Cybersecurity Management in Businesses
A.Y. 2025/2026
Learning objectives
The aim of the course is to provide the theoretical and practical tools for designing an Enterprise Security Risk Management (ESRM) system.
ESRM is becoming increasingly important in public and private companies to address the increasing frequency of crises and events of various nature (geopolitical, social, criminal, natural, etc.), which jeopardize the safety of people and the corporate value (economic, financial, social, and reputational). The ability to design an effective Corporate Security Risk Management System, to understand the opportunities of technological, regulatory, and organizational developments, and to integrate ESRM into corporate strategies and culture are key skills both for those who wish to pursue a professional career in security and resilience and for those pursuing different career paths.
ESRM is becoming increasingly important in public and private companies to address the increasing frequency of crises and events of various nature (geopolitical, social, criminal, natural, etc.), which jeopardize the safety of people and the corporate value (economic, financial, social, and reputational). The ability to design an effective Corporate Security Risk Management System, to understand the opportunities of technological, regulatory, and organizational developments, and to integrate ESRM into corporate strategies and culture are key skills both for those who wish to pursue a professional career in security and resilience and for those pursuing different career paths.
Expected learning outcomes
Upon completion of the course, students will be able to:
a) Design a Corporate Security Risk Management System using a methodology based on the ISO 31000 Guidelines;
b) Identify trends and weak signals relevant to Corporate Security risks;
c) Use the main security system standards (e.g., ASIS ESRM Guidelines, UNI ISO 28000:2022) and regulations on the resilience of critical systems (e.g., EU Directive 2022/2557);
d) Understand and select the organizational, technological, and training solutions to prevent, address, and overcome Corporate Security risks and ensure organizational resilience.
a) Design a Corporate Security Risk Management System using a methodology based on the ISO 31000 Guidelines;
b) Identify trends and weak signals relevant to Corporate Security risks;
c) Use the main security system standards (e.g., ASIS ESRM Guidelines, UNI ISO 28000:2022) and regulations on the resilience of critical systems (e.g., EU Directive 2022/2557);
d) Understand and select the organizational, technological, and training solutions to prevent, address, and overcome Corporate Security risks and ensure organizational resilience.
Lesson period: Second four month period
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course can be attended as a single course.
Course syllabus and organization
Single session
Lesson period
Second four month period
SECS-P/08 - MANAGEMENT - University credits: 6
Lessons: 42 hours