Guides to the university

2021-2022 A.Y.

Master of Science Programs in joint with Politecnico di Milano



2. PROGRAM STRUCTURE

The information in this Guide refers only to activities and regulations in place at Bocconi University.
For activities and regulations in place at Politecnico, please check the PoliMi widget available in the yoU@B Diary.


Last change 01/06/2021 08:00


2.1. Master of Cyber Risk Strategy and Governance (Cyber) - Joint Program with Politecnico of Milan

Program Director:
Greta Nasi (Bocconi)- Stefano Zanero (PoliMi)

Assistant to the Program Director
Alexander Hiedemann

Field of study:
Tecniche e metodi per la società dell’informazione (Field of Study LM-91 of the Ministerial Decree March 2007)


Last change 01/06/2021 08:00


2.1.1. Educational objectives

The program is aimed at shaping professionals with the integrated expertise needed to respond to the increase in connectivity, availability of large quantities of data and the digitalization of organizations: these entail both opportunities in terms of ways of generating value, as well as the responsibility to protect the wealth of information available to companies.
It is designed for students having multi-disciplinary backgrounds in computer science, engineering, management and economics with a genuine interest in prevention and response of cyber-risks.

The interdisciplinary focus of the program - that combines elements of computer science with social sciences (including management, economics, finance) as well as analytical methods, law, social engineering, ethics and behavioral skills - allows graduates to interpret the potential challenges related to cyber issues and influence the strategic decisions of businesses and organizations where they will work.

Specifically, the Master of Science in Cyber Risk Strategy and Governance qualifying goals are:

  • to offer a polyhedral preparation with advanced skills that balances technological (computer engineering), managerial and legal knowledge and skills to govern the decision-making process in companies and public or private institutions. Multiple and non-conventional perspectives are used that allow operation in a highly “connected” socio-economic system characterized by the presence of large volumes of data. This means developing a profile that can manage current and future challenges, with a clear vision of the contexts in which we operate, while relating to all levels of an organization's hierarchy in order to influence strategic decisions and implement measures to limit cyber risk and take advantage of the opportunities connected to the wealth of information
  • to develop a profile able to combine solid in-depth multi-disciplinary knowledge of technical cyber issues (computer science and quantitative methods) with competences in social sciences that enable relations with all levels of the hierarchy of any organization to influence strategic decisions and implementation of actions to mitigate the cyber risks;
  • to develop behavioral skills via ad hoc seminars and via in / out of class activities related to courses, namely skills in communication, in interaction, in addressing complex issues;
  • to promote, besides English (language of the program), proficiency in another EU language.

Last change 30/06/2021 16:19


2.1.2. Career opportunities

Cyber Risk Manager

 

Role in a work setting
Graduates’ role consists in supporting tasks related to cyber risk management at organizational level in order to govern the enterprise risk by designing and implementing ad hoc strategies.

In particular, they will:

  • identify cyber risks in complex organizations;
  • provide advisory services to increase awareness within organizations to both IT and non IT professionals;
  • support the design and maintenance of the organization’s processes and information systems;
  • contribute to setting the cyber policies of an organization to reduce the risk of vulnerability;
  • perform forensic analysis of information systems and data to identify cyber crimes or frauds and their origin;
  • lead data incident responses and data breach notification procedures at enterprise level.

Skills associated with the role
Graduates possess qualified knowledge of strategy, management (social sciences) and law to effectively work in organizations as well as technical skills (computer science and quantitative methods) to face cyber risk situations at enterprise level and help the organization maintain awareness of organization specific security and information technology policies. They are able to measure and assess the degree of cyber vulnerability of organizational processes and enact the proper tools to prevent and manage the risks.

Job opportunities 
Firms, financial institutions, other institutions in public/private sectors as well as consulting companies.

 

Data Protection and Security Manager

Role in a work setting
Graduates’ role consists in supporting tasks related to data protection, privacy management and compliance in order to govern risks on data. They deal with any data protection matters, issues and incidents and play a key role in fostering a data protection culture within the organization, designing and implementing essential elements of data protection regulations.

Such job profile is explicitly required by data protection regulations in Europe as well as around the world.

In particular graduates will

  • design, advice, manage and maintain procedures’ compliance with data protection laws and policies;
  • conduct data protection and security assessments and develop and execute relevant project plans;
  • manage an awareness-raising program to promote a data privacy and security culture;
  • lead data incident responses and data breach notification procedures relative to data and privacy issues;
  • be the contact point for and cooperate with the relevant Data Protection Authorities when subjects exercise their individual data rights as well as supervise and advise on the response to such requests.

Skills associated with the role
Graduates possess qualified knowledge of computer science, law and management issues, to manage the compliance with data protection and privacy regulations and to help the organization maintain awareness of organization specific data, privacy and security policies.

Job opportunities
Firms, financial institutions, other institutions in public/private sectors as well as consulting companies.


Last change 01/06/2021 08:00


2.1.3. Description of the educational path

The MSc in Cyber Risk Strategy and Governance is held entirely in English and is run in partnership (corso interateneo) by Università Bocconi and Politecnico Milano.
The first part of the program structure (year 1) includes compulsory courses and seminars that are common to all students in the degree program to:

  • strengthen competences in the fields of computer science to set the base for a solid professional development in cyber risks (first semester at Politecnico);
  • enhance the tool kit needed to frame cyber risks, set the appropriate strategies and govern their complexity in organisational environments (second semester at Bocconi).

These semesters are characterized by a multi-disciplinary approach to tackle the key topics of the program.

The second part of the program structure (year 2) includes seminars on ethics and for the development of behavioral skills and elective courses chosen by students to sharpen their professional profile in accordance with the main job profiles. Both Bocconi courses and Politecnico courses can be taken.

Moreover, the program structure includes the following compulsory educational activities:

  • a work experience lasting approximately 3 months (internship or similar activity);
  • one EU language; for non-Italian native speakers: Italian is compulsory; for Italian native speakers: another EU language among those listed in the Foreign language chapter;
  • a thesis, which significantly characterizes the professional portfolio of the student.

 


Last change 01/06/2021 08:00


2.1.4. Program structure

2.1.4.1. Program structure for students initially enrolled starting from the 2020/2021 academic year

The program structure is valid for the students initially enrolled in the academic years of reference for this section.


First year of studies

 

First semester  Politecnico

 

Code
 

Educational activity

CP

20646

Introduction to cyber risk (Bocconi) *

2

20648

Software methodologies and architectures for security - module 1: ENTERPRISE ICT ARCHITECTURES (Vedi nota)

6

20649

Software methodologies and architectures for security - module 2: SOFTWARE ENGINEERING METHODOLOGIES FOR SECURITY (Vedi nota)

6

20650

Cyber security technologies, procedures and policies

6

20651

Artificial intelligence for security

6

20652

Technology risk governance

5

 

Second semester Bocconi

 

Code
 

Educational activity

CP

20655

Cyber risk and data protection law

6

20657

Institutional scenarios of cyber risk

8

20656

Methods and data analytics for risk assessment

7

20653

Social engineering (Politecnico)*

2

20654

Strategy and governance for cyber risk

8

 

Foreign language (lessons only)

 

 

Total CP of the first year of studies

62

(*Attendance is compulsory)

NOTA:

• code 20648 ‘Software methodologies and architectures for security - Module 1: Enterprise ICT architectures’ and code 20649 ‘Software methodologies and architectures for security  - Module 2: Software engineering methodologies for security’ are respectively the first and second module of the course code 20647 ‘Software methodologies and architectures for security’.    

 

Second year of studies

Educational activities

Cp

4 elective courses

24

20159 Behavioural skills seminar (2nd sem Bocconi)

 2

20658 Ethics seminar (1st sem Politecnico)

 2

Foreign language (lessons + exam 1st sem 2nd year)

 4

Internship or similar activities*

 8

thesis

18

Total CP of the second year of studies

58

*For further information, see chapter 4.1 Curricular Internship: Extraordinary measures for students enrolled in the second year of a program in the 2021-2022 academic year.

The courses subdivided in modules are considered passed, and may be recorded in the student academic career and certified, only after passing both exams of which it is made up. The final grade is obtained by the grade point average of the two marks compared to the credits and rounded up if decimals are equal or higher than 5, rounded down if they are lower than 5.

It is furthermore specified that the credit points and the grades earned for the individual modules passed will be taken into account for rankings within the University (e.g. ISU Scholarship, selection for International Programs,etc.) and they can be viewed by printing the unofficial academic transcript at Punto Blu.


In compliance with the educational objectives of the program and the ministerial tables, "Tecniche e metodi per la società dell’informazione", field of study LM-91 of the Ministerial Decree March 2007, the program structure may be subject to slight variations decided by the Academic Bodies.

For detailed information on foreign languages see "Foreign Languages".


Last change 23/07/2021 15:56


2.1.4.2. Second year of studies

During the second year, students choose 4 elective courses which correspond to the 24 credit points regarding the activities chosen by the student.

The MSc Program Director is available during office hours to provide more information concerning the program structure. Office hours are published on the website at www.unibocconi.eu/officehours.


The program structure for the second year includes:

a) 1 course chosen from among the following (offered at Bocconi):

 

Code

Educational activity

Language of
instruction

Semester

Cp    

20576

Bank and fintech: vision and strategy

ENG

I

6

20729

Blockchain and crypto assets

ENG

I

6

20563

Fraud detection and risk assessment

ENG

I

6

50247

Internet law

ENG

I

6

20346

Operations management lab

ENG

I

6

20273

Public management for competitiveness

ENG

I

6

20764

State competition and conflicts in the cyber space 

ENG

I

6

 

b) 1 course chosen from among the following (offered at PoliMi):
 

Code

Educational activity

Language of
instruction

Semester

CP

20752

Algorithmic game theory

ENG

II

6

20732

Computing infrastructures

ENG

II

6

20731

Digital forensics and cybercrime

ENG

II

6

20751

Online learning applications

ENG

II

6

20727

Resilience of critical infrastructures

ENG

II

6

 

 

c) at least  2 courses chosen from among the following, not including those chosen in points a) and b):
 

Code

Educational activity

Language of
instruction

Semester

CP

20752

Algorithmic game theory

ENG

II

6

20576

Bank and fintech: vision and strategy

ENG

I

6

20729

Blockchain and crypto assets

ENG

I

6

20425

Business process management and
modelling*

ENG

I

6

20732

Computing infrastructures

ENG

II

6

20731

Digital forensics and cybercrime

ENG

II

6

20563

Fraud detection and risk assessment

ENG

I

6

50247

Internet law

ENG

I

6

20735

Internet of things**

ENG

II

6

20751

Online learning applications

ENG

II

6

20346

Operations management lab

ENG

I

6

20273

Public management for competitiveness

ENG

I

6

20727

Resilience of critical infrastructures

ENG

II

6

20764

State competition and conflicts in the cyber space

ENG

I

6

*offered at Bocconi
**offered at PoliMi

 


Last change 12/07/2021 11:00




BACK