Cybersecurity Management

Credits
6
Types
  • GIA: Elective
  • GRAU: Elective
  • GCED: Elective
Requirements
This subject has not requirements , but it has got previous capacities
Department
AC
Mail
marc.ruiz-ramirez@upc.edu
This subject aims to provide elementary knowledge and resources on cyber security aimed at training IT engineering professionals with a broad base on good practices when it comes to protecting IT systems, mitigating vulnerabilities, and preventing risks The subject combines theory sessions with guided practices aimed at achieving basic skills in cyber security.

Teachers

Person in charge

Others

Weekly hours

Theory
2
Problems
0
Laboratory
2
Guided learning
0
Autonomous learning
6

Competences

Technical Competences

Common technical competencies

  • CT2 - To use properly theories, procedures and tools in the professional development of the informatics engineering in all its fields (specification, design, implementation, deployment and products evaluation) demonstrating the comprehension of the adopted compromises in the design decisions.
    • CT2.3 - To design, develop, select and evaluate computer applications, systems and services and, at the same time, ensure its reliability, security and quality in function of ethical principles and the current legislation and normative.
  • CT3 - To demonstrate knowledge and comprehension of the organizational, economic and legal context where her work is developed (proper knowledge about the company concept, the institutional and legal framework of the company and its organization and management)
    • CT3.5 - To identify the use possibilities and benefits which can be derived from an application in the different business software typologies and existent ICT services.
    • CT3.6 - To demonstrate knowledge about the ethical dimension of the company: in general, the social and corporative responsibility and, concretely, the civil and professional responsibilities of the informatics engineer.
    • CT3.7 - To demonstrate knowledge about the normative and regulation of informatics in a national, European and international scope.
  • CT6 - To demonstrate knowledge and comprehension about the internal operation of a computer and about the operation of communications between computers.
    • CT6.1 - To demonstrate knowledge and capacity to manage and maintain computer systems, services and applications.
    • CT6.4 - To demonstrate knowledge and capacity to apply the characteristics, functionalities and structure of the Distributed Systems and Computer and Internet Networks guaranteeing its use and management, as well as the design and implementation of application based on them.
  • CT7 - To evaluate and select hardware and software production platforms for executing applications and computer services.
    • CT7.1 - To demonstrate knowledge about metrics of quality and be able to use them.
    • CT7.2 - To evaluate hardware/software systems in function of a determined criteria of quality.
    • CT7.3 - To determine the factors that affect negatively the security and reliability of a hardware/software system, and minimize its effects.
  • CT8 - To plan, conceive, deploy and manage computer projects, services and systems in every field, to lead the start-up, the continuous improvement and to value the economical and social impact.
    • CT8.1 - To identify current and emerging technologies and evaluate if they are applicable, to satisfy the users needs.
    • CT8.2 - To assume the roles and functions of the project manager and apply, in the organizations field, the techniques for managing the timing, cost, financial aspects, human resources and risk.

    • Technical Competences of each Specialization

    Information systems specialization

  • CSI2 - To integrate solutions of Information and Communication Technologies, and business processes to satisfy the information needs of the organizations, allowing them to achieve their objectives effectively.
    • CSI2.1 - To demonstrate comprehension and apply the management principles and techniques about quality and technological innovation in the organizations.
    • CSI2.3 - To demonstrate knowledge and application capacity of extraction and knowledge management systems .
    • CSI2.4 - To demostrate knowledge and capacity to apply systems based on Internet (e-commerce, e-learning, etc.).
    • CSI2.7 - To manage the presence of the organization in Internet.
  • CSI3 - To determine the requirements of the information and communication systems of an organization, taking into account the aspects of security and compliance of the current normative and legislation.
    • CSI3.1 - To demonstrate comprehension of the principles of risks evaluation and apply them correctly when elaborating and executing operation plans.
  • CSI1 - To demonstrate comprehension and apply the principles and practices of the organization, in a way that they could link the technical and management communities of an organization, and participate actively in the user training.

    • Software engineering specialization

  • CES1 - To develop, maintain and evaluate software services and systems which satisfy all user requirements, which behave reliably and efficiently, with a reasonable development and maintenance and which satisfy the rules for quality applying the theories, principles, methods and practices of Software Engineering.
    • CES1.2 - To solve integration problems in function of the strategies, standards and available technologies
    • CES1.3 - To identify, evaluate and manage potential risks related to software building which could arise.
    • CES1.9 - To demonstrate the comprehension in management and government of software systems.

    • Information technology specialization

  • CTI1 - To define, plan and manage the installation of the ICT infrastructure of the organization.
    • CTI1.1 - To demonstrate understanding the environment of an organization and its needs in the field of the information and communication technologies.
    • CTI1.2 - To select, design, deploy, integrate and manage communication networks and infrastructures in a organization.
  • CTI2 - To guarantee that the ICT systems of an organization operate adequately, are secure and adequately installed, documented, personalized, maintained, updated and substituted, and the people of the organization receive a correct ICT support.
    • CTI2.2 - To administrate and maintain applications, computer systems and computer networks (the knowledge and comprehension levels are described in the common technical competences).
    • CTI2.3 - To demonstrate comprehension, apply and manage the reliability and security of the computer systems (CEI C6).
  • CTI3 - To design solutions which integrate hardware, software and communication technologies (and capacity to develop specific solutions of systems software) for distributed systems and ubiquitous computation devices.
    • CTI3.1 - To conceive systems, applications and services based on network technologies, taking into account Internet, web, electronic commerce, multimedia, interactive services and ubiquitous computation.

    • Computer engineering specialization

  • CEC4 - To design, deploy, administrate and manage computer networks, and manage the guarantee and security of computer systems.
    • CEC4.2 - To demonstrate comprehension, to apply and manage the guarantee and security of computer systems.

    • Transversal Competences

    Information literacy

  • G6 [Avaluable] - To manage the acquisition, structuring, analysis and visualization of data and information of the field of the informatics engineering, and value in a critical way the results of this management.
    • G6.3 - To plan and use the necessary information for an academic essay (for example, the final project of the grade) using critical reflection about the used information resources. To manage information in a competent, independent and autonomous way. To evaluate the found information and identify its deficiencies.

    • Objectives

    1. Know basic concepts about cyber security, cybercrime, and risk and vulnerability analysis
      Related competences: G3.1, G3.2, G6.2, G6.3, G7.1, G7.3, G9.3, CT3.5, CT3.6, CT3.7, CT7.1, CT7.3, CEC4.2, CES1.3, CES1.9, CSI1, CSI2.1, CSI2.3, CSI2.4, CSI2.7, CSI3.1, CTI1.1, CTI2.3, CTI3.1,
    2. Identify different problems and solutions in current, emerging and disruptive technologies
      Related competences: G3.2, G6.2, G6.3, G7.1, G7.3, G9.3, CT2.3, CT6.1, CT6.4, CT7.1, CT7.3, G3.1, CT8.1, CES1.2, CES1.9, CSI2.4, CSI2.7, CSI3.1, CTI1.1, CTI2.3, CTI3.1,
    3. Work in a team to carry out the practices
      Related competences: G3.2, G3.3, G5.1, G5.2, G5.3, G6.2, G6.3, G7.2, G7.3, G9.3, G3.1,
    4. Successfully complete guided practicals on cyber security
      Related competences: G3.2, G3.3, G3.1, G5.1, G5.2, G5.3, G6.2, G6.3, G7.2, G7.3, G9.3, CT2.3, CT7.2, CT8.2, CEC4.2, CES1.2, CSI1, CSI2.3, CTI1.2, CTI2.2, CTI3.1,

    Contents

    1. Part 1: Introduction to Cybersecurity Management
      1) Basic concepts of cyber security
      2) Types of attacks and organization of cybercrime
      3) Analysis of risks and vulnerabilities of IT systems
      4) Basic defense tools and procedures
      5) Incidence Response: phases and mechanisms
      6) Electronic identity and privacy management
      7) Education and ethical aspects of cyber security
    2. Part 2: Current, emerging and disruptive technologies
      1) IoT systems and secure smart cities
      2) Secure communications networks
      3) Block-chain
      4) Artificial Intelligence (AI) for cybersecurity
      5) Cybersecurity for AI
      6) Quantum computing and communications
      7) Trends in research and innovation in the ecosystem academic
    3. Part 3: Practical sessions on cyber security
      1) Trend study and registration of malicious activity in 2024
      2) Vulnerability and risk analysis on available use cases
      3) Education and training in cyber security based on online video games
      4) Deployment of a secure IT network (computing storage connectivity) in a virtualized environment
      5) Deployment of a blockchain system
      6) AI for cybersecurity and cybersecurity for AI
      7) Using generative AI as an attack resource

    Activities

    Activity Evaluation act


    Class attendance Part 1

    Attendance to Part 1 theory sessions on Cyber ¿¿Security Basics, Cybercrime, and Risk and Vulnerability Analysis
    • Theory: All proposed topics
    • Autonomous learning: Bibliographic research work and study for assessment tests
    Objectives: 1
    Contents:
    Theory
    14h
    Problems
    0h
    Laboratory
    0h
    Guided learning
    0h
    Autonomous learning
    15h

    Test Part 1

    Quiz of test questions on the topics presented and debated in class.
    Objectives: 1
    Week: 7
    Theory
    0h
    Problems
    0h
    Laboratory
    0h
    Guided learning
    0h
    Autonomous learning
    0h

    Class attendance Part 2

    Attendance to part 2 theory sessions on current, emerging and disruptive technologies
    • Theory: Same as topic 1
    • Problems: Same as topic 1
    • Autonomous learning: Same as topic 1
    Objectives: 2
    Contents:
    Theory
    14h
    Problems
    0h
    Laboratory
    0h
    Guided learning
    0h
    Autonomous learning
    15h

    Test Part 2

    Quiz of test questions on the topics presented and debated in class.
    Objectives: 2
    Week: 14
    Theory
    0h
    Problems
    0h
    Laboratory
    0h
    Guided learning
    0h
    Autonomous learning
    0h

    Laboratory sessions

    Practical sessions of the different topics covered in the subject, and which are related to the theory blocks Part 1 and Part 2
    • Laboratory: Realization of the guided practices and evaluation tests
    • Autonomous learning: Preparation and continuation of practices done in class and preparation of evaluable assignments
    Objectives: 3 4
    Contents:
    Theory
    0h
    Problems
    0h
    Laboratory
    30h
    Guided learning
    0h
    Autonomous learning
    30h

    Teaching methodology

    1) Theory sessions: presentations of each of the lessons will be provided at the beginning of each session. These sessions will combine explanations by the teachers with small exercises and discussions in order to introduce and/or deepen on some of the aspects related to the lessons.

    2) Laboratory sessions: there will be groups of 3/4 students who will do the practices as a team. The practices will have a variable duration between 1 to 3 weeks, and each of them will be evaluated by delivering a practice through RACO. The delivery date of each of the practices will be calculated in order to allow all groups to finish it (if necessary) after the classroom sessions, as part of the student's self-learning time.

    Evaluation methodology

    The final grade of the subject is calculated:

    • 50% Theory controls (25% each control)
    • 50% Practice deliverables

    Specific EVALUATION procedures:

    There will be 2 tests with multiple choice questions during the course, which will count for 50% of the final grade (25% each).

    The students will have to form groups of 3/4 to do the practicals, which will count for 50% of the grade. There will be a number to be determined of deliveries (between 5 and 7 deliveries) and each of them will count for the same proportion of mark.

    Bibliography

    Basic

    Web links

    Previous capacities

    Basic knowledge of operating systems, network architectures, information systems architecture.