Cybersecurity Management

You are here

Credits
6
Types
Elective
Requirements
This subject has not requirements, but it has got previous capacities
Department
AC
This subject aims to complement the knowledge of cybersecurity of students and encourage collaboration among them in the search for information on different subjects related to computer security, as they should do in their professional activity, to defend the assets of the companies on which they work.

Teachers

Person in charge

  • Manel Medina Llinàs ( )

Others

  • Jaime M. Delgado Merce ( )

Weekly hours

Theory
2
Problems
2
Laboratory
0
Guided learning
0.4
Autonomous learning
3

Competences

Technical Competences

Common technical competencies

  • CT2 - To use properly theories, procedures and tools in the professional development of the informatics engineering in all its fields (specification, design, implementation, deployment and products evaluation) demonstrating the comprehension of the adopted compromises in the design decisions.
    • CT2.3 - To design, develop, select and evaluate computer applications, systems and services and, at the same time, ensure its reliability, security and quality in function of ethical principles and the current legislation and normative.
    • CT2.4 - To demonstrate knowledge and capacity to apply the needed tools for storage, processing and access to the information system, even if they are web-based systems.
    • CT2.5 - To design and evaluate person-computer interfaces which guarantee the accessibility and usability of computer systems, services and applications.
  • CT3 - To demonstrate knowledge and comprehension of the organizational, economic and legal context where her work is developed (proper knowledge about the company concept, the institutional and legal framework of the company and its organization and management)
    • CT3.3 - To be able to find and interpret basic information for evaluating the economic environment of the organization.
    • CT3.4 - To know the basic financial concepts which allow valuing the costs and benefits of a project or different alternatives, monitor a budget, control the cost, etc.
    • CT3.6 - To demonstrate knowledge about the ethical dimension of the company: in general, the social and corporative responsibility and, concretely, the civil and professional responsibilities of the informatics engineer.
    • CT3.7 - To demonstrate knowledge about the normative and regulation of informatics in a national, European and international scope.
  • CT6 - To demonstrate knowledge and comprehension about the internal operation of a computer and about the operation of communications between computers.
    • CT6.4 - To demonstrate knowledge and capacity to apply the characteristics, functionalities and structure of the Distributed Systems and Computer and Internet Networks guaranteeing its use and management, as well as the design and implementation of application based on them.
  • CT7 - To evaluate and select hardware and software production platforms for executing applications and computer services.
    • CT7.1 - To demonstrate knowledge about metrics of quality and be able to use them.
    • CT7.2 - To evaluate hardware/software systems in function of a determined criteria of quality.
    • CT7.3 - To determine the factors that affect negatively the security and reliability of a hardware/software system, and minimize its effects.
  • CT8 - To plan, conceive, deploy and manage computer projects, services and systems in every field, to lead the start-up, the continuous improvement and to value the economical and social impact.
    • CT8.1 - To identify current and emerging technologies and evaluate if they are applicable, to satisfy the users needs.

Technical Competences of each Specialization

Information systems specialization

  • CSI2 - To integrate solutions of Information and Communication Technologies, and business processes to satisfy the information needs of the organizations, allowing them to achieve their objectives effectively.
    • CSI2.1 - To demonstrate comprehension and apply the management principles and techniques about quality and technological innovation in the organizations.
    • CSI2.3 - To demonstrate knowledge and application capacity of extraction and knowledge management systems .
    • CSI2.4 - To demostrate knowledge and capacity to apply systems based on Internet (e-commerce, e-learning, etc.).
    • CSI2.6 - To demonstrate knowledge and capacity to apply decision support and business intelligence systems.
    • CSI2.7 - To manage the presence of the organization in Internet.
  • CSI3 - To determine the requirements of the information and communication systems of an organization, taking into account the aspects of security and compliance of the current normative and legislation.
    • CSI3.1 - To demonstrate comprehension of the principles of risks evaluation and apply them correctly when elaborating and executing operation plans.
  • CSI1 - To demonstrate comprehension and apply the principles and practices of the organization, in a way that they could link the technical and management communities of an organization, and participate actively in the user training.

Software engineering specialization

  • CES1 - To develop, maintain and evaluate software services and systems which satisfy all user requirements, which behave reliably and efficiently, with a reasonable development and maintenance and which satisfy the rules for quality applying the theories, principles, methods and practices of Software Engineering.
    • CES1.2 - To solve integration problems in function of the strategies, standards and available technologies
    • CES1.3 - To identify, evaluate and manage potential risks related to software building which could arise.
    • CES1.9 - To demonstrate the comprehension in management and government of software systems.

Information technology specialization

  • CTI2 - To guarantee that the ICT systems of an organization operate adequately, are secure and adequately installed, documented, personalized, maintained, updated and substituted, and the people of the organization receive a correct ICT support.
    • CTI2.3 - To demonstrate comprehension, apply and manage the reliability and security of the computer systems (CEI C6).
  • CTI3 - To design solutions which integrate hardware, software and communication technologies (and capacity to develop specific solutions of systems software) for distributed systems and ubiquitous computation devices.
    • CTI3.1 - To conceive systems, applications and services based on network technologies, taking into account Internet, web, electronic commerce, multimedia, interactive services and ubiquitous computation.

Computer engineering specialization

  • CEC4 - To design, deploy, administrate and manage computer networks, and manage the guarantee and security of computer systems.
    • CEC4.2 - To demonstrate comprehension, to apply and manage the guarantee and security of computer systems.

Transversal Competences

Information literacy

  • G6 [Avaluable] - To manage the acquisition, structuring, analysis and visualization of data and information of the field of the informatics engineering, and value in a critical way the results of this management.
    • G6.3 - To plan and use the necessary information for an academic essay (for example, the final project of the grade) using critical reflection about the used information resources. To manage information in a competent, independent and autonomous way. To evaluate the found information and identify its deficiencies.

Objectives

  1. Know the cybersecurity Market
    Related competences: CT8.1, G6.3, CT6.4, CT7.3, CSI3.1, G6.2, CT3.7, CT2.3,
  2. Identify the different cybersecurity problems of companies and know the applicable solutions
    Related competences: CTI3.1, CSI2.3, CSI2.4, CSI2.6, CES1.2, CT8.1, CT6.4, CT7.1, CT7.2, CT7.3, CEC4.2, CES1.9, CT2.5, CT3.3, CT3.6, CSI1, CSI2.1, CSI2.7, CSI3.1, CTI2.3, CES1.3, CT2.4, CT3.4, CT2.3,
  3. Work in group and write reports and do presentations in the classroom
    Related competences: CT8.1, G6.3, CSI2.7, G6.2,

Contents

  1. Topics: 1. Prevention and Response to cybersecurity incidents
    1) Monitoring

    2) Indormation Gathering and cyber-intelligence

    3) Incident response: Exchange of information and evidence

    4) Cloud computing security

    5) Implementation

  2. 2. Cybersecurity to emerging technologies
    1) Federation of identities

    2) Blockchain

    3) IoT

    4) ICS / SCADA

    5) Quantum Computing

  3. 3. Governance of cybersecurity
    1) Government: Employees management, BYOD, policies and practices

    2) Privacy and identity theft in social networks

    3) E-commerce insurance: anti-fraud payment cards, intermediaries.


    4) Cybercrime economy

    5) Regulations and legislation
    Methodology:

Activities

Activity Evaluation act


Attendance to lectures and bibliographic research work Topic 1

Presentation of the problems and solutions of cybersecurity for each one of the subjects of the subject. The presentation will be based on documentation available on the Internet about the latest trends in each topic 1. Students will have to make a research of additional information about the topic
  • Theory: All proposed topics
  • Problems: presentation in the class room
  • Autonomous learning: Bibliographic research work
Objectives: 1 2
Contents:
Theory
9h
Problems
5h
Laboratory
0h
Guided learning
0h
Autonomous learning
9h

Test 1: 1: Incident response and prevention

Control of 15 test questions on the topics presented and debated in class.

Week: 6
Type: theory exam
Theory
1h
Problems
0h
Laboratory
0h
Guided learning
0h
Autonomous learning
6h

Test 2. Cybersecurity in emerging technologies

Control of 15 test questions on the topics presented and debated in class.

Week: 11
Type: theory exam
Theory
1h
Problems
0h
Laboratory
0h
Guided learning
0h
Autonomous learning
6h

Test 3. Cybersecurity Governance

Control of 15 test questions on the topics presented and debated in class.

Week: 15
Type: theory exam
Theory
1h
Problems
0h
Laboratory
0h
Guided learning
0h
Autonomous learning
6h

Oral Presentation

Oral presentations in class of the work done in a group by the students
  • Problems: Preparation in group of two presentations of 10 transparencies each on one of the topics proposed in the syllabus. Presentations in class
  • Guided learning: Preparation of the transparencies based on the research work
Objectives: 1 3
Theory
0h
Problems
15h
Laboratory
0h
Guided learning
6h
Autonomous learning
0h

Attendance lectures and writing report linked to Topic 2

Same as topic 1
  • Theory: Same as topic 1
  • Problems: Same as topic 1
  • Autonomous learning: Same as topic 1
Objectives: 1 2
Contents:
Theory
9h
Problems
5h
Laboratory
0h
Guided learning
0h
Autonomous learning
9h

Attend lectures and write report related to topic 3

Same as topic 1
  • Theory: Same as topic 1
  • Problems: Same as topic 1
  • Autonomous learning: Same as topic 1
Objectives: 1 2
Contents:
Theory
9h
Problems
5h
Laboratory
0h
Guided learning
0h
Autonomous learning
9h

Teaching methodology

The subject will be lectured based on the organization of a teaching model that will be repeated for each of the proposed subjects:
1. Introduction of cybersecurity problems and existing solutions by the teacher, and in some cases by a guest expert.
2. Complementary presentation by a group of students about a specific aspect related to the subject.
3. Discussion in class about recent publications that explain cybersecurity incidents or trends in specific tools or strategies to address cybersecurity issues related to this topic.

Evaluation methodology

The final grade of the subject is calculated as:

• 30% research works
• 25% Oral presentations of the work
• 45% Continuous evaluation controls (15% each control)

The transversal competence is evaluated from the research works.

Process details:
There will be 2 or 3 multiple answers choices tests during the course, that will count 45% of the final grade.
The students will have to build groups to collaborate in the preparation of 2 research works, each of which will be both: presented at the classroom (or virtually if needed), and submitted in a written report.
On some of the topics addressed at the lectures, the students will be asked to do write a draft implementation of the concepts described in the lecture, that will be collected at the end of the lecture.

Bibliography

Basic:

Complementary:

Previous capacities

Basic knowledge of operating systems, network architectures, information systems architecture.

Addendum

Contents

NO SIGNIFICANT CHANGES WITH RESPECT TO THE TEACHING GUIDE

Teaching methodology

NO SIGNIFICANT CHANGES WITH RESPECT TO THE TEACHING GUIDE, other than doing lectures through recorded videos of the lectures, and reserving the scheduled lecture time for questions and evaluations.

Evaluation methodology

NO CHANGE IN THE EVALUATION METHOD WITH RESPECT TO THE TEACHING GUIDE, except on the fact that the presentations of research work will be made using G-Suit Meet facility, and evaluation tests will be made with G-Suit Forms, also on-line.

Contingency plan

In the event that teaching cannot be carried out in person, all classes will be taught remotely.