Emerging digital technologies are playing a major role in improving business efficiency. Organizations collect, store, and manage vast amounts of data from the installed base of physical products and from users accessing their services. As a result, they must contend with the security risks and threats that digital technologies inevitably bring. Digitalization has created new opportunities for cyber threat actors to exploit emerging vulnerabilities. New cybersecurity solutions are increasingly based on system architectures with a high degree of modularity and are characterized by rapid technological advancement and a constantly evolving market. This technological turbulence leads to the continuous entry of new players and the emergence of disruptive shifts in the technology landscape. These dynamics pose significant challenges for decision-making processes regarding technology adoption. At the same time, the evolving nature of cyber threats demands constant adaptation from organizations. The impacts span technical, legal, organizational, communication, and ethical domains, with real-world consequences for businesses, governments, and society. As a result, digitalization has transformed cybersecurity from a traditional risk management tool into a strategic component of business decision-making and innovation. Businesses are now leveraging cybersecurity not just for protection, but as a source of competitive advantage—shifting from a mindset focused solely on risk mitigation to one centered on business continuity and strategic growth. By integrating cybersecurity into their strategic planning, organizations are increasingly using it as a key enabler of innovation and business development, aligning cybersecurity strategies with broader organizational goals. Based on this vision, and in line with the evolutionary perspective in the theory of the firm, the course aims to provide students with an academically grounded and managerially oriented understanding of the processes and dynamics related to technology management, strategic management, and innovation in the field of cybersecurity. The first part of the course will focus on the core concepts underlying these internal and external processes and dynamics. This first module will be followed by a second one, providing an in-depth examination of the socio technical dimensions of cybersecurity – spanning risk society framing, technoscientific controversies, , cyber risks literacy, and communication in the realm of stakeholder engagement. A particular emphasis will be put on how sociological and communicative factors (e.g.,. tacit norms and role based power dynamics, internal communication processes and styles, continuous training) shape decision making processes concerning the adoption of emerging cybersecurity technologies and/or the development of innovative in house solutions. Lectures will be complemented by practical case studies, simulations and group projects that will let students applying knowledge to real-life contexts in which such decisions are made. These activities will help students connect theoretical concepts to real-world management and entrepreneurial practices. Students will be organized into groups and required to complete a project aimed at analyzing real-life cases. The objective will be to identify potential technology management practices and assess their strategic and operational impact.

At the end of the course, students will have developed foundational competence in - analyzing and managing business decisions related to technology and innovation management in cybersecurity, recognizing it as a key enabler of business development at both strategic and operational levels; - explaining the theoretical foundations of technology & innovation management in cybersecurity, including risk society framing and socio technical systems; - identifying and describe the main sociological and communicative factors that influence cybersecurity decisions and organizational resilience; - integrating technical, managerial, sociological, and communicative analyses to evaluate cybersecurity scenarios and formulate evidence based solutions; - collaborating in multidisciplinary teams, presenting clear, data driven arguments and recommendations.

For an easier acquisition of the course content, it might be useful for students to know the fundamental of Economics and Business Organizations, as well as the basics of Business strategy.

The course will comprise both theoretical and practical lessons in English and will be composed of two main sections: Section I –Technology and Innovation Management - Fundamentals of the theory of the firm - Fundamentals of the economics of innovation: the linear model of innovation, the actors involved in the innovation process, technological trajectories and paradigms, taxonomies of innovation and their impact on industries - Dynamics of innovation: technology cycles, dominant designs and standards - Fundamentals of strategy and the determinants of competitive advantage - Entrepreneurial and managerial innovation models - Decision making in cybersecurity (Make or buy & business cases) - Profiting from innovation - Open and collaborative innovation: practices and paradoxes - Barriers to innovation - IP management, diffusion of innovation and appropriation strategies - Creativity and innovation management -From Information Technologies to Information Systems Section II – CyberRisk SocioLab: Creative Communication for a Proactive Cyber Risk Culture - Risk society & socio technical framing of cyber risk: interactive lecture; key topics: systemic vs individual risk, public perceptions, trust and social legitimacy, latent socio-communicaiton factors in cybersecurity. - Technoscience controversies & epistemic authority: debate & role play; key topics: tacit norms, roles, power; open vs proprietary security. - Interpersonal communication, persuasion and social engineering: phishing role play and micro analysis; key topics: Palo Alto axioms, Cialdini’s principles, knowledge deficit model and alternatives. - Leadership communication & cyber risk literacy: mini workshop and self assessment; key topics: leadership cultures and the semiotic informational model, training practices.

The course will consist of highly interactive lectures and in-class discussions, with extensive use of examples, case studies and integrative reading materials. Company testimonials may be invited as part of the course for practical lessons based on real-life cases. Moreover, students will be required to carry out a group-based project work aiming at examining practical cases and outlining the economic and socio-communicative relevance of cybersecurity technological solutions. In details: Purpose Connect business decision making and theory of the firm competences in cybersecurity with sociological and communicative insight by analysing a real world phenomenon and producing a contemporary, public facing communication artifact. Brief 1. Topic & Case Study - Each team selects one or more course topics. - At least one empirical case study must be analysed as a situated lens through which the broader issue is made visible. 2. Expected Output The final deliverable may take any creative form provided it is methodologically rigorous, argumentatively clear and well documented. Non exhaustive examples: o Mini documentary (7–10 min). o Podcast pilot (≤10 min) with narration, interviews or data interludes. o Advanced digital infographic or interactive data story. o Mock up advocacy/educational campaign (visual, textual or video). o Micro site or digital prototype (e.g., an interactive gamified demo that entertains while raising cyber-risk awareness and literacy across a company’s workforce). 3. Accompanying Dossier Either a written report (max 2 000 words) or a slide deck (15–20 well structured slides) that clearly states: • theoretical relevance and social significance of the topic; • intended audience(s) for the artefact; • theoretical framework, sources and methodology (including case study design); • division of tasks among team members. 4. Assessment Criteria • Integration of managerial and sociological knowledge. • Critical analysis of the case study. • Alignment of communication strategy with declared audience. • Evidenced use of reliable sources with transparent methodology. • Creative quality and production value of the artefact. 5. Methodological Tips • Combine technology and innovation management theory and sociological lenses; they are complementary, not alternative. • Curate sources meticulously and be transparent about every step of the process, including limitations.

Shilling, M. Strategic Management of Technological Innovation McGraw-Hill Education Cantamessa, M., Montagna, F. 2016 Management of Innovation and Product Development Springer Piccoli, G., Pigni F. 2019. Information systems for managers with cases. 4.0 Edition. Wiley Presentations and other reading materials will be uploaded during the course

Slides; Libro di testo; Materiale multimediale ; Strumenti di collaborazione tra studenti;

Modalità di esame: Elaborato progettuale in gruppo; Prova scritta in aula tramite PC con l'utilizzo della piattaforma di ateneo;

Exam: Group project; Computer-based written test in class using POLITO platform;

... Written test The written test will evaluate the degree to which students have learned and understood theoretical concepts. It will be based on a mixture of closed questions, open questions and/or a short commentary to a text. The written exam will lead to a score of 20/30 Group project work The group-based project work will allow to evaluate the degree to which students are able to apply theoretical concepts in practice. It will lead to a score of 10/30, based on the assessment criteria highlighted above.

Gli studenti e le studentesse con disabilità o con Disturbi Specifici di Apprendimento (DSA), oltre alla segnalazione tramite procedura informatizzata, sono invitati a comunicare anche direttamente al/la docente titolare dell'insegnamento, con un preavviso non inferiore ad una settimana dall'avvio della sessione d'esame, gli strumenti compensativi concordati con l'Unità Special Needs, al fine di permettere al/la docente la declinazione più idonea in riferimento alla specifica tipologia di esame.