DATA PRIVACY AND SECURITY
Instructional goals
The course provides an in-depth understanding of data privacy and security issues in technology-enabled environments and it focuses on technological solutions, methods and practices for data protection in business organizations and peer to peer networks. This provides students with an understanding of strategic and regulatory issues of data privacy and security as well as an overview of mechanisms for privacy and security assurance in modern organizations. Students in this course will not only gain a deep understanding of the design principles for data privacy and security but they will also acquire the practical skills necessary for their successful applications to problems in science and industry.
Intended learning outcomes
Knowledge and understanding:
The course will offer key concepts and methods to plan, design, implement, manage and audit technological and organizational systems to assure data privacy and security in digital business. In particular, the course will provide a good understanding of the technical, managerial and social issues of data privacy and security and a deep understanding of the strengths and weaknesses of enterprise security architectures.
Applying knowledge and understanding:
On successful completion of this course students will be able to:
Analyze the social and organizational implications of cyber risk in digital ecosystems
Select, design and implement the most appropriate security controls to mitigate risk in digital business
Apply encryption and anonymity techniques to preserve the confidentiality and the privacy of data
Design innovative solutions for ensuring authenticity and accountability in distributed systems
Making judgements:
Students are expected to be able to reflect on the managerial and social responsibilities of applying digital technologies in enterprise systems development. Throughout the entire course, students will be invited to apply their multidisciplinary knowledge to critically assess realistic scenarios for strategic and tactical decision making.
Communications Skills:
This course will give the students the possibility to acquire and to understand major terms and concepts so as to communicate effectively their ideas, findings, proposals, analysis and critical reasoning in the area of data privacy and security. A special emphasis will be given to oral presentations and pitches in project group works, and to writing technical reports and documentation.
Learning skills:
This course will empower students with the capability to learn several analytical tools for managing data, and to apply them to real-world problems in an independent and critical way. A strong emphasis will be given to the application of the techniques and tools covered in the course to complex business problems that are typical of today’s data-driven companies.
Course Contents
The course will cover the following topics:
Challenges to data privacy and security
The cybercrime ecosystem
Software vulnerabilities and cyberattacks
Planning, designing and implementing IT security
Multilevel security
Inference control
High Reliability Organizations
Security operations
Secure Systems Development
New directions in privacy and security
Reference Books
Lecture notes, research papers and course material will be made available on the e-learning platform.
Recommended readings:
Anderson, R. 2020. Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd edition. Indianapolis, Indiana: John Wiley & Sons, Inc.
Dhillon, G. 2018 Information Security, Text & Cases. Prospect Press
Teaching Methods
The course consists of lectures and practical lab sessions. Class activities include discussion of teaching cases and group presentations.
Assessment Method
Continuous assessment will be based on a series of six lab exercises (weeks 4, 5, 7, 8, 10 and 11), a midterm test (week 6) and a final exam. The midterm will count 10% for the final grade. The final exam will count for 30%. Students that will not take the lab exercises and the midterm are required to complete an individual project and take an oral exam after the course.
Thesis assignment criteria
Quality of the research proposal addressing a relevant problem in data privacy and security
Does the syllabus cover sustainability topics?
Yes. In particular, the economic and social sustainability of data platforms and the importance of data privacy and security for societal resilience.
Week 1 Contenuto sessioni on line e on campus
Course intro
Challenges to data privacy and security
Zuboff, S. 2015. Big Other: Surveillance Capitalism and the Prospects of an Information Civilization. Journal of Information Technoloy, 30(30): 75.
Berner, M., Graupner, E., & Maedche, A. 2014. The Information Panopticon in the Big Data Era. Journal of Organization Design, 3(1): 14.
Week 2 Contenuto sessioni on line e on campus
Lab: Introduction to computer networking (Stack TCP/IP)
The Tor network and the cybercrime ecosystem
Spagnoletti, P., Ceci, F., & Bygstad, B. 2021. Online Black-Markets: an investigation of a digital infrastructure in the Dark. Information Systems Frontiers. https://doi.org/10.1007/s10796-021-10187-9.
Week 3 Contenuto sessioni on line e on campus
Lab: detect protocols using Wireshark HTTP, HTTPS, Telnet, IP, MAC, ICMP
Software vulnerabilities and cyberattacks
Guest speaker: Security Affairs
Week 4 Contenuto sessioni on line e on campus
Cybersecurity governance, Incident-centered framework
Baskerville, R., Spagnoletti, P., & Kim, J. 2014. Incident-centered information security: Managing a strategic balance between prevention and response. Information & Management, 51(1): 138–151.
Lab: installing Kali Linux in VMWARE, ARP poisoning with Ettercap and MITMf
Week 5 Contenuto sessioni on line e on campus
Lab: Symmetric and Asymmetric Cryptography
Multilevel security, Health Record Privacy and Inference control
Federal Committee on Statistical Methodology, Report on Statistical Disclosure Limitation Methodology. STATISTICAL POLICY WORKING PAPER 22 (Second version, 2005)
Guest speaker: Deloitte (tbc)
Week 6 Contenuto sessioni on line e on campus
Lab: Blockchain
Planning, designing and implementing IT security
Secure systems Development
Guest speaker: Engineering
Week 7 Contenuto sessioni on line e on campus
Lab: Hash, password cracking, Digital Signature
Mid-term exam
Week 8 Contenuto sessioni on line e on campus
Lab: DoS attacks, scanning attacks
Cyber threat intelligence, OSINT
Guest Speaker: Cy4gate (tbc)
Week 9 Contenuto sessioni on line e on campus
Data-centered security, SIEM, Digital Twins
Salvi, A., Spagnoletti, P., & Noori, N. S. (2021). Cyber-resilience of Critical Cyber Infrastructures: integrating digital twins in the electric power ecosystem. Computers & Security, 102507. https://doi.org/10.1016/j.cose.2021.102507
Lab: Firewall, HIDS, NIDS, machine learning
Week 10 Contenuto sessioni on line e on campus
Normal Accident Theory
Spagnoletti, P., & Za, S. (2021). Digital Resilience to Normal Accidents in High-Reliability Organizations. In S. Aier, P. Rohner, & J. Schelp (Eds.), Engineering the Transformation of the Enterprise: A Design Science Perspective (pp. 339–353). https://doi.org/https://doi.org/10.1007/978-3-030-84655-8_21
Week 11 Contenuto sessioni on line e on campus
High Reliability Organizations
Teaching case: Salvi, A., & Spagnoletti, P. 2021. Organizing amid the Fog of War: data-driven decision making in high-reliable operations. Teaching Cases Luiss University Press, 1–17.
Decentralized data control
Spagnoletti, P., Kazemargi, N., Constantinides, P., & Prencipe, P. (2022). Data control coordination in cloud-based ecosystems: the GAIA-X case. In C. Cennamo, G. B. Dagnino, & F. Zhu (Eds.), Handbook of Research on Digital Strategy. Edward Elgar.
Week 12 Contenuto sessioni on line e on campus
Lab wrap-up
Final exam rehearsal