Info
Logo Bocconi

Course 2019-2020 a.y.

20653 - SOCIAL ENGINEERING

CYBER
Cross-institutional study L. Bocconi - Politecnico Milano

Course taught in English

Go to class group/s: 25

CYBER (2 credits - II sem. - OB  |  ING-INF/05)
Course Director:
STEFANO ZANERO

Classes: 25 (II sem.)
Instructors:
Class 25: STEFANO ZANERO


Mission & Content Summary
CONTENT SUMMARY

Social engineering attacks, non-technical and based on fraud and misrepresentation, are one of the main security threats. In this course we will review the basic definition of social engineering, examine examples of attacks and basic techniques employed in them, and review existing organizational and technical countermeasures.


Intended Learning Outcomes (ILO)
KNOWLEDGE AND UNDERSTANDING
At the end of the course student will be able to...

After successful completion of this course students will understand:

  • The threat posed by social engineering attacks
  • The most common attack methodologies
  • Tools and techniques for information gathering
APPLYING KNOWLEDGE AND UNDERSTANDING
At the end of the course student will be able to...

After successful completion of this course students will be able to:

  • Assess the potential risks from social engineering attacks for organizations
  • Demonstrate simple social engineering attacks
  • Use information gathering tools

Teaching methods
  • Face-to-face lectures
  • Guest speaker's talks (in class or in distance)
  • Exercises (exercises, database, software etc.)
  • Case studies /Incidents (traditional, online)
  • Interactive class activities (role playing, business game, simulation, online forum, instant polls)
DETAILS

The learning experience of this course includes, in addition to face-to-face lectures, thought experiments, case discussions, real examples and interactions with guest speakers from different organizations.

During the course, discussions and role playing will take place in class.


Assessment methods
  Continuous assessment Partial exams General exam
  • Written individual exam (traditional/online)
  •     x
  • Active class participation (virtual, attendance)
  • x    
    ATTENDING STUDENTS
    • Interactions in class / roleplay / debate (30% of the final grade) designed to verify the student ability to discuss topics related to the course and to test social engineering scenarios.
    • Final written exam (70% of the final grade), which aims to assess the student’s learning level of theoretical knowledge and the ability to apply it to real scenarios.
    NOT ATTENDING STUDENTS

    Final written exam (100% of the final grade), which aims to assess the student’s learning level of theoretical knowledge and the ability to apply it to real scenarios.


    Teaching materials
    ATTENDING STUDENTS

    Teaching notes, suggested readings

    NOT ATTENDING STUDENTS
    • Teaching notes, suggested readings
    • Textbook: No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing, Johnny Long

     

    Last change 19/07/2019 15:26