecting Systems with Data and Algorithms”,  O’Reilly.
Last change 06/06/2019 17:36