Cybersecurity is no longer just a technical issue, but a real social value and a strategic priority. With this awareness, the Advanced Training Course in Cybersecurity and Cyber Rights Protection., sponsored by theUniversity of Roma Tre as part of the PNRR HARD DISC project, in which NSR actively participated by delivering lectures, practical workshops and providing the expertise of its professionals and its many years of experience in the field.
It was an extraordinary journey, rich in insights essential to navigating an increasingly digital and interconnected world.
We explored the roots of cyber-insecurity and the systemic vulnerabilities that often lie outside the traditional security perimeter, including those related to the supply chain. Great attention was paid to building a shared culture of cybersecurity, understood no longer as a mere technological option, but as a social necessity and common value.
Throughout the course, we had the opportunity to delve into a wide range of crucial topics with the input of valuable experts who shared their unique knowledge and experiences. Below is an overview of the main ideas and concepts that emerged during the training.

Data protection and regulatory framework

• We analyzed constitutional and supranational principles on data security and confidentiality, examining the delicate balance between risk, security, and freedom. It was highlighted how personal data protection has evolved from a “right to privacy” to “informational self-determination,” becoming instrumental in safeguarding rights and supporting democratic systems.
• We explored the ever-evolving regulatory framework, including the General Data Protection Regulation (GDPR), with its core principles such as data minimization, confidentiality, lawfulness and integrity, and key concepts such as Accountability and Privacy by Design/Default. The importance of Data Protection Impact Assessments (DPIA) and the general obligation to notify data breaches were also emphasized.
• The strategic role of theACN (National Cybersecurity Agency) was presented in detail, along with the National Cybersecurity Strategy and its Implementation Plan. The functions of the ACN in coordination, incident management, promotion of technological autonomy and skill development were discussed.
• We examined new European and national regulatory obligations such as NIS2 Directive, DORA Regulation for the financial sector, the Cyber Resilience Act, and the EU Artificial Intelligence Act (AI Act). We also reviewed the Italian DDL on AI and the National Cyber Security Perimeter, clarifying the obligations and penalties involved.
• We explored Data Governance and data classification (structured and unstructured) as pillars of effective and secure management, analyzing techniques such as Data Masking and tokenization for protecting sensitive data in non-production environments, and pseudonymization and anonymization as tools for privacy protection.
• The issue of remote worker monitoring was addressed, focusing on Article 4 of the Workers’ Statute and the challenges of metadata. We examined undercover operations in cyberspace introduced by Law 137/2023, as well as the changes brought by Law 90/2024, which strengthened the fight against cybercrime, introduced new regulations on ransomware, and encouraged hacker cooperation.

Cyber Risk and Operational Security

• A significant focus was placed on digital identity security, analyzing common threats such as phishing, credential stuffing, and social engineering. We delved into the concepts of Identification, Authentication, Authorization, and Accounting (IAAA), the importance of Multi-Factor Authentication (MFA), Identity and Access Management (IAM) systems, as well as principles of encryption (symmetric and asymmetric) and digital signatures.
• Incident Response was addressed practically, describing the crucial role of the Incident Response Team (IRT) and the Security Operations Center (SOC). Frameworks such as ISO/IEC 27035 and NIST Incident Response were presented, alongside a real-world example of data breach management. The fundamental role of SIEM (Security Information and Event Management) systems for log aggregation, correlation, and secure storage was highlighted, complemented by XDR and SOAR solutions for automation.
• We learned to manage vulnerabilities as a continuous and proactive process (Vulnerability Management), distinguishing it from Vulnerability Assessment and Penetration Testing. Remediation strategies were discussed, including Patch Management and Compensating Controls for legacy systems.
• The importance of cyber hygiene and five simple rules for safe browsing were shared, emphasizing how human error is often the key factor in successful attacks.

Artificial Intelligence and Resilience

• A broad focus was dedicated to Artificial Intelligence, both as a powerful ally in defense (analysis, detection, vulnerability prioritization) and as a dangerous tool in the hands of criminals (adaptive malware, advanced phishing, deepfakes, prompt injection). We also discussed AI’s implications on fundamental rights and the need for Fundamental Rights Impact Assessments (FRIA) in Public Administration.
• Finally, we explored the concepts of Business Continuity (BC) and Disaster Recovery (DR), which are essential for the resilience of organizations.

It is clear that cybersecurity today goes far beyond the technological aspect, becoming a collective value that requires proactive commitment and collaboration across different areas of expertise. Discussions highlighted the importance of risk management, resilience, and continuous training in addressing emerging threats, including those enhanced by Artificial Intelligence.
We wish to express our sincere gratitude to all participants for the enthusiasm, commitment, and curiosity they demonstrated throughout the training journey. Their involvement was essential in making this an experience of shared growth and exchange.
A heartfelt thank you also goes to Roma Tre University for making this initiative possible and for involving NSR as an active contributor in shaping the professionals of tomorrow. We now look forward to the next edition, with the goal of continuing to build a safer and more aware future in the digital world.