Master in Software system security

The educational path of the master's degree course in "Software system security" is aimed to develop graduates having broad and deepened theoretical, methodological, experimental and applicative knowledge in the key areas of information security. More in detail, the graduate in "Software system security" will be able to address, at the proper abstraction level, IT-security problems by exploiting all the main tools provided by informatics-related disciplines (this goals are achieved through the informatics teachings). The graduate will acquire knowledge and skills about the available methods and technological tools required to manage the whole life-cycle of a secure information system, from design to implementation, testing and maintenance (these goals are achieved through the informatics teachings). Besides the methodological and technological knowledge concerning security, the graduate in "Software system security" will also develop specific knowledge about the legal aspects related to secure processing of classified digital data, as well as about storage and transmission of sensitive data (these goals are achieved through the legal teachings). Moreover, the graduate will be able to apply modern technologies and methods to the aim of conducting investigations about informatics-related violations and crimes, as well as evaluating the security level of a software system and eventually improving it by proposing the adoption of the most suited technological innovations available to constantly increase the security of information systems. In these scenarios, the graduate will not only be capable to adapt the solutions described in literature to a specific application field, but also to provide novel approaches eventually applicable to other contexts (these goals are achieved through the informatics and legal teachings). Finally, the graduate will develop the ability to work independently, with good executive, communication and managerial skills when coordinating or interacting with work teams featuring persons with different roles, expertise and culture in local or international contexts (these goals are achieved through the social sciences and economics teachings). Within most classes, the development of a project soliciting the student to explore and use the latest IT tools available to approach a given problem is a typical requirement. It is also expected and encouraged the participation of local enterprises to the aforementioned projects to give the student the chance of experiencing a real working environment. The educational path ends with the development of a Master's degree thesis. The thesis work can be carried out at the University or (upon an agreement) either in national or foreign enterprises and it will be presented and discussed during the final examination for the attainment of the Master's degree. The Master's degree thesis is a document (written in Italian or English) organized according to the typical guidelines of a scientific paper, realized by the student under the supervision of a mentor, concerning a novel scientific experience pertaining the topics of information security. The specific characterization of the educational path provides the knowledge and skills required to develop professional figures appealing for enterprises producing IT systems and networks as well as for any other kind of enterprises, administrations and organizations using or depending from secure information systems. The educational path also provides all the competencies required to access to further levels of education such as PhDs, masters, specializations, etc.

Area of Legal Informatics

Knowledge and comprehension

The knowledge and the skills that will be provided in this area have fundamental relevance for the formation of IT-security manager able not only to design secure software systems and to evaluating the security level of a complex software system, but also to exploit information technologies for processing and managing of sensitive data, according to the current regulations. More in detail, the educational path of the master's degree course in "Software system security" aims to provide the student with:

• knowledge and comprehension of the relationship between information technologies and jurisprudence;
• knowledge and comprehension of the current regulations concerning the usage of information technologies
• knowledge and comprehension of the modalities of investigations allowed by the Italian juridical system;
• knowledge and comprehension of the general principles regulating the matter of data processing, with particular regard to the rules concerning techniques and methods for acquiring, storing, processing and delivering digital data found in various types of computers and digital streams to the aim of using them in trials.

Applying knowledge and understanding

 Thanks to the knowledge and skills developed, the student will be able to:

• apply proper information technologies while respecting current regulations in matter;
• carry out a computer investigation or a defensive investigation in the field of computer crimes or common crimes whose evidences are digital data or are transmitted via information systems;
• deal with sensitive data according to the current regulations in matter.

Area of Social sciences and economics

Knowledge and comprehension

 The educational path of the master's degree course in "Software system security" is aimed at developing managers able to coordinate design, development, testing and maintenance of complex software systems, with particular regard to security. Knowledge and comprehension provided in this field will contribute to the student's managerial education indeed. More specifically, the educational path of the master's degree course in "Software system security" will provide:

• knowledge and comprehension of socio-economics contexts affecting organizations' operation;
• knowledge and comprehension of methods for strategical planning and business-plan writing;
• knowledge about the main aspects concerning team-work related organization, dynamics, communication processes, decisional processes, negotiation and conflict-resolution:
• knowledge and comprehension of methods and techniques for data analysis.

Applying knowledge and understanding

Thanks to the knowledge and skills developed, the student will be able to:

• effectively analyze the socio-economics contexts affecting organizations' operation, with particular regard to communication processes in their different forms and levels, from the theoretical, methodological and applicative point of view;
• analyze both the individual and group behavior, the range of effectiveness of working teams also considering the roles and the leadership;
• evaluate team performance;
• understand the competitive environment in which the enterprise operates and to identify the available resources to successfully face the challenges;
• define and write a business-plan, from the definition of mission and strategic goals to the organization of economic and financial plan;
• effectively managing work teams including people featuring different roles, expertise and culture in local or international contexts;
• analyze data from different sources to provide the management with the right information for decision-making and strategic planning.

Area of Informatics

Knowledge and comprehension

Knowledge and skills that will be provided in this area represent the core of the whole educational path. Graduates of the master's degree course in "Software system security" will be able to design, develop, evaluate and manage secure software systems. The educational path is therefore aimed to provide:

• knowledge and comprehension of IT security with regard to all known main problems and solutions;
• knowledge and comprehension of mathematical methods behind information technologies for data encryption;
• knowledge and comprehension of complex software systems development methods, with particular regard to security and software project management;
• knowledge and comprehension of main optimization models for the development of complex and secure software systems;
• knowledge and comprehension of service-oriented architecture and/or cloud computing;
• knowledge and comprehension of main methods for ensuring security in service-oriented architecture and/or cloud computing;
• knowledge and comprehension of hardware and software technologies related to computer investigations of defensive investigations;
• knowledge and comprehension of data recovery methods;
• knowledge and comprehension of methods and techniques for vulnerability detection and addressing in complex software systems;
• knowledge and comprehension of methods and techniques for biometrics based person authentication and identification;
• knowledge and comprehension of business intelligence methods for facing computer security challenges and computer crimes.

Applying knowledge and understanding

Thanks to the knowledge and skills developed, the student will be able to:

• manage security issues related to complex software systems and to deliver solutions to these problems;
• understand the mathematical models behind data encryption to assessing strength and weakness points;
• coordinate the development and the maintenance of a complex software system;
• apply optimization models to improve the effectiveness and the efficiency of development process and evolutionary process of a software system;
• design service-oriented software architectures and cloud-computing architectures;
• carry out computer investigations or defensive investigations by means of the most advanced hardware and software technologies;
• evaluate and compare hardware and software technologies for computer investigations or defensive investigations;
• recover data from computer or mobile devices;
• detect and address vulnerabilities in complex software systems;
• develop robust and secure software solutions;
• design and develop biometrics based authentication/identification software modules;
• exploit business intelligence techniques for facing computer-security challenges and computer crimes.

Making judgements 

Skills to be achieved

Graduates of the master's degree course in "Software system security" will be able to working in complete autonomy to understand and manage the innovation requirements of enterprises and public administrations in the context of organization processes, also proposing secure ICT solutions. She/he will be therefore able to analyze, assess and suggest proper innovative solutions targeted to the continuous improvement of organization efficiency and effectiveness. By the end of the educational path, the graduate will be able to:

• analyze problems in different applicative contexts, with particular regard to software and information systems security, designing and formally defining effective and efficient resolution strategies;
• plan the data gathering most suited for the proposed objectives, fully understanding the information collected to the aim of inferring judgements based on quantitative and objective analysis;
• evaluate quality and cost/benefit ratio of proposed solutions in the light of objectives and other possible approaches;
• work with an ample degree of autonomy;
• coordinate the development of secure and complex information systems;
• coordinate small work-teams eventually composed by subjects with different cultures and skilled in different disciplines and at different levels;

The graduate will be also aware of the social, ethical and juridical responsibilities related to her/his profession.

Teaching methods

The development of above mentioned skills will be achieved through different activities:

• participation to workgroups for the development of information systems and the analysis of existing information systems in the context of projects related to specific teachings;
• analysis of case studies in the course of exercise or laboratory activities;
• composition writing;
• thesis elaboration.

Verification methods

 Verification of achievement of judgement autonomy is performed through the evaluation of written and oral examinations results as well as through the evaluation of project activity documentation produced in the course of both teachings and the final examination.

Communication skills 

Skills to be achieved

Graduates of the master's degree course in "Software system security" will be able to synthesize and communicate the conclusions and the results of conducted analysis in a clear and effective way by using the language (English) most diffused in international reference working contexts, also taking advantage of the most up-to-date informatics tools. The graduate will also be able to purposefully exploit the mathematics, statistics and economics languages to the aim of analyzing, processing and presenting data. More in detail, the graduate will be able to:

• communicate knowledge, ideas, problems, solutions and the related rationale in a clear and effective way also taking advantage of informatics tools, adapting the expressive modalities to the cultural and professional characteristics of the recipients;
• communicate with technics and experts in Italian or English language, mastering the technical slang;
• work in multi-disciplinary and multi-cultural teams with adequate relational and decisional capabilities;
• reporting about the work done;

Teaching methods

The development of above mentioned skills will be achieved through different activities:

• interviews and report writing as well as classroom conversation coordinated by the lecturer;
• participation to workgroups for the development of information systems and the analysis of existing information systems in the context of projects related to specific teachings;
• writing of compositions;
• seminars on advanced topics;
• studying from English language text and sources and participation to international programs;
• elaboration and discussion of thesis work.

Verification methods

Verification of achievement of communication skills is performed both through oral examinations required from most teachings and through the presentation of either individual or group made compositions. The final examination, discussed before a committee, represents a further occasion for testing aforementioned skills.

Lifelong learning skills

Skills to be achieved

Graduates of the master's degree course in "Software system security" will be able to study in autonomy, by effectively integrating the acquired knowledge. The graduate will therefore be able to keep his/her competencies updated in a field characterized by a continuous evolution, to learn challenges in new applicative fields, to successfully undertake highest level education courses (PhD or second-level master degree) and to undertake a managerial career requiring an advanced updating and autonomy degree. More in detail the graduate will be able to:

• design and fulfill a customized study plan;
• articulate her/his vision in a discriminating and systematic way;
• design and develop an independent research activity under the supervision of a mentor;
• identify, select and collect information by proper use of scientific literature.

Teaching methods

The development of above mentioned skills will be achieved throughout the courses and particularly during the preparation of the final examination requiring a significant reworking and deepening of acquired knowledge.

Verification methods

Verification of achievement of learning skills is performed throughout a continuous assessment taking place during the formative activities as well as during the supervised development of projects and the final examination. This last exam will give the opportunity to verify the student's ability to autonomously deepen a topic.

Consultant for the design of secure software systems and risk management

Typical assignments

They operate in the vast field of IT consulting targeted to management of information systems and corporate management. Their competencies combine a deep knowledge about information technologies to good project management capability, knowledge about information security and related regulatory and legal topics, as well as knowledge about main technological trends in data privacy and risk analysis. They can propose solutions aimed at providing a global security strategy suited to the specific needs of a given information system. They also provide support in the implementation of these solutions and in defining organizational procedures to maximize the effectiveness of security approaches.

Skills related to role

They are IT pros specialized in methods and technologies for secure information systems with inter-disciplinary knowledge and management skills crucial to handle not only the more technical aspects but also other information systems management issues, market positioning, business and corporate strategies in the vast field of IT.

Employment opportunities

These professional figures are typically employed in the context of highly specialized consulting for enterprise and public administration, where they support both the executive and the information systems management, committed to manage projects or taking part to strategic planning requiring not only technical knowledge but also management, legal and inter-disciplinary skills. More in detail, the main employment opportunities are:

• large software-development enterprises (consulting role for the direction of complex and critical projects);
• micro-enterprises and small enterprises targeted at software development;
• enterprises providing IT-consulting services;
• enterprises, bodies and institutions, both public and private, needing to develop secure information systems;
• SMEs providing IT-consulting services to end customers;
• enterprises providing services of professional training and education;
• public bodies;
• professional activity as IT consultant.

Designer of highly secure information systems

Typical assignments

Experts on advanced IT security issues related to both reliable software development and complex dynamics management in the context of software design. These professional figures typically deal with technical aspects involving an extremely deep understanding of technologies, enterprise processes concerning complex systems management and resource planning. They are required whenever there is a need for analyzing critical technological scenarios and for applying specific technologies for systems optimization.

Skills related to role

These professional figures are specialized in secure software development since they have deepened all the salient aspects of relevant innovations. Their skills cover all the main fields of information security including secure programming by using advanced methods of static and dynamic analysis of source code, malicious software analysis, service oriented architectures design, advanced cryptography, advanced protection techniques (biometry).

Employment opportunities

The sound background in the programming of reliable systems and complex enterprise management represent a valuable asset for roles in public and private working context where critical software systems and secure systems have to be designed, implemented and tested. More in detail, highly specialized positions could be performed in:

• large software development enterprises (design, development, testing, maintenance)
• enterprise, bodies and administrations, both public and private, which develop and manage critical information systems with particular regard to system vulnerability and data protection;
• enterprises providing online contents and service (distributed systems and cloud-based systems).

Project manager for information systems

Typical assignments

Specialists in web services and information systems design featuring advanced requirements of security and secure data management in public and enterprise contexts. Typical responsibilities of these experts include project articulation in work-packages, tasks and milestones, task and technical personnel supervision, budget management, tools and resources selection, suppliers and consultant management and deadlines management.

Skills related to role

These professional figures possess technical, managerial and inter-disciplinary skills necessary to steer and organize complex activities in terms of both technical and managerial challenges. Thanks to a technical-scientific knowledge, these figures have cross-competencies including project management capabilities, economics, legal and risk management understanding in the context of critical software systems.

Employment opportunities

The role of project manager is mainly required in enterprises providing information services or as project advisor for customer enterprise, where there is a need for coordinating the software development team by optimally planning all the project steps, also providing feedback on the technologies required to realize software applications featuring high levels of reliability and security.