Data Protection and Security Assessment/Audit: Case Study of Cloud Computing

Full course description

The course deepens the legal-theoretical background, the methodologies and the standards for
privacy, data protection and cybersecurity assessments/audit activities, contextualizing and explaining
their usefulness for specific cases. Cloud computing will be used as complex scenario to practise the
relevant assessment/audit skills. The course explains different cloud models, privacy and regulatory
issues to consider with cloud computing, how to risk assess the cloud with respect to the protection
of personal data, the managing of security threads in the cloud, the selections of cloud vendor based
on the “privacy levels” that they offer. More precisely, the students are also introduced to principles
and practice of cybersecurity auditing in cloud environments through auditing frameworks, standards
and technical measures, including vulnerability testing and penetration testing. The course finishes
with a hands-on exercise in which students conduct a mock personal data protection on security audit
on a service provided by a cloud service provider.