Argomenti dell'insegnamento
The course deals with the main legal issues on personal and non-personal data processing and about the risk management that a cyber-company faces. In the first part of the course personal and non-personal data processing regulations will be studied. The GDPR’s main provisions will be described, its rules governing data processing and the duties cast upon controllers and processors. The role and obligations of Data Protection Officers (DPO) are dealt with. The second part of the course deals with the basic elements of Cybersecurity with the aim to provide a comprehensive and structured overview of the main topics related to the discipline, addressing both technical and organizational as well as regulatory aspects. First, the course will examine the main threats and vulnerabilities affecting information systems, networks, and applications, with particular attention to the most widespread attack techniques and the ways in which they can compromise the confidentiality, integrity, and availability of information. It will then focus on the principles of risk governance, with the goal of understanding how organizations can adopt effective management strategies and how to conduct a proper risk assessment using internationally recognized methodologies. The course will also cover technical and organizational security measures and best practices aimed at mitigating risks, including security policies, access controls, encryption, and monitoring systems. A specific focus will be placed on the national and European regulatory landscape, with references to regulations and directives such as the NIS2 Directive, to understand legal implications and compliance requirements organizations must meet. The ultimate goal is to provide students with both theoretical and practical tools to critically and effectively face the challenges of Cybersecurity.

Modalità di insegnamento
Recorded lectures, in-person teaching, exercises. The course adopts a blended, student-centred approach that emphasises problem-based learning and active engagement. A portion of the lecture content is made available online in advance, allowing students to explore key concepts independently and at their own pace before attending class. This preparatory work enables inperson sessions to focus on the application of knowledge through real-world problems, collaborative activities, and guided discussions — fostering critical thinking and deeper learning. The course is fully aligned with the principles of the Italian Universities Digital Hub (EDUNEXT) initiative (https://edunext.eu), which promotes the integration of digital resources and active learning strategies within university teaching.

Modalità d'esame
The course grade will be based on the final written exam that include 3 general questions with 3-4 sub-questions. During the II part on Cybersecurity, short tests and simulations may be carried out and, in case of students’ attendance, will be considered for the final vote.

Criteri di valutazione
Criteria for the assessment of the written exam: clarity of the answers, mastery of language (knowledge of the legal technical language, and grammatical and logic mastery of language), ability to summarize, evaluate, and establishing relationships between topics.