The course provides insights into cybersecurity and cybercrime regulations in the European and comparative perspective. It offers a comprehensive understanding of cybersecurity and cybercrime legislation, trends and practice, complemented with the analysis of relevant cases. The course aims at enabling students to understand, and develop critical thinking with respect to, the interplay between technical and regulatory issues, the role of risk management in the cybersecurity landscape, and the impact of digitalisation on criminal matters. At the end of the course, students will be also able to carry out a thorough analysis of the crime-risk in the digital environment and to identify the countermeasures to put in place adequate preventive internal controls in public and private organisations.

Knowledge and understanding: Upon completing the course, students will be able to understand and critically address the main cybersecurity and cybercrime regulatory issues. Students will be also able to identify and manage the main legal threats arising in the cyberspace and to interpret the evolution of preventive and criminal law strategies in the digital era. Such knowledge will be ascertained through the evaluation of participation and reaction during class discussions, as well as group and individual outputs. At the end of the course, an oral exam will be held. Applying knowledge and understanding: By attending the course, students will be able to apply legal reasoning and to solve practical cases in the cybersecurity and cybercrime environments. Students will be also able to make interdisciplinary connections between different scientific areas (e.g. ICT, computer science, criminal law, compliance). In this way, students will be fully equipped, on theoretical and practical plans, as to access the job market as ‘lawyers 4.0’, corporate advisors, digital managers, able to critically tackle and manage complex cybersecurity and cybercrime issues. Such knowledge will be evaluated taking into account the results of students’ participation in class debate, group presentations, individual outputs and a final oral exam. Making judgments: By using the correct study and research methodology learnt during the course, students will be able to collect data and materials to analyze relevant sources, as well as case law and legal doctrine related to the subjects concerned. Students will be ready to interpret and solve legal issues arising in the cybersecurity and cybercrime areas, handling and managing the threats posed by technology. By the end of the course, students will be able to independently make evaluation of data and materials and to formulate their own critical judgment on the application of fundamental principles and categories of criminal law in such peculiar context. Communication skills: At the end of the course students will be able to use the appropriate technical-legal vocabulary related to cybersecurity and cybercrime environments. Students will develop the ability to communicate in written form through completing the assignments, and oral form through the final exam and the class debate. Students will also foster the development of their language and relational skills in international and multicultural settings. Learning skills: Upon completing the course, students will be able to independently understand and interpret regulatory changes in the cybersecurity and cybercrimes areas. Students will be able to autonomously solve problems and develop a critical approach, as well as operational skills, through interactive discussion, labs, seminars with experts and professionals and carrying out their (collective and individual) project works. They will be ready to deal with and manage real life projects and cases in complex settings.

The course is structured in two main parts, complemented with two core labs. The first part of the course will cover cybersecurity issues, outlining the cybersecurity legislation at international and EU levels, with a focus on the NIS Directive and the GDPR, and analyzing national transposition(s) of such instruments. Specific attention will be paid to cyberattacks and to the key policy and regulatory concerns they pose. In this respect, LAB#1 will be dedicated to the management of a data breach and its legal consequences. The second strand of the course will deal with cybercrime. Relevant sources and general substantive criminal law issues will be examined, as well as a “special part” dedicated to the main cybercrimes (interpersonal cybercrimes;
crimes against the confidentiality, integrity and availability of computer data and systems; financial cybercrime; privacy offences). Corporate liability and the role of organisations in the management of cyber-risks will be also addressed. LAB#2 will consequently focus on cybercrime investigation and digital forensics.

Readings selected are available open access or via Luiss library subscriptions. Course slides and other materials will be made available for students on Luiss Learn platform and will cover all the topics addressed. The list of readings will be published in due course. For the cybercrime part, to have a general overview on the subject, students can also refer to: Gillespie, A. (2019). Cybercrime: key issues and debates (Second edition.). Routledge. https://tinyurl.com/cxyvbdm4

Frontal teaching; Class participation and discussion; Case studies, role playing, practical labs; Group/individual project works; Seminars with experts and professionals (names to be announced). The course is subject to continuous evaluation. Students’ participation, reaction and interaction throughout the course will be taken into account for the final grade. Students will be supported through practical sessions in preparing both collective and individual deliverables.

The assessment of students’ learning will be based on the production of (1) a written individual output on a course subject chosen by the student (25% of the final grade), (2) participation to class debate, group presentations, labs involvement (50% of the final grade), and (3) a final oral exam (25% of the final grade). As for (1) the individual outputs, they must be agreed in advance. Students will choose a course topic of interest and will submit their proposals to course instructor for the final written project. For (2) group presentations, students will be involved in two labs related to the main areas of the course (LAB#1 on cybersecurity and LAB#2 on cybercrime issues). They will be divided into groups and required to submit and present to the class two mini-deliverables (written outputs), one for each lab. With reference to the (3) final oral exam, it will be based on the discussion of students’ individual outputs. As for the evaluation criteria, written outputs will be evaluated taking into consideration their formal, logical and legal coherence and accuracy, as well as their originality and students’ capacity to personally re-elaborate the topics addressed. The oral assessment will be centered on students’ ability to report on the written contents with the appropriate legal vocabulary and to explain and justify in the oral presentation the theses supported in the written paper.

Interest in the subject; good overall result in the evaluation.