Sandro
Etalle

In this course, we discuss on one hand how cybercriminals actually operate, and on the other hand the legal framework that underpins the regulatory and privacy aspects that managers have to be aware of.

In the first part, we will start discussing the technical attack vectors (XSS, SQL Injections, XSRF, drive-by download) and how these vectors are embodied in complex attacks (malware, spyware, ransomware, botnets) Then, we will see how these attacks are used in the cybercrime economy (spam, phishing, infections and money laundering), and we will touch on the economic aspects of cyber criminality, and on the markets of cybercrime as a service. Finally, we will discuss attacks sophistication, state-sponsored attacks and the emergence of a grey-market. We will make use of case-studies (e.g., Hacking Team, Stuxnet, Flame, etc).

In the second part, we will discuss the national, European and international legal framework on privacy and the protection of personal data. Particular attention will be devoted to the EU General Data Protection Regulation – which will become applicable as of May 2018 – and on the EU-US-Privacy Shield, in consideration of the relevance of the transfer of personal data to the United States. The rules will be examined in the light of roles and responsibilities of Digital Technology Managers, who have to make crucial technical and organizational choices on security and data protection, such as in the selection of cloud service providers.
Then we will touch on other legal aspects of interest for the managers of IT- and IT-based companies, such as Intellectual Property Rights, IT contracts, administrative and criminal responsibility for cybercrimes.