GUIDES TO THE UNIVERSITY

The information in this Guide refers only to activities and regulations in place at Bocconi University.
For activities and regulations in place at Politecnico, please check the PoliMi widget available in the yoU@B Diary.

Program Director:
Greta Nasi (Bocconi)- Stefano Zanero (PoliMi)

Assistant to the Program Director
Alexander Hiedemann

Field of study:
Tecniche e metodi per la società dell’informazione (Field of Study LM-91 of the Ministerial Decree March 2007)

The program is aimed at shaping professionals with the integrated expertise needed to respond to the increase in connectivity, availability of large quantities of data and the digitalization of organizations: these entail both opportunities in terms of ways of generating value, as well as the responsibility to protect the wealth of information available to companies.
It is designed for students having multi-disciplinary backgrounds in computer science, engineering, management and economics with a genuine interest in prevention and response of cyber-risks.

The interdisciplinary focus of the program - that combines elements of computer science with social sciences (including management, economics, finance) as well as analytical methods, law, social engineering, ethics and behavioral skills - allows graduates to interpret the potential challenges related to cyber issues and influence the strategic decisions of businesses and organizations where they will work.

Specifically, the Master of Science in Cyber Risk Strategy and Governance qualifying goals are:

• to offer a polyhedral preparation with advanced skills that balances technological (computer engineering), managerial and legal knowledge and skills to govern the decision-making process in companies and public or private institutions. Multiple and non-conventional perspectives are used that allow operation in a highly “connected” socio-economic system characterized by the presence of large volumes of data. This means developing a profile that can manage current and future challenges, with a clear vision of the contexts in which we operate, while relating to all levels of an organization's hierarchy in order to influence strategic decisions and implement measures to limit cyber risk and take advantage of the opportunities connected to the wealth of information
• to develop a profile able to combine solid in-depth multi-disciplinary knowledge of technical cyber issues (computer science and quantitative methods) with competences in social sciences that enable relations with all levels of the hierarchy of any organization to influence strategic decisions and implementation of actions to mitigate the cyber risks;
• to develop behavioral skills via ad hoc seminars and via in / out of class activities related to courses, namely skills in communication, in interaction, in addressing complex issues;
• to promote, besides English (language of the program), proficiency in another EU language.

Cyber Risk Manager

Role in a work setting
Graduates’ role consists in supporting tasks related to cyber risk management at organizational level in order to govern the enterprise risk by designing and implementing ad hoc strategies.

In particular, they will:

• identify cyber risks in complex organizations;
• provide advisory services to increase awareness within organizations to both IT and non IT professionals;
• support the design and maintenance of the organization’s processes and information systems;
• contribute to setting the cyber policies of an organization to reduce the risk of vulnerability;
• perform forensic analysis of information systems and data to identify cyber crimes or frauds and their origin;
• lead data incident responses and data breach notification procedures at enterprise level.

Skills associated with the role
Graduates possess qualified knowledge of strategy, management (social sciences) and law to effectively work in organizations as well as technical skills (computer science and quantitative methods) to face cyber risk situations at enterprise level and help the organization maintain awareness of organization specific security and information technology policies. They are able to measure and assess the degree of cyber vulnerability of organizational processes and enact the proper tools to prevent and manage the risks.

Job opportunities 
Firms, financial institutions, other institutions in public/private sectors as well as consulting companies.

Data Protection and Security Manager

Role in a work setting
Graduates’ role consists in supporting tasks related to data protection, privacy management and compliance in order to govern risks on data. They deal with any data protection matters, issues and incidents and play a key role in fostering a data protection culture within the organization, designing and implementing essential elements of data protection regulations.

Such job profile is explicitly required by data protection regulations in Europe as well as around the world.

In particular graduates will

• design, advice, manage and maintain procedures’ compliance with data protection laws and policies;
• conduct data protection and security assessments and develop and execute relevant project plans;
• manage an awareness-raising program to promote a data privacy and security culture;
• lead data incident responses and data breach notification procedures relative to data and privacy issues;
• be the contact point for and cooperate with the relevant Data Protection Authorities when subjects exercise their individual data rights as well as supervise and advise on the response to such requests.

Skills associated with the role
Graduates possess qualified knowledge of computer science, law and management issues, to manage the compliance with data protection and privacy regulations and to help the organization maintain awareness of organization specific data, privacy and security policies.

Job opportunities
Firms, financial institutions, other institutions in public/private sectors as well as consulting companies.

The MSc in Cyber Risk Strategy and Governance is held entirely in English and is run in partnership (corso interateneo) by Università Bocconi and Politecnico Milano.
The first part of the program structure (year 1) includes compulsory courses and seminars that are common to all students in the degree program to:

• strengthen competences in the fields of computer science to set the base for a solid professional development in cyber risks (first semester at Politecnico);
• enhance the tool kit needed to frame cyber risks, set the appropriate strategies and govern their complexity in organisational environments (second semester at Bocconi).

These semesters are characterized by a multi-disciplinary approach to tackle the key topics of the program.

The second part of the program structure (year 2) includes seminars on ethics and for the development of behavioral skills and elective courses chosen by students to sharpen their professional profile in accordance with the main job profiles. Both Bocconi courses and Politecnico courses can be taken.

Moreover, the program structure includes the following compulsory educational activities:

• a work experience lasting approximately 3 months (internship or similar activity);
• one EU language; for non-Italian native speakers: Italian is compulsory; for Italian native speakers: another EU language among those listed in the Foreign language chapter;
• a thesis, which significantly characterizes the professional portfolio of the student.

The program structure is valid for the students initially enrolled in the academic years of reference for this section.

First year of studies

(*Attendance is compulsory)

NOTA:

• code 20648 ‘Software methodologies and architectures for security - Module 1: Enterprise ICT architectures’ and code 20649 ‘Software methodologies and architectures for security  - Module 2: Software engineering methodologies for security’ are respectively the first and second module of the course code 20647 ‘Software methodologies and architectures for security’.    

Second year of studies

*For further information, see chapter 4.1 Curricular Internship: Extraordinary measures for students enrolled in the second year of a program in the 2021-2022 academic year.

The courses subdivided in modules are considered passed, and may be recorded in the student academic career and certified, only after passing both exams of which it is made up. The final grade is obtained by the grade point average of the two marks compared to the credits and rounded up if decimals are equal or higher than 5, rounded down if they are lower than 5.

It is furthermore specified that the credit points and the grades earned for the individual modules passed will be taken into account for rankings within the University (e.g. ISU Scholarship, selection for International Programs,etc.) and they can be viewed by printing the unofficial academic transcript at Punto Blu.

In compliance with the educational objectives of the program and the ministerial tables, "Tecniche e metodi per la società dell’informazione", field of study LM-91 of the Ministerial Decree March 2007, the program structure may be subject to slight variations decided by the Academic Bodies.

For detailed information on foreign languages see "Foreign Languages".

During the second year, students choose 4 elective courses which correspond to the 24 credit points regarding the activities chosen by the student.

The MSc Program Director is available during office hours to provide more information concerning the program structure. Office hours are published on the website at www.unibocconi.eu/officehours.

The program structure for the second year includes:

a) 1 course chosen from among the following (offered at Bocconi):

b) 1 course chosen from among the following (offered at PoliMi):
 

c) at least  2 courses chosen from among the following, not including those chosen in points a) and b):
 

*offered at Bocconi
**offered at PoliMi