Systems and Enterprise Security - A.A. 2017-2018

Lecturer: Leonardo Querzoni
CFUs: 6
Lecture hours:
    1st semester:
    Wednesday 9:00-12:00, room A5
    Friday 11:00-13:00, room A5


Starting from the A.Y. 2018-2019 this course will deeply change both in its contents and in the exam rules. More datails on these changes are available here.
The special exam session of fall 2018 will be the last one based on old rules. Only students that passed the written test by the end of 2018 will be allowed to get their mark following the old rules reported in this page.

Most of today's business are performed on the web or involve the usage of connected devices and systems. Criminal organizations, political groups and industrial competitors active on the web threaten on a daily basis the activities of thousands of companies, agencies and government bodies though cyber attacks. Facing such threats require both knowledge on the basic security tools that can be used to protect information and services, and on the organizational aspects that makes cybersecurity a manageable activity. This course aims at providing students with a bottom-up approach to cybersecurity for complex systems and enterprises.

  • Introduction to cybersecurity
  • System Defense and Monitoring
    • Intrusion detection
    • Network segmentation
    • SIEMs
    • Intrusion tolerance
  • Security Modeling and testing
    • Threat modelling
    • Penetration testing
    • Malware Analysis
  • Risk Management and Security governance
    • Governance for security
    • Cybersecurity frameworks
    • Economics of vulnerabilities

Please remember to fill-in the official forms about your opinions on this course. The new procedure (compulsory before delivering the exam) is detailed at this links


September 29th, 2017 - Course introduction, Introduction to cybersecurity
October 4th, 2017 - Introduction to cybersecurity (cont.)
October 6th, 2017 - Introduction to cybersecurity (cont.)
October 11th, 2017 - Case study: Target, Intrusion detection
October 13th, 2017 - Intrusion detection (cont.)
October 18th, 2017 - Port Scan Detection
October 20th, 2017 - Case studies: Honan's hack | Network segmentation
November 3rd, 2017 - Malware analysis
November 8th, 2017 - Malware analysis
November 10th, 2017 - Chrome hack | SIEM
November 15th, 2017 - Intrusion tolerance
November 22nd, 2017 - Intrusion tolerance
November 24th, 2017 - Risk-based Automated Cyber Defence
November 29th, 2017 - Threat modelling
December 6th, 2017 - Threat modelling | Penetration testing
December 13th, 2017 - Penetration testing | Incident Management | Governance for security and security frameworks
December 13th, 2017 - Economics of vulnerabilities | Course closing


The password for accessing the following PDFs is "ses"

  1. Practical Info - pdf
  2. Introduction to cybersecurity - pdf
  3. Case study: Target - pdf
  4. Intrusion detection - pdf
  5. Port Scan Detection - pdf
  6. Case study: Honan's hack - pdf
  7. Network segmentation - pdf
  8. Malware analysis - pdf 1, pdf 2, pdf 3, VM (10Gb)
  9. Case study: How to hack Chrome in 6 simple steps - pdf
  10. SIEM - pdf
  11. Intrusion tolerance - pdf
  12. Risk-based Automated Cyber Defence - pdf
  13. Threat modeling - pdf
  14. Threat modeling example - pdf
  15. Penetration testing - pdf
  16. Incident management - pdf
  17. Governance for security - pdf
  18. The cost of vulnerabilities - pdf


  • January 25th, 2018 - Room B2 at 14:30. Enroll on Infostud.
  • February 19th, 2018 - Room B2 at 14:30. Enroll on Infostud.
  • April 19th, 2018 - Room A3 at 15:00. Enroll on Infostud.
  • June 21st, 2018 - Room B2 at 14:30. Enroll on Infostud.
  • July 16th, 2018 - Room B2 at 14:30. Enroll on Infostud.
  • September 17th, 2018 - Room B2 at 14:30. Enroll on Infostud.
  • October 19th, 2018 - Room A5 at 9:00. Enroll on Infostud.

Exam rules
Report templates: Word - LaTeX
Info for practical assignments on malware analysis

Useful links

Introduction to modern attack techniques and strategies



Intrusion Detection

Network segmentation

Threat modeling

Incident management

Penetration testing