Info
Logo Bocconi

Course 2019-2020 a.y.

20652 - TECHNOLOGY RISK GOVERNANCE

CYBER
Cross-institutional study L. Bocconi - Politecnico Milano

Course taught in English

Go to class group/s: 25

CYBER (5 credits - I sem. - OB  |  ING-IND/35)
Course Director:
PAOLO TRUCCO

Classes: 25 (I sem.)
Instructors:
Class 25: PAOLO MACCARRONE


Suggested background knowledge
PREREQUISITES

Technology Risk Governance comprises the set of strategies, skills and operating models that organizations put in place for understanding, assessing and managing existing and emerging technology risks. Technology-driven businesses are nowadays struggling to keep up with the rapid pace of technology innovation and change, as well as with the increasing complexity of modern socio-technical systems. In this context, the course aims at transferring to the students theoretical and practical knowledge concerning the most relevant approaches, methods and organizational models for technology risk governance. Real cases discussed during the course cover a wide spectrum of industrial and service systems, ranging from manufacturing to infrastructure and healthcare, which are of relevance for both business and institutional decision makers.


Mission & Content Summary
MISSION

Technology Risk Governance comprises the set of strategies, skills and operating models that organizations put in place for understanding, assessing and managing existing and emerging technology risks. Technology-driven businesses are nowadays struggling to keep up with the rapid pace of technology innovation and change, as well as with the increasing complexity of modern socio-technical systems. In this context, the course aims at transferring to the students theoretical and practical knowledge concerning the most relevant approaches, methods and organizational models for technology risk governance. Real cases discussed during the course cover a wide spectrum of industrial and service systems, ranging from manufacturing to infrastructure and healthcare, which are of relevance for both business and institutional decision makers.

CONTENT SUMMARY

The course addresses all the relevant approaches, methods and models for supporting risk-informed decisions in managing complex socio-technical systems (e.g. technology selection, system design, management and governance) from business and institutional perspectives:

  • Risk governance of new and emerging technologies: Technology outlook and risk analysis methods for technology selection. Cases studies.
  • System Safety Engineering: Risk definition, modelling and reporting; Risk Engineering methods: Failure Mode Effects and Criticality Analysis (FMECA), Fault Tree Analysis (FTA), Event Tree Analysis (ETA), Probabilistic Risk Analysis (PRA); FMECA and FTA Exercises.
  • Risk Analysis of Socio-Technical systems: Human and Organizational risk factors; Risk management of Organizational accidents (the Reason’s model); the HRO (High Reliability Organization) theory. Critical incident analysis.
  • Organizational Resilience and Business Continuity Management (seminar in collaboration with the BCI). Guest speaker from industry.
  • Risk Governance of Complex Socio-Technical Systems: theory of Complex Adaptive Systems (CAS) and system-of-systems; Risk analysis of complex cyber-physical systems and networked infrastructure; Resilience Engineering of CAS. Discussion of cases from different industries.

Intended Learning Outcomes (ILO)
KNOWLEDGE AND UNDERSTANDING
At the end of the course student will be able to...
  • Identify and categorize technology risks of established and emerging technologies
  • Describe and prioritize risk and resilience features of complex socio-technical systems exposed to cyber and physical threats
  • Distinguish and compare approaches to and methods for technology risk governance at different system life cycle stages
APPLYING KNOWLEDGE AND UNDERSTANDING
At the end of the course student will be able to...
  • Choose and applying the most appropriate risk assessment approach and methods given the key features of the complex socio-technical system at stake
  • Examine and evaluate the suitability of an organization’s technology risk governance model
  • Prepare a strategic report on technology risk assessment.

Teaching methods
  • Face-to-face lectures
  • Guest speaker's talks (in class or in distance)
  • Exercises (exercises, database, software etc.)
  • Case studies /Incidents (traditional, online)
  • Group assignments
  • Interactive class activities (role playing, business game, simulation, online forum, instant polls)
DETAILS

The learning experience of this course includes, in addition to face-to-face lectures, numerical exercises, case discussions, a group assignment, real examples and interactions with guest speakers from industrial organizations and governmental agencies.

Instant polls will be used to support class discussions.

Over the course, groups of students (max 3) will be engaged in a major assignment focusing on either a technology risk assessment report or a real incident investigation report. Groups will submit the final report to be used for student’s assessment (see next paragraph) and as a basis for the oral exam.


Assessment methods
  Continuous assessment Partial exams General exam
  • Oral individual exam
  •     x
  • Group assignment (report, exercise, presentation, project work etc.)
  •     x
  • In-class minor group assignments
  •   x  
    ATTENDING STUDENTS

    With the purpose of measuring the acquisition of the above-mentioned learning outcomes the assessment of attending students is based on three components:

    1. One group major assignment (50% of the final grade) designed for the purpose of verifying the student ability to: i) choose and apply the most appropriate approach and methods given the key features of the complex socio-technical system at stake; ii) examine and assessing the suitability of an organization’s technology risk governance model; iii) preparing a technical report on technology risk governance. The deliverable consists of a final written report;

    2. Final oral exam (50% of the final grade), which aims to assess the student’s learning level of theories and models and their application to a given situation;

    3. In-class minor group assignments (non-compulsory), consisting in short reports covering the complete solution of some in-class exercises selected by the instructor (max 2 points will be added to the final grade).

    NOT ATTENDING STUDENTS

    With the purpose of measuring the acquisition of the above-mentioned learning outcomes the assessment of non-attending students is based on two components:

    1. One group major assignment (50% of the final grade) designed for the purpose of verifying the student ability to: i) choose and apply the most appropriate approach and methods given the key features of the complex socio-technical system at stake; ii) examine and assessing the suitability of an organization’s technology risk governance model; iii) preparing a technical report on technology risk governance. The deliverable consists of a final written report;

    2. Final oral exam (50% of the final grade), which aims to assess the student’s learning level of theories and models and their application to a given situation


    Teaching materials
    ATTENDING AND NOT ATTENDING STUDENTS
    Last change 06/06/2019 17:21