Ing Ind - Inf (Mag.)(ord. 270) - MI (502) CYBER RISK STRATEGY AND GOVERNANCE
054111 - TECHNOLOGY RISK GOVERNANCE
Technology Risk Governance comprises the set of strategies, skills and operating models that organizations put in place for understanding, assessing and managing existing and emerging technology risks. Technology-driven businesses are nowadays struggling to keep up with the rapid pace of technology innovation and change, as well as with the increasing complexity of modern socio-technical systems.
In this context, the course aims at transferring to the students theoretical and practical knowledge concerning the most relevant approaches, methods and organizational models for technology risk governance. Real cases discussed during the course cover a wide spectrum of industrial and service systems, ranging from manufacturing to infrastructure and healthcare, which are of relevance for both business and institutional decision makers.
Risultati di apprendimento attesi
After successful completion of this course students will be able to:
• Identify and categorize technology risks of established and emerging technologies
• Describe and prioritize risk and resilience features of complex socio-technical systems exposed to cyber and physical threats
• Distinguish and compare approaches to and methods for technology risk governance at different system life cycle stages
• Choose and applying the most appropriate risk assessment approach and methods given the key features of the complex socio-technical system at stake
• Examine and evaluate the suitability of an organization’s technology risk governance model
• Prepare a strategic report on technology risk assessment.
The course addresses all the relevant approaches, methods and models for supporting risk-informed decisions in managing complex socio-technical systems (e.g. technology selection, system design, management and governance) from business and institutional perspectives:
• Risk governance of new and emerging technologies: Technology outlook and risk analysis methods for technology selection. Cases studies.
• System Safety Engineering: Risk definition, modelling and reporting; Risk Engineering methods: Failure Mode Effects and Criticality Analysis (FMECA), Fault Tree Analysis (FTA), Event Tree Analysis (ETA), Probabilistic Risk Analysis (PRA); FMECA and FTA Exercises.
• Risk Analysis of Socio-Technical systems: Human and Organizational risk factors; Risk management of Organizational accidents (the Reason’s model); the HRO (High Reliability Organization) theory. Critical incident analysis.
• Organizational Resilience and Business Continuity Management (seminar in collaboration with the BCI). Guest speaker from industry.
• Risk Governance of Complex Socio-Technical Systems: theory of Complex Adaptive Systems (CAS) and system-of-systems; Risk analysis of complex cyber-physical systems and networked infrastructure; Resilience Engineering of CAS. Discussion of cases from different industries.
Modalità di valutazione
With the purpose of measuring the acquisition of the above-mentioned learning outcomes the assessment of attending students is based on three components:
1. One group major assignment (50% of the final grade) designed for the purpose of verifying the student ability to: i) choose and apply the most appropriate approach and methods given the key features of the complex socio-technical system at stake; ii) examine and assessing the suitability of an organization’s technology risk governance model; iii) preparing a technical report on technology risk governance. The deliverable consists of a final written report;
2. Final oral exam (50% of the final grade), which aims to assess the student’s learning level of theories and models and their application to a given situation;
3. In-class minor group assignments (non-compulsory), consisting in short reports covering the complete solution of some in-class exercises selected by the instructor (max 2 points will be added to the final grade).
Bedford, Tim & Cooke, Roger M, Probabilistic risk analysis: foundations and methods, Editore: Cambridge University Press, Anno edizione: 2001
Reason J., Managing the risks of organizational accidents, Editore: Ashgate, Anno edizione: 1997
Tipo Forma Didattica
Ore di attività svolte in aula
Ore di studio autonome
Laboratorio Di Progetto
Informazioni in lingua inglese a supporto dell'internazionalizzazione
Insegnamento erogato in lingua
Disponibilità di materiale didattico/slides in lingua inglese
Disponibilità di libri di testo/bibliografia in lingua inglese
Possibilità di sostenere l'esame in lingua inglese
Disponibilità di supporto didattico in lingua inglese