The course Digital Security Management addresses the fundamental management and technical aspects of security in enterprises, emphasizing the need for good security management practices. The basic goal of this course is to provide concepts and practical methods about the management of security policies, methods, tools, security services, and responsibilites in organizations. The knowldege that will be acquired can enable an aware communication between those who speak the language of security and those who are acquainted with the language of enterprise, so supporting informed conversations between technology teams and organization managers. More precisely, the course aims are to: i) identify the problems and concepts of security management in organizations; ii) show how these problems can be solved through organizational and technical measures. Therefore, it describes the policies, methods, tools, and resources to set in place in private and public organizations towards these aims.

The course is aligned with courses taught at the major International Universities (e.g., MIT, Sloan, University of London, Universities in North Europe), and in various Schools of Management and Technical Schools.

The students will learn theory about security and privacy issues, and mainly practical experiences about tools to be diplayed in enterprises and organizations to set in place security plans and monitor the security services. Through interventions and testimonial, security governance and monitoring will be explained, so that group work and cooperation on cases guide the students in developing their own security solutions to specific problems presented during classes.

The course is organized in two parts: 1) an introduction to the “language” and fundamentals of security, and of security management in particular; 2) the description of technical measures that can be adopted to deploy security management.

Security and privacy of data (and of “new data” such as Big Data, streaming data from IoT systems, Datawarehouse systems) is focused. The GDPR and its application are analyzed through descriptions of guidelines to security plans formulation. Testimonials of security management will give cases and experiences in practical application of measures for data privacy, security plans, management of security services for privacy protection, and other security management practices in enterprises.

Concepts of software engineering and architectures, databases and information systems, enterprise management, operations. 

Teaching methodology: 

- Front classes; 
- Engaging, interactive, and personalized learning experience built upon learning tools, which include:
− key concepts and insights on the course modules
− case studies and examples on creating a culture of prevention and awareness
− ethics considerations in security explored through case studies

Interactive media will include videos and simulations, individual assignments, collaborative learning through discussion forums.

Evaluation method (exam):

- Evaluation of a project to be developed in groups of two students on themes assigned in class. This gives 16 points out of the total 32/30. The evaluation must be  sufficient (9 points) and the project has one solar year of validity.

- Written examination on concepts, methods, scenarios learnt in class with security experts and on all the subject presented during the classes. This gives the remanining 16 points for a total potential mark of 32/30.The evaluation must be  sufficient (9 points). The exam is in the form of open questions. 

Edited by the teacher