The growing digitalisation of processes makes cybersecurity a key element for resilience and competitiveness. The course is designed to provide IT Managers, CISOs and security managers with the skills necessary to integrate cybersecurity into business processes, in line with the National Framework for Cybersecurity and Data Protection – 2025 Edition, inspired by the NIST Cybersecurity Framework 2.0 but adapted to the Italian and European regulatory context.
The course aims to promote a widespread culture of cybersecurity as a lever of competitiveness also for SMEs, with an eye to those operating within supply chains, where security is increasingly becoming a commercial requirement. Furthermore, it aims to emphasize the importance of knowing how to respond effectively to attacks, strengthening organizational and technical capacities through the use of concrete tools.
Participants will be provided with an operational toolbox (digital and non-digital) that will include policies, response models, checklists and templates that are fundamental for the immediate adoption in the company of the prevention, response and recovery measures described.
The course will conclude with a practical attack simulation, in order to verify the readiness and effectiveness of the responses learned.
In Italy, there is still no unique and officially recognised professional profile for the IT Manager. This has led, over time, to uneven training, guided more by the operational urgencies of individual companies than by a structured strategic vision. In many cases, the IT Manager is called to be everything: technician, negotiator, risk analyst, and, today more than ever, guarantor of digital security.
But the context has changed and cyber threats are no longer an eventuality, they are a constant. Regulations impose increasingly clear and burdensome responsibilities and cybersecurity goes from being an additional skill to becoming a transversal and essential skill, which every IT Manager must possess to remain relevant, effective and above all reliable.
The course is designed for:
- Information Security Officer (CISO)
- IT Manager
- IT Governance Accountability
- Risk and compliance consultants
- Members of control and audit committees
- Managers and decision makers involved in digital risk management
Participation in the course can be a distinctive element for professional recognition and career advancement in cyber and compliance. Through theoretical sessions, workshops and an immersive tabletop simulation, participants will acquire the skills to govern, protect, detect, respond and restore in the event of cyber incidents, in line with the NIS2 Directive and the GDPR.
The course is organized into 8 teaching sessions in hybrid mode. The first and last meetings will take place on Fridays on-campus, while the online evening sessions will be held on Tuesdays and Thursdays.
In partnership with:
Accreditation
Bologna Business School is EQUIS – EFMD Quality Improvement System accredited, one of the most important international quality assessment and continuous improvement systems for Schools of Management and Business Administration.
Vera Tucci
Executive Director
v.tucci@t-consulting.it
" La cybersecurity non è un dettaglio tecnico: è la nuova grammatica della fiducia. Con questo programma, dal Framework Nazionale 2025 alla war room simulata, non trasmetteremo solo nozioni, ma ci impegneremo a costruire - con i partecipanti - una cultura di cybersecurity capace di reggere il peso delle crisi e di trasformarle in continuità, reputazione e leadership. Il compito dell'intero gruppo docente, però, non sarà solo quello di formare specialisti: l'obiettivo comune è formare professionisti che sappiano guidare le aziende e le filiere nel mezzo della tempesta, trasformando la minaccia in potere strategico. "
Structure
The course consists in 8 teaching sessions. The first and last sessions will take place on-campus on Fridays, and the evening online sessions will take place on Tuesdays and Thursdays.
The dates of the teaching sessions are:
- January 23rd – 9.15 am-5.45 pm – on campus
- January 27th – 6.30-10.00 pm – online
- January 29th – 6.30-10.00 pm – online
- February 3rd – 6.30-10.00 pm – online
- February 5th – 6.30-10.00 pm – online
- February 10th – 6.30-10.00 pm – online
- February 12th – 6.30-10.00 pm – online
- February 20th – 9.15am-5.45 pm – on campus
Learning Outcomes:
- Analyze the safety posture according to the six functions of the National Framework 2025.
- Define cyber governance and risk management strategies aligned with the Italian regulatory environment.
- Coordinate response to critical incidents using a structured war room.
- Integrate cybersecurity into business decision-making processes and the value chain.
- Improve visibility and professional role in the context of compliance and resilience.
Key Takeaways:
- Mastery of the National Framework 2025 (Govern, Identify, Protect, Detect, Respond, Recover).
- Alignment with NIS2 Directive, GDPR and incident response best practices.
- Operational and strategic capabilities in the management of cyber risks and cyber crises.
- Practical approach to business continuity and communication during an attack.
- Tools to define an evolutionary roadmap and measure safety maturity.
COURSES
• The National Framework 2025: structure, relationships with NIS2 and NIST
• Govern function: policies, roles, safety culture, supply chain
• Identify function: asset mapping, risk analysis, critical issues
• Business Impact Analysis and risk assessment
• Alignment between business objectives and safety postures
• Guided discussion and analysis of real cases
• Protection of assets and data (Data Loss Prevention [DLP], encryption, backup)
• Awareness, training and cyber culture
• Critical suppliers and supply chain evaluation
• Access controls, credential management and segmentation
• Data protection and business continuity
• Security policy and secure configuration
• Continuous monitoring, Threat Intelligence and Threat Hunting
• Incident response plan, manual and internal processes
• Coordination with CSIRT and DPO
• Internal/external communication during the incident
• Fundamentals of crisis communication in the cyber field: differences between operational management of the incident and management of internal/external perception.
• Stakeholder maps and communication flows
• From the technical report to the strategic message
• Coordination with DPO, legal, communication and PR
• Mistakes to avoid when communicating a cyber incident
• Guided exercise
• Business Continuity Plan, Disaster Recovery (theoretical introduction)
• Post-accident reporting, electronic feedback loop reporting
• KPIs and resilience metrics
• Compliance integration and internal audit
• Identify technological, organizational and decision-making Single Points of Failure.
• Define acceptable recovery times (RTO) and tolerable data loss (RPO).
• Link the recovery plan to key roles, communication and escalation plans.
• Integrate KPIs, lessons learned and feedback loops to improve over time.
• Scenario: ransomware attack, data exfiltration and encryption
• Establishment of the war room and management of roles
• Official communications, interactions with authorities and the press
• Critical decisions, crisis management, activation of the Operational Continuity Plan
• Debriefing with lessons learned, critical issues and roadmaps
Learning approach
Our courses are characterized by a faculty that brings together very different skills and experiences from the world of business, academia and consulting.
Faculty
Faculty members at Bologna Business School work together offering outstanding teaching standards. An international and interdisciplinary approach is guaranteed by a joint team of distinguished national core professors, adjunct, visiting professors, guest speakers and top managers.
Networking
Networking develops among students of the same class, between participants and lecturers, as well as with students from other courses or previous editions of the same program.
COMPANIES
Over the years, our partners have been constantly involved in the various activities that make up the structure of our programs. Companies belonging to our network participate in project work and master classes; they actively contribute to introducing guest speakers and organizing company visits. Our partners are our first supporters: they sponsor various scholarships, host internships for students and provide professional opportunities for graduates.
The partner companies of Bologna Business School are:
AEROPORTO G. MARCONI ASSICOOP BOLOGNA METROPOLITANA AUTOMOBILI LAMBORGHINI BOLOGNA FIERE BREVINI POWER TRANSMISSION CAMERA DI COMMERCIO DI BOLOGNA CAMERA DI COMMERCIO DI FERRARA CAMERA DI COMMERCIO DI FORLÌ-CESENA CAMERA DI COMMERCIO DI MODENA CAMERA DI COMMERCIO DI RIMINI CAMST CARPIGIANI GROUP CASSA DI RISPARMIO IN BOLOGNA CONFCOMMERCIO EMILIA ROMAGNA CONFINDUSTRIA EMILIA ROMAGNA COSWELL DATALOGIC DUCATI MOTOR HOLDING ENEL ENGINEERING INGEGNERIA INFORMATICA EXPERT SYSTEM FALORNI FASTWEB FERRARELLE FERRARI FERRETTI GROUP FINALMA FONDAZIONE CARISBO FONDAZIONE CASSA RISPARMIO CESENA FONDAZIONE CASSA RISPARMIO DI CENTO FONDAZIONE CASSA RISPARMIO DI IMOLA FONDAZIONE CASSA DI RISPARMIO DI CARPI FONDAZIONE CASSA DI RISPARMIO DI FERRARA FONDAZIONE CASSA DI RISPARMIO DI PADOVA E ROVIGO FONDAZIONE G. MARCONI FONDAZIONE IBM ITALIA FONDAZIONE ISABELLA SERÀGNOLI FONDAZIONE DEL MONTE DI BOLOGNA E RAVENNA FONDAZIONE PER LA COLLABORAZIONE TRA I POPOLI FOOD TREND FOUNDATION FURLA GOOGLE ITALIA GRANAROLO GROUPM GRUPPO COESIA GRUPPO SISTEMA H-ART HSPI HAWORTH HERA HORSA IBM ITALIA IMA ICONSULTING INTESA SAN PAOLO KPMG ADVISORY LABORATORI GUGLIELMO MARCONI LANDI RENZO LEGACOOP BOLOGNA LIGHTHOUSE MANUTENCOOP MAPE MAPS MASAI ITALIA MASERATI MICROSOFT ITALIA MONTENEGRO N.C.H. NUOVI CANTIERI APUANIA OLIDATA ONIT GROUP OPERA SANTA MARIA DEL FIORE PHILIP MORRIS ITALIA POLTRONESOFÀ REGIONE EMILIA-ROMAGNA RICOH S.E.C.I. GRUPPO INDUSTRIALE MACCAFERRI SAP SCS CONSULTING STMICROELECTRONICS SCHNEIDER ELECTRIC SEPS TECHNOGYM TEUCO THE BOSTON CONSULTING GROUP TOYOTA MATERIAL HANDLING ITALIA TREVI GROUP UMBERTO CESARI UNICREDIT UNIEURO UNINDUSTRIA BOLOGNA UNIPOL VEM SISTEMI VERONESI VIABIZZUNO VIDEOWORKS VOLVO CAR ITALIA WPP ITALIA YOOX NET-A-PORTER GROUP
FEES
The course registration fee is:
- 3,600 euros (+ VAT) for registrations from companies and institutions
- 2,900 euros (+ VAT) for individual registrations
The fee includes attendance at the program, all the study material available through the online platform and access to the Bologna Business School services, which include: Alma wi-fi personal account and use of the study areas.
Discounts are available:
- for early registrations;
- for Business Network companies;
- for Alma/BBS and Profingest Alumni;
- for groups of at least 3 people.
INTERPROFESSIONAL FUNDS
Alumni and Companies can check the availability of vouchers at the Interprofessional Fund reference:
Fondimpresa – for middle management
Fondo Dirigenti PMI – for managers of industrial SMEs
Fonditalia
Fondirigenti – for managers
Fon.Coop – for Cooperatives
Alma is accredited Fon.Ter – for companies and Tertiary Services
REQUIREMENTS
The course allow a maximum of 30 partecipants.
APPLICATION PROCESS
To register, simply request the registration form by sending an e-mail to: openprograms@bbs.unibo.it
FAQs
At the end of the course, a participation certificate is issued (upon reaching 80% of classroom hours).
The documents used in the classroom and any further reading or exercises will be uploaded to our platform, whose credentials will be delivered in the classroom.
Should a group of colleagues wish to participate in the program, it is possible to contact the Program Manager to evaluate an ad hoc participation price.
Our short courses do not require a specific course of study. It is important to have a few years of work experience behind you that can help you, inside the classroom, by bringing real cases dealt with and solutions adopted during your work.
