The course makes the learner aware of the complexity of today's socio-economic relationships (dependencies), possible security threats and security management approach. It provides the description of general concepts and relationships among them in order to manage and ensure operational resilience, as well as the domains of an organization’s cyber resilience capabilities.

The goal of risk management (RSKM) is to identify potential problems before they occur so that risk addressing activities can be planned and taken into account throughout the lifecycle of the service or the process on mitigation of adverse effects on the achievement of the business objectives. 

In order to support services, assets such information, technology, and facilities must be made available (accessible) for use. This requires that persons (employees and contractors), objects (systems) and entities (business partners) have sufficient (but not excessive) levels of access to these assets.

The learning unit aims to give an insight of information security in enterprises, underlining its different components. The learning unit will It starts from the common attackers techniques till to the modern "APT" (Advanced Persistent Threats), which are commonly used today in Cybercrime attacks, and which are used to compromise  the integrity of information systems. Together with the attacks techniques, the learning unit will show also the corresponding available countermeasures.

The learning unit deals with the vulnerabilities that affects now systems and organizations. The learner will than know how to relate vulnerability and risks/attacks, considering both technological and human factors, and how to execute a vulnerability assessment and a penetration test. The learning unit aims also to illustrate the changing paradigms of attack from an approach aimed primarily looking for flaws in the technology to one which instead relies on the human factor to undermine the company's perimeter defences. More generally, it addressed the issue of availability of "social" information for attacks supported by techniques of social engineering.

The learning unit aims to explore some security issues arising from the massive spread of the cloud paradigm, smart/mobile, and IoT. These issues not only alongside aspects of technological security, but also "social" issues, as well as phenomena of "consumerization" and the user's habit of insecure behavior. Moreover, the technological evolution dynamic light always new phenomena (biometrics more usable, blockchain for payments and transactions, etc.) and consequently new risks and opportunities. The LU aims to provide a taxonomy of possible threats to the infrastructure, devices and applications, deepening methodological approaches, tools and organizational solutions for proper management of security in these areas.

The purpose of this course is to enable CSOs and security experts to outline a plan for ensuring the resilience of services in the organizational and operational context

The learning unit aims to give an overview of the legal and regulatory aspects of information security. The LU analyze the new data privacy European regulation and its administrative and technological implications in companies, in order to let the learners understand the consequences and the action for their own companies. The data privacy will be analyzed also considering regulations in data transfers. The LU depicts also the regulation on informatics crimes (at European level with some details for Italy), digital forensics and how it can be applied in organizations.

The learning unit deals with the relationship between the information security plan and the information security strategy. The learners will understand what are the drivers of the choices that can be made in an information security strategy and how they have to translate those choices in the information security plan. Moreover the learning unit will show how the information security plan will become a mean to measure the correct implementation of the information security strategy.

The participants will also improve the knowledge and skills necessary  to apply strategic thinking and organisational leadership to exploit the capability of Information Technology to improve the business.