Facebook pixel
Foto sezione
Logo Bocconi


2019-2020 A.Y.
Master of Science Programs in joint with Politecnico di Milano


The information in this Guide refers only to activities and regulations in place at Bocconi University.
For activities and regulations in place at Politecnico, please check the PoliMi widget available in the yoU@B Diary.

Last change 11/07/2019 15:40

Master of Cyber Risk Strategy and Governance (Cyber) – Joint Program with Politecnico of Milan

Program Director:
Greta Nasi (Bocconi)- Stefano Zanero (PoliMi)

Assistant to the Program Director
Francesco Petracca

Field of study:
Tecniche e metodi per la società dell’informazione (Field of Study LM-91 of the Ministerial Decree March 2007)

Last change 03/09/2019 15:49

Educational objectives

The program is aimed at shaping professionals with the integrated expertise needed to respond to the increase in connectivity, availability of large quantities of data and the digitalization of organizations: these entail both opportunities in terms of ways of generating value, as well as the responsibility to protect the wealth of information available to companies.
It is designed for students having multi-disciplinary backgrounds in computer science, engineering, management and economics with a genuine interest in prevention and response of cyber-risks.

The interdisciplinary focus of the program - that combines elements of computer science with social sciences (including management, economics, finance) as well as analytical methods, law, social engineering, ethics and behavioral skills - allows graduates to interpret the potential challenges related to cyber issues and influence the strategic decisions of businesses and organizations where they will work.

Specifically, the Master of Science in Cyber Risk Strategy and Governance qualifying goals are:

  • to offer a polyhedral preparation with advanced skills that balances technological (computer engineering), managerial and legal knowledge and skills to govern the decision-making process in companies and public or private institutions. Multiple and non-conventional perspectives are used that allow operation in a highly “connected” socio-economic system characterized by the presence of large volumes of data. This means developing a profile that can manage current and future challenges, with a clear vision of the contexts in which we operate, while relating to all levels of an organization's hierarchy in order to influence strategic decisions and implement measures to limit cyber risk and take advantage of the opportunities connected to the wealth of information
  • to develop a profile able to combine solid in-depth multi-disciplinary knowledge of technical cyber issues (computer science and quantitative methods) with competences in social sciences that enable relations with all levels of the hierarchy of any organization to influence strategic decisions and implementation of actions to mitigate the cyber risks;
  • to develop behavioral skills via ad hoc seminars and via in / out of class activities related to courses, namely skills in communication, in interaction, in addressing complex issues;
  • to promote, besides English (language of the program), proficiency in another EU language.
Last change 16/07/2019 17:25

Career opportunities

Cyber Risk Manager


Role in a work setting
Graduates’ role consists in supporting tasks related to cyber risk management at organizational level in order to govern the enterprise risk by designing and implementing ad hoc strategies.

In particular, they will:

  • identify cyber risks in complex organizations;
  • provide advisory services to increase awareness within organizations to both IT and non IT professionals;
  • support the design and maintenance of the organization’s processes and information systems;
  • contribute to setting the cyber policies of an organization to reduce the risk of vulnerability;
  • perform forensic analysis of information systems and data to identify cyber crimes or frauds and their origin;
  • lead data incident responses and data breach notification procedures at enterprise level.

Skills associated with the role
Graduates possess qualified knowledge of strategy, management (social sciences) and law to effectively work in organizations as well as technical skills (computer science and quantitative methods) to face cyber risk situations at enterprise level and help the organization maintain awareness of organization specific security and information technology policies. They are able to measure and assess the degree of cyber vulnerability of organizational processes and enact the proper tools to prevent and manage the risks.

Job opportunities 
Firms, financial institutions, other institutions in public/private sectors as well as consulting companies.


Data Protection and Security Manager

Role in a work setting
Graduates’ role consists in supporting tasks related to data protection, privacy management and compliance in order to govern risks on data. They deal with any data protection matters, issues and incidents and play a key role in fostering a data protection culture within the organization, designing and implementing essential elements of data protection regulations.

Such job profile is explicitly required by data protection regulations in Europe as well as around the world.

In particular graduates will

  • design, advice, manage and maintain procedures’ compliance with data protection laws and policies;
  • conduct data protection and security assessments and develop and execute relevant project plans;
  • manage an awareness-raising program to promote a data privacy and security culture;
  • lead data incident responses and data breach notification procedures relative to data and privacy issues;
  • be the contact point for and cooperate with the relevant Data Protection Authorities when subjects exercise their individual data rights as well as supervise and advise on the response to such requests.

Skills associated with the role
Graduates possess qualified knowledge of computer science, law and management issues, to manage the compliance with data protection and privacy regulations and to help the organization maintain awareness of organization specific data, privacy and security policies.

Job opportunities
Firms, financial institutions, other institutions in public/private sectors as well as consulting companies.

Last change 04/07/2019 17:30

Description of the educational path

The MSc in Cyber Risk Strategy and Governance is held entirely in English and is run in partnership (corso interateneo) by Università Bocconi and Politecnico Milano.
The first part of the program structure (year 1) includes compulsory courses and seminars that are common to all students in the degree program to:

  • strengthen competences in the fields of computer science to set the base for a solid professional development in cyber risks (first semester at Politecnico);
  • enhance the tool kit needed to frame cyber risks, set the appropriate strategies and govern their complexity in organisational environments (second semester at Bocconi).

These semesters are characterized by a multi-disciplinary approach to tackle the key topics of the program.

The second part of the program structure (year 2) includes seminars on ethics and for the development of behavioral skills and elective courses chosen by students to sharpen their professional profile in accordance with the main job profiles. Both Bocconi courses and Politecnico courses can be taken.

Moreover, the program structure includes the following compulsory educational activities:

  • a work experience lasting approximately 3 months (internship or similar activity);
  • one EU language; for non-Italian native speakers: Italian is compulsory; for Italian native speakers: another EU language among those listed in the Foreign language chapter;
  • a thesis, which significantly characterizes the professional portfolio of the student.


Last change 12/07/2019 14:45

Program structure
Program structure for students initially enrolled starting from the 2019/2020 academic year

The program structure is valid for the students initially enrolled in the academic years of reference for this section.

First year of studies


First semester  Politecnico



Educational activity



Introduction to cyber risk (Bocconi)



Software methodologies and architectures for security - module 1: ENTERPRISE ICT ARCHITECTURES (Vedi nota)



Software methodologies and architectures for security - module 2: SOFTWARE ENGINEERING METHODOLOGIES FOR SECURITY (Vedi nota)



Cyber security technologies, procedures and policies



Artificial intelligence for security



Technology risk governance



Second semester Bocconi



Educational activity



Cyber risk and data protection law



Institutional scenarios of cyber risk



Methods and data analytics for risk assessment



Social engineering (Politecnico)



Strategy and governance for cyber risk



Foreign language (lessons only)



Total CP of the first year of studies




• code 20648 ‘Software methodologies and architectures for security - Module 1: Enterprise ICT architectures’ and code 20649 ‘Software methodologies and architectures for security  - Module 2: Software engineering methodologies for security’ are respectively the first and second module of the course code 20647 ‘Software methodologies and architectures for security’.    


Second year of studies

Educational activities


4 elective courses


20159 Behavioural skills seminar (2nd sem Bocconi)


20658 Ethics seminar (1st sem Politecnico)


Foreign language (lessons + exam 1st sem 2nd year)


Internship or similar activities




Total CP of the second year of studies



The courses subdivided in modules are considered passed, and may be recorded in the student academic career and certified, only after passing both exams of which it is made up. The final grade is obtained by the grade point average of the two marks compared to the credits and rounded up if decimals are equal or higher than 5, rounded down if they are lower than 5.

It is furthermore specified that the credit points and the grades earned for the individual modules passed will be taken into account for rankings within the University (e.g. ISU Scholarship, selection for International Programs,etc.) and they can be viewed by printing the unofficial academic transcript at Punto Blu.

In compliance with the educational objectives of the program and the ministerial tables, "Tecniche e metodi per la società dell’informazione", field of study LM-91 of the Ministerial Decree March 2007, the program structure may be subject to slight variations decided by the Academic Bodies.

For detailed information on foreign languages see "Foreign Languages".

Last change 03/09/2019 16:01
Second year of studies

At beginning of their 2nd year, students will be required to choose 4 electives (24 cpu in total) from a pre-defined list of courses offered by Bocconi and PoliMi to allow specialization according to the typical job profiles of the program (Cyber risk manager and Data protection and security manager). 
All students will be allowed to select both Bocconi and/or PoliMi courses. 
Bocconi electives will be roughly delivered in 1st semester while PoliMi electives will be delivered in 2nd semester. 
The list will be wide enough to allow students make real choices and, at the same time, optimize organizational arrangements to fit at best students’ needs. 
The list will include electives taught in Italian as well, in order to offer the chance to deepen/broaden some topics in Italian to students who are interested in. 
The list (together with courses’ profile) will be published in good time before the end of the first year. 
The MSc Program Director will schedule specific office hours to provide students with information about the second year program structure and to discuss their electives. In addition the MSc Program Director is available regularly during office hours to provide more information concerning the program structure.

Office hours are published on the website at www.unibocconi.eu/officehours.

Last change 16/07/2019 09:53