Cybersecurity Management

• Teachers
• Weekly hours
• Competences
• Objectives
• Contents
• Activities
• Teaching methodology
• Evaluation methodology
• Bibliography
• Web links
• Previous capacities

Teachers

Person in charge

• Marc Ruiz Ramírez ( )

Others

• Marc Catrisse i Pérez ( )

Weekly hours

Competences

Technical Competences

Common technical competencies

• CT2 - To use properly theories, procedures and tools in the professional development of the informatics engineering in all its fields (specification, design, implementation, deployment and products evaluation) demonstrating the comprehension of the adopted compromises in the design decisions.
  • CT2.3 - To design, develop, select and evaluate computer applications, systems and services and, at the same time, ensure its reliability, security and quality in function of ethical principles and the current legislation and normative.
• CT3 - To demonstrate knowledge and comprehension of the organizational, economic and legal context where her work is developed (proper knowledge about the company concept, the institutional and legal framework of the company and its organization and management)
  • CT3.5 - To identify the use possibilities and benefits which can be derived from an application in the different business software typologies and existent ICT services.
  • CT3.6 - To demonstrate knowledge about the ethical dimension of the company: in general, the social and corporative responsibility and, concretely, the civil and professional responsibilities of the informatics engineer.
  • CT3.7 - To demonstrate knowledge about the normative and regulation of informatics in a national, European and international scope.
• CT6 - To demonstrate knowledge and comprehension about the internal operation of a computer and about the operation of communications between computers.
  • CT6.1 - To demonstrate knowledge and capacity to manage and maintain computer systems, services and applications.
  • CT6.4 - To demonstrate knowledge and capacity to apply the characteristics, functionalities and structure of the Distributed Systems and Computer and Internet Networks guaranteeing its use and management, as well as the design and implementation of application based on them.
• CT7 - To evaluate and select hardware and software production platforms for executing applications and computer services.
  • CT7.1 - To demonstrate knowledge about metrics of quality and be able to use them.
  • CT7.2 - To evaluate hardware/software systems in function of a determined criteria of quality.
  • CT7.3 - To determine the factors that affect negatively the security and reliability of a hardware/software system, and minimize its effects.
• CT8 - To plan, conceive, deploy and manage computer projects, services and systems in every field, to lead the start-up, the continuous improvement and to value the economical and social impact.
  • CT8.1 - To identify current and emerging technologies and evaluate if they are applicable, to satisfy the users needs.
  • CT8.2 - To assume the roles and functions of the project manager and apply, in the organizations field, the techniques for managing the timing, cost, financial aspects, human resources and risk.

Technical Competences of each Specialization

Information systems specialization

• CSI2 - To integrate solutions of Information and Communication Technologies, and business processes to satisfy the information needs of the organizations, allowing them to achieve their objectives effectively.
  • CSI2.1 - To demonstrate comprehension and apply the management principles and techniques about quality and technological innovation in the organizations.
  • CSI2.3 - To demonstrate knowledge and application capacity of extraction and knowledge management systems .
  • CSI2.4 - To demostrate knowledge and capacity to apply systems based on Internet (e-commerce, e-learning, etc.).
  • CSI2.7 - To manage the presence of the organization in Internet.
• CSI3 - To determine the requirements of the information and communication systems of an organization, taking into account the aspects of security and compliance of the current normative and legislation.
  • CSI3.1 - To demonstrate comprehension of the principles of risks evaluation and apply them correctly when elaborating and executing operation plans.
• CSI1 - To demonstrate comprehension and apply the principles and practices of the organization, in a way that they could link the technical and management communities of an organization, and participate actively in the user training.

Software engineering specialization

• CES1 - To develop, maintain and evaluate software services and systems which satisfy all user requirements, which behave reliably and efficiently, with a reasonable development and maintenance and which satisfy the rules for quality applying the theories, principles, methods and practices of Software Engineering.
  • CES1.2 - To solve integration problems in function of the strategies, standards and available technologies
  • CES1.3 - To identify, evaluate and manage potential risks related to software building which could arise.
  • CES1.9 - To demonstrate the comprehension in management and government of software systems.

Information technology specialization

• CTI1 - To define, plan and manage the installation of the ICT infrastructure of the organization.
  • CTI1.1 - To demonstrate understanding the environment of an organization and its needs in the field of the information and communication technologies.
  • CTI1.2 - To select, design, deploy, integrate and manage communication networks and infrastructures in a organization.
• CTI2 - To guarantee that the ICT systems of an organization operate adequately, are secure and adequately installed, documented, personalized, maintained, updated and substituted, and the people of the organization receive a correct ICT support.
  • CTI2.2 - To administrate and maintain applications, computer systems and computer networks (the knowledge and comprehension levels are described in the common technical competences).
  • CTI2.3 - To demonstrate comprehension, apply and manage the reliability and security of the computer systems (CEI C6).
• CTI3 - To design solutions which integrate hardware, software and communication technologies (and capacity to develop specific solutions of systems software) for distributed systems and ubiquitous computation devices.
  • CTI3.1 - To conceive systems, applications and services based on network technologies, taking into account Internet, web, electronic commerce, multimedia, interactive services and ubiquitous computation.

Computer engineering specialization

• CEC4 - To design, deploy, administrate and manage computer networks, and manage the guarantee and security of computer systems.
  • CEC4.2 - To demonstrate comprehension, to apply and manage the guarantee and security of computer systems.

Transversal Competences

Information literacy

• G6 [Avaluable] - To manage the acquisition, structuring, analysis and visualization of data and information of the field of the informatics engineering, and value in a critical way the results of this management.
  • G6.3 - To plan and use the necessary information for an academic essay (for example, the final project of the grade) using critical reflection about the used information resources. To manage information in a competent, independent and autonomous way. To evaluate the found information and identify its deficiencies.

Objectives

1. Know basic concepts about cyber security, cybercrime, and risk and vulnerability analysis
   Related competences: CTI3.1, G7.1, G9.3, CSI2.3, CSI2.4, G6.3, G3.1, G3.2, CT7.1, CT7.3, CEC4.2, CES1.9, CT3.6, CSI1, CSI2.1, CSI2.7, CSI3.1, G6.2, G7.3, CTI1.1, CTI2.3, CES1.3, CT3.5, CT3.7,
2. Identify different problems and solutions in current, emerging and disruptive technologies
   Related competences: CTI3.1, G7.1, G9.3, CT6.1, CSI2.4, CES1.2, CT8.1, G6.3, G3.1, G3.2, CT6.4, CT7.1, CT7.3, CES1.9, CSI2.7, CSI3.1, G6.2, G7.3, CTI1.1, CTI2.3, CT2.3,
3. Work in a team to carry out the practices
   Related competences: G9.3, G5.3, G6.3, G3.1, G3.2, G5.1, G5.2, G6.2, G7.2, G7.3, G3.3,
4. Successfully complete guided practicals on cyber security
   Related competences: CTI3.1, G9.3, CSI2.3, CES1.2, CTI1.2, CTI2.2, CT8.2, G5.3, G6.3, G3.1, G3.2, CT7.2, G5.1, G5.2, CEC4.2, CSI1, G6.2, G7.2, G7.3, G3.3, CT2.3,

Contents

1. Part 1: Introduction to Cybersecurity Management
   1) Basic concepts of cyber security
   2) Types of attacks and organization of cybercrime
   3) Analysis of risks and vulnerabilities of IT systems
   4) Basic defense tools and procedures
   5) Incidence Response: phases and mechanisms
   6) Electronic identity and privacy management
   7) Education and ethical aspects of cyber security
2. Part 2: Current, emerging and disruptive technologies
   1) IoT systems and secure smart cities
   2) Secure communications networks
   3) Block-chain
   4) Artificial Intelligence (AI) for cybersecurity
   5) Cybersecurity for AI
   6) Quantum computing and communications
   7) Trends in research and innovation in the ecosystem academic
3. Part 3: Practical sessions on cyber security
   1) Trend study and registration of malicious activity in 2024
   2) Vulnerability and risk analysis on available use cases
   3) Education and training in cyber security based on online video games
   4) Deployment of a secure IT network (computing storage connectivity) in a virtualized environment
   5) Deployment of a blockchain system
   6) AI for cybersecurity and cybersecurity for AI
   7) Using generative AI as an attack resource

Activities

Activity Evaluation act

Teaching methodology

Evaluation methodology

Bibliography

Basic:

• Ciberseguretat a Catalunya (2022) La Ciberseguretat a Catalunya : informe tecnològic - ACCIÓ, Generalitat de Catalunya, Centre de Seguretat de la Informació de Catalunya, 2022.
  https://ciberseguretat.gencat.cat/ca/detalls/noticia/Informe-del-sector-de-la-Ciberseguretat-2022
• ENISA Threat Landscape 2023 - ENISA, ENISA, 2024.
  https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
• ENISA Foresight Cybersecurity Threats for 2030 - ENISA, ENISA, 2023.
  https://www.enisa.europa.eu/publications/enisa-foresight-cybersecurity-threats-for-2030

Web links

• Agència de Ciberseguretat de Catalunya website https://ciberseguretat.gencat.cat/ca/inici
• European Union Agency for Cybersecurity (ENISA) website https://www.enisa.europa.eu/
• Instituto Nacional de Ciberseguridad (INCIBE) website https://www.incibe.es/en
• National Institute of Standards and Technology - Cybersecurity website https://www.nist.gov/cybersecurity

Previous capacities