20650 - CYBER SECURITY TECHNOLOGIES, PROCEDURES AND POLICIES
Cross-institutional study L. Bocconi - Politecnico Milano
STEFANO ZANERO
Mission & Content Summary
MISSION
CONTENT SUMMARY
The course addresses the most relevant technologies, procedures and policies needed to ensure confidentiality, integrity and availability in an enterprise context, with a specific reference to:
- Cryptographic techniques
- Authentication technologies
- Authorization and access controls technologies and policies
- Network admission control and firewalling technologies and policies
- Secure and anonymous communication protocols
- Secure data storage policies and processes
- Malware prevention technologies, processes and policies
- Incident management technologies and processes
All of these technologies will be used in case studies where a risk-based methodology is applied.
A specific focus will be dedicated to the use of AI concepts and data analysis methods and technologies employed in security related applications. The contents include:
- Artificial intelligence and machine learning
- Uses and limitations of machine learning for security
- Popular classification algorithms (logistic regression, decision trees, etc.)
- The training of classifiers (data preparation, feature selection, overfitting, evaluation)
- Clustering and anomaly detection techniques
- Practical investigation of malware analysis, network security and abuse detection
- Advanced concepts: building production systems, and adversarial machine learning
- Open source intelligence tools
Intended Learning Outcomes (ILO)
KNOWLEDGE AND UNDERSTANDING
After successful completion of this course students will understand:
- The intertwined complexity of confidentiality, integrity and availability needs of organizations
- The cyber security threat landscape.
- The basics of risk assessment as applied to cybersecurity technology and process design
- The internal design, vulnerabilities and pitfalls of the listed classes of cybersecurity technologies, procedures and policies
- the artificial intelligence techniques commonly used in cyber security applications, such as classification, clustering and anomaly detection techniques
- the capabilities and limitations of machine learning techniques for security applications including the types of threats that can and cannot be handled by them.
APPLYING KNOWLEDGE AND UNDERSTANDING
After successful completion of this course students will be able to:
- Analyze confidentiality, integrity and availability needs for enterprise organizations and processes
- Execute a risk-based design approach using different types of cybersecurity technologies
- Analyze and propose process and policy approaches that complement those technologies
- Decide which artificial intelligence tools are appropriate for dealing with certain security threats to organisations and reason about the level of protection afforded by the tools
- Apply classification technology to develop a threat detection system by collecting appropriate training data and training appropriate classifiers
- Apply clustering and anomaly detection techniques to identify anomalous behavior in log data
- Discuss practical aspects of training and testing threat detection systems
- Reason about future security threats that could result from adversarial machine learning techniques.
Teaching methods
- Face-to-face lectures
- Guest speaker's talks (in class or in distance)
- Exercises (exercises, database, software etc.)
- Case studies /Incidents (traditional, online)
- Individual assignments
- Interactive class activities (role playing, business game, simulation, online forum, instant polls)
DETAILS
The learning experience of this course includes, in addition to face-to-face lectures, thought experiments, case discussions, real examples and interactions with guest speakers from different organizations.
During the course small individual assignments will be handed out for later discussion or role playing in class.
Theoretical discussions and practical (programming) exercises will be performed in class, making attendance critical for achieving the desired learning outcomes.
Assessment methods
Continuous assessment | Partial exams | General exam | |
---|---|---|---|
|
x | ||
|
x | ||
|
x |
ATTENDING STUDENTS
- Interactions in class / roleplay / debate (10% of the final grade) designed to verify the student ability to: i) choose and apply the most appropriate technologies and processes and evaluate them against a basic risk landscape; ii) prepare a report, presentation or engage in a discussion on such topics;
- Individual assignments: 20% of final grade
- Final written exam (70% of the final grade), which aims to assess the student’s learning level of theoretical knowledge and the ability to apply it to real scenarios.
NOT ATTENDING STUDENTS
- Individual assignments (submitted via email): 20% of final grade
- Final written exam (80% of the final grade), which aims to assess the student’s learning level of theoretical knowledge and the ability to apply it to real scenarios.
Teaching materials
ATTENDING STUDENTS
- Teaching notes, suggested readings
- Textbook: Anderson, Security Engineering
- Textbook: Clarence Chio & David Freeman, “Machine Learning & Security: Protecting Systems with Data and Algorithms”, O’Reilly.
NOT ATTENDING STUDENTS
- Teaching notes, suggested readings
- Textbook: Anderson, Security Engineering
- Textbook: Shostack, Threat Modeling
- Textbook: Clarence Chio & David Freeman, “Machine Learning & Security: Protecting Systems with Data and Algorithms”, O’Reilly.