The legal questions issued by compliance and liability systems, as regulated by current sources, as well as those related to the admissibility and effectiveness of the so-called digital evidence, requires the training of jurists capable of understanding technical IT language and issues arising from cybersecurity systems; on the other hand, it is considered crucial to provide engineering students with the opportunity to acquire institutional knowledge on the legal issues involved in relationships originating from the fulfillment of cybersecurity obligations and the violation of the related systems.
The immediate objective is to build a law clinic in which, through the consolidated learning by doing methodology, law and engineering teachers can share the teaching load and, after an initial part dedicated to the study of some fundamental contents, submit to student teams (composed in a mixed way) the analysis, development and proposals for solutions of practical cases.
The mediated objective consists in the creation of a common grammar between jurists and engineers, called upon to deal with cyber security.
In particular, the activation of the course at the Department of Law aims to provide basic knowledge on the following macro-topics:
- Law regulating cyber security;
- EU Directive 2555/2022 on measures for a high common level of cybersecurity across the Union, (so-called NIS 2 Directive);
- EU Regulation 2841/2023, laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union;
- the responsibility of the subjects required to provide Cybersecurity services, with respect to the violation of the related compliance obligations;
- data protection;
- the burden of the proof;
- digital evidence;
- elements of cybersecurity and Confidentiality-Integrity-Availability triad;
- symmetric key cryptography elements;
- elements of public key cryptography and digital signature;
- elements of forensic analysis;
- IT and OT architectures;
- security elements in networks and software (IT and OT).
Class will be carried out by professor Angelo Danilo De Santis, as regards the legal aspects, and by professors Stefano Panzieri and Stefano Iannucci, as regards the engineering aspects.
A central role will be played by cybersecurity professionals as well as by partnerships with primary economic operators.
The immediate objective is to build a law clinic in which, through the consolidated learning by doing methodology, law and engineering teachers can share the teaching load and, after an initial part dedicated to the study of some fundamental contents, submit to student teams (composed in a mixed way) the analysis, development and proposals for solutions of practical cases.
The mediated objective consists in the creation of a common grammar between jurists and engineers, called upon to deal with cyber security.
In particular, the activation of the course at the Department of Law aims to provide basic knowledge on the following macro-topics:
- Law regulating cyber security;
- EU Directive 2555/2022 on measures for a high common level of cybersecurity across the Union, (so-called NIS 2 Directive);
- EU Regulation 2841/2023, laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union;
- the responsibility of the subjects required to provide Cybersecurity services, with respect to the violation of the related compliance obligations;
- data protection;
- the burden of the proof;
- digital evidence;
- elements of cybersecurity and Confidentiality-Integrity-Availability triad;
- symmetric key cryptography elements;
- elements of public key cryptography and digital signature;
- elements of forensic analysis;
- IT and OT architectures;
- security elements in networks and software (IT and OT).
Class will be carried out by professor Angelo Danilo De Santis, as regards the legal aspects, and by professors Stefano Panzieri and Stefano Iannucci, as regards the engineering aspects.
A central role will be played by cybersecurity professionals as well as by partnerships with primary economic operators.
scheda docente
materiale didattico
- EU Directive 2555/2022 on measures for a high common level of cybersecurity across the Union, (so-called NIS 2 Directive);
- EU Regulation 2841/2023, laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union;
- the responsibility of the subjects required to provide Cybersecurity services, with respect to the violation of the related compliance obligations;
- data protection;
- the burden of the proof;
- digital evidence;
- elements of cybersecurity and Confidentiality-Integrity-Availability triad;
- symmetric key cryptography elements;
- elements of public key cryptography and digital signature;
- elements of forensic analysis;
- IT and OT architectures;
- security elements in networks and software (IT and OT).
Mutuazione: 20110795-1 Clinica legale sulla Cybersecurity modulo 1 in GIURISPRUDENZA LMG/01 DE SANTIS ANGELO DANILO
Programma
- Law regulating cyber security;- EU Directive 2555/2022 on measures for a high common level of cybersecurity across the Union, (so-called NIS 2 Directive);
- EU Regulation 2841/2023, laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union;
- the responsibility of the subjects required to provide Cybersecurity services, with respect to the violation of the related compliance obligations;
- data protection;
- the burden of the proof;
- digital evidence;
- elements of cybersecurity and Confidentiality-Integrity-Availability triad;
- symmetric key cryptography elements;
- elements of public key cryptography and digital signature;
- elements of forensic analysis;
- IT and OT architectures;
- security elements in networks and software (IT and OT).
Testi Adottati
Cases and materials will be providedModalità Frequenza
MandatoryModalità Valutazione
Evaluation on students' answers