E-Learning Master Privacy and IT Security
European School of Banking Management
Key Information
Campus location
Milan, Italy
Languages
Italian
Study format
Blended, Distance Learning
Duration
5 months
Pace
Part time
Tuition fees
Request info
Application deadline
Request info
Earliest start date
Request info
Introduction
Italian partner of ACAMS
Presentation
The social, digital and mobile scenario in Europe and Italy has profoundly changed in recent years, with an unstoppable transformation that grows and changes at an exponential rate.
This phenomenon has been producing two effects for some time now:
- indiscriminate access to the "data" of individual citizens, which combined with the antiquity of the old Privacy Code (Legislative Decree 196/2003), has determined the need for a new regulation in this sense, which materialized with the entry into force, last 24 May 2016 of the new European Data Protection Regulation the GDPR (acronym for General Data Protection Regulation) which will be directly applicable in all Member States of the European Union starting from 25 May 2018 without the need for transposition;
- the proliferation of "cyber attacks" to the detriment of large and small institutions and companies, which are increasingly victims of infections caused by increasingly sophisticated malware that attack and "seize" company data.
The alarm also comes from the Bank of Italy which last February 2017 published a survey on the situation of "Cyber attacks" and on the danger they have and will have on businesses and banks.
To face the risks deriving from this new scenario, companies and banks in particular must equip themselves with an intense training activity focused on the focus of this phenomenon: Privacy and Cyber Security .
In order to manage IT procedures more efficiently, the Bank of Italy published the 16th Update of Circular 285 , in which, under Title IV, it intended to regulate the governance and management of IT systems in the banking sector, requesting banking and non-banking organizations to adapt to this legislation in everyday working life.
The New GDPR provides that every company will have to appoint a DPO (Data Protection Officer), but the cyber-IT scenario outlined requires special skills that go beyond what the GDPR itself has provided.
The European School of Banking Management has developed together with leading Italian experts on these issues, a Master that simultaneously addresses the issues of Privacy, Cyber Security and Title IV of the 16th update of Circular 285 of the Bank of Italy , to form a figure who in addition to the skills of the DPO (Data Protection Officer) is able to understand, manage and organize all Cyber Security activities in his company. Ample space will be given to the exercises through which all the documents required by the circular and subject to audit activities will be illustrated.
The Master, the only Italian path to officially certify the possession of outgoing skills, is aimed at the new figure of the DPO (Data Protection Officer), the Heads of ICT structures and organizations, all those who at various levels deal with analysis and management of risks, privacy and corporate IT security and the personnel involved in the processes and procedures in the context of banking information systems
It is the only Master in Italy:
- With modular structure that allows you to customize the training objectives of each, with a subdivision into levels of knowledge ranging from the simplest Basic Level to the most advanced Advanced Certified, for those who want the best.
- To be approved at the European level.
- To have brought together the major experts on the subject.
- Which includes a final written and oral exam, an element that officially certifies the successful acquisition of skills.
- Delivered by a specialized division of an ASFOR Associated Management School;
Curriculum
Program
The impact of the European Regulation (2016/679) on the protection of personal data in the banking world from the point of view of IT Security. Responsibilities of Directors.
- Dematerialization for banking companies
- I use IT platforms
- Business Continuity
- Privacy by default and privacy by design
- Safety education
- Liability of directors
Privacy obligations in the banking and insurance sector: data, roles and privacy compliance
- Integrated management of the quality of information on anti-money laundering, Privacy, 231/01
- Privacy policy and consent to processing in customer relations
- Privacy organization chart: the data controller, the managers, the system administrators, the data processors
- Communication and dissemination of data: circulation of information in banks and interbank groups
- Data transfer abroad: the heterogeneity of regulatory systems, risks and solutions
- Data protection officer
The security measures between the Privacy Code and the Provisions of the Guarantor
- System administrator, measures, obligations and responsibilities
- Traceability of banking transactions: Provision of the Privacy Guarantor n. 192 of May 2011, organizational and technical measures, impact, state of the art and best practices; access tracking and log file retention; Audits and monitoring
- Data breach notification
- Biometric data and graphometric signature in banking institutions
- Internet banking compliance and identity theft: the protection of account holder's personal data and the responsibilities of credit institutions
Civil, criminal and administrative liability in the processing of personal data
- Criminal and administrative sanctions
- New inspection program of the Privacy Guarantor
- Civil liability (not only in terms of image damage, but also in concrete terms)
- Reputational damage
- Inspection simulation
IT risk mitigation tools
- Cybersecurity
- Perimeter security
- Monitoring tools
- Check security quality
- Vulnerability assessment
- Penetration test
- Attacks in real time
Overview: Bank of Italy regulations for information systems
- Concepts and terminology in the field
- Normative references 285
- CRR normative references
Address, control and governance of the information system
- Duties of the body with strategic supervision and management functions
- Insights into Strategic Guidance Documentation
Organization of the information systems function
- Factors that determined the organization of ICT functions
- Insights into the Documentation for the ICT function organization chart
IT security
- Body that exercises the IT security function
- Insights into IT Security Policy Documentation
IT risk control and ICT compliance
- IT risks
- Compliance with internal regulations and regulations (Technical aspects and organizational aspects)
Tasks of the Internal Audit function
- The type of Internal audit controls
- Insights into the checks performed
IT risk analysis
- The analysis process
- Risk assessment
- Risk treatment
- Insights into the IT Risk Analysis Methodology Documentation
IT security management (Security Policy)
- Goals of the management process
- The general principles of safety
- Roles and responsibilities
- Organizational framework
- Address lines
- Internal rules and legal regulations
The security of information and ICT resources
- Controls and authorization procedures
- Technical software development methodologies
- Logical access regulation
- Procedures for carrying out critical operations
- Ongoing monitoring of security threats
The security of applications developed by the operating and control units
Application security in software life cycle processes
Change management
- Impact assessment
- Planning, coordination and documentation of interventions
- Suitable system configuration management system
The management of cyber security incidents
The availability of information and ICT resources
- Most critical applications
- Architectures with safety profiles
- The interruption of the service
Documentation Insights: Change Management Procedure, Incident Management Procedure, Operational Plan
The data management system (Data governance standard)
- The requirements and standards in the field
- Insights into the Documentation of Data Governance Standards
Outsourcing of the information system (Application Outsourcing and Application Management)
- Types of outsourcing
- Agreements with suppliers and other requirements
- Particular indications
Security of internet payments
Other essential documents required by the legislation
- Insights into Company Valuation Documentation
Concluding Module in the Classroom and in E-Learning
- Summary of the training course for the final review
- Final exam (written and oral exam)
Master's degree
At the end of the training course, each learner will be able to obtain a) the Diploma (Parchment) of the Master of Specialization in Privacy and IT Security, b) the Certificate, which will certify the attendance of the training course and the acquisition of specialized skills verified thanks to to the tests carried out through a written and oral final exam and tests carried out with the School's E-Learning platform.
Achievement is subject to the following conditions:
- regular attendance of lectures on the E-Learning platform;
- passing the scheduled written tests;
- passing the tests required on the E-learning platform;
Scholarships and Funding
Loans
The Master is eligible for funding for:
- The Banks through the Fondo Banche Assicurazioni
- Individuals through the Loan of Honor
Gallery
Ideal Students
Recipients
The Master, the only Italian path to officially certify the possession of outgoing skills, is aimed at the new figure of the DPO (Data Protection Officer), the managers of ICT structures and organizations, all those who at various levels deal with analysis and management of risks, privacy and corporate IT security and the personnel involved in the processes and procedures within the banking information systems.
In particular:
- Privacy Manager
- IT manager
- Person in charge of Personal Data Processing
- Security Manager
- Head of Legal Affairs
- Marketing officers and managers and hr
- Freelancers such as Lawyers, Accountants, Labor Consultants, Privacy Consultants, Engineers, IT Consultants, Legal Consultants, Risk Managers.