Claudia Cevenini is Adjunct Professor of Computer Science and Law at the School of Science of the University of Bologna located in Cesena, and Computer Science Law at the School of Engineering and Architecture, Professor of Computer Science Law and New Technologies Law at the University of Bologna. Principal Investigator of the H2020 Bison project (Big Speech Data analytics for Contact Centers) of the legal and ethics aspects for the treatment of personal data at the Department of Computer Science – School of Engineering, University of Bologna. Innovation Expert, Ethics Expert, Evaluator, monitor and Rapporteur for the European Commission (DG CNET, DG RTD, REA, ERCEA). She is author of more than seventy publications appeared in monograph, journals and international conferences and has collaborated in several European and national projects for the computer science area and new technologies law. She is Postgraduate Researcher of Computer Science Law and Law of Computer Science; Consultant of innovative start-up of Rete Alta Tecnologia of Emilia Romagna and Technical advisor of the Court of Bologna. She speaks English, German, French and Spanish.
In this course, we discuss on one hand how cybercriminals actually operate, and on the other hand the legal framework that underpins the regulatory and privacy aspects that managers have to be aware of.
In the first part, we will start discussing the technical attack vectors (XSS, SQL Injections, XSRF, drive-by download) and how these vectors are embodied in complex attacks (malware, spyware, ransomware, botnets) Then, we will see how these attacks are used in the cybercrime economy (spam, phishing, infections and money laundering), and we will touch on the economic aspects of cyber criminality, and on the markets of cybercrime as a service. Finally, we will discuss attacks sophistication, state-sponsored attacks and the emergence of a grey-market. We will make use of case-studies (e.g., Hacking Team, Stuxnet, Flame, etc).
In the second part, we will discuss the national, European and international legal framework on privacy and the protection of personal data. Particular attention will be devoted to the EU General Data Protection Regulation – which will become applicable as of May 2018 - and on the EU-US-Privacy Shield, in consideration of the relevance of the transfer of personal data to the United States. The rules will be examined in the light of roles and responsibilities of Digital Technology Managers, who have to make crucial technical and organizational choices on security and data protection, such as in the selection of cloud service providers.
Then we will touch on other legal aspects of interest for the managers of IT- and IT-based companies, such as Intellectual Property Rights, IT contracts, administrative and criminal responsibility for cybercrimes.