Ficha

Versión en español

Course: 2025/2026

Persistent Threats and Information Leakage

(12401)

Master in Cybersecurity (Plan: 325 - Estudio: 288)

EPI

Coordinating teacher: FUENTES GARCIA ROMERO DE TEJADA, JOSE MARIA DE

Department assigned to the subject: Computer Science and Engineering Department

Type: Electives

ECTS Credits: 3.0 ECTS

Course: 1º

Semester: 2º

Requirements (Subjects that are assumed to be known)

None.

Objectives

Understand the foundations of Advanced Persistent Threats (APTs) and their associated techniques (e.g., advanced command and control, persistency mechanisms, etc.). Knowing the type of information and defense mechanisms deployed in a system, explain the impact of different threats and intrusions and, in particular, information leaks. Explain the mechanisms that can be used to conceal an intrusion in a system.

Learning Outcomes

Link to document

Description of contents: programme

Persistent threats and information leakage: 1. Persistent threats 1.1. Persistent techniques in compromised systems 1.2. APTs. Definitions, description and analysis. Current trends. 1.3. Advanced Command and Control Techniques 1.4. Stealthiness and evasion mechanisms. 2. Covert channels. Steganography and steganalysis 2.1. Science of steganography definition. History 2.2. Steganographic system classification. Security evaluation 2.3. Modern steganography 2.4. Modern steganalysis

Learning activities and methodology

LEARNING ACTIVITIES Theoretical lectures Practical lectures Mixed theoretical and practical lectures Laboratory practices Tutoring sessions Teamwork Individual work by the student LEARNING METHODOLOGY Lectures by means of audiovisual media and computes. The main concepts will be exposed and bibliography will be provided to complete the students learning. Critical reading of recommended texts provided by the teacher: Press articles, reports, manuals, academic papers, etc. A further discussion can be done in class or it can be considered a way to consolidate and expand the knowledge on the subject. Practical case resolution, problems, etc. They can be assigned by the teacher in a team or individual manner Report assignments that can be done either individually or in group

Assessment System

% end-of-term-examination/test 30
% of continuous assessment (assigments, laboratory, practicals...) 70

Calendar of Continuous assessment

The assessment may be continuous assessment or non-continuous assessment:

Ordinary sitting - continuous assessment only:
· End of term examination (30% of the final mark)
- A minimum grade of 4.0 is mandatory to pass the subject
· Periodical assignments (70% of the final mark)
A set of individual or in-groups assignments will be proposed. All of them have to be handed-in. They will be presented orally. Students must also carry out a critical analysis on the works presented by their peers. 

Extraordinary sitting 
In the extraordinary sitting, the following rules apply:
 
a. If the student followed the continuous assessment method, the exam will have the same relative weight as in the ordinary sitting. The mark of the continuous evaluation is kept.
b. Otherwise, students will have an exam counting for 100% of the final mark. This exam may contain questions related to the proposed assignments. Assignments cannot be re-delivered in this sitting.

Basic Bibliography

Eric Cole. Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization. Syngress. 2012
Shabtai, Asaf, Elovici, Yuval, Rokach, Lior. A Survey of Data Leakage Detection and Prevention Solutions. Springer. 2012
Thales and Verint. The cyberthreat handbook. Thales. 2019

Electronic Resources *

George Silowash, Christopher King · Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources : http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=34008
ThaiCert · Threat Group Cards: A Threat Actor Encyclopedia 2.0 : https://apt.thaicert.or.th/cgi-bin/aptgroups.cgi
Thales group and Verint · The Cyberthreat handbook : https://thalesgroup-myfeed.com/THECYBERTHREATHANDBOOK

Additional Bibliography

ISACA. Advanced Persistent Threats: How To Manage The Risk To Your Business . ISACA. 2015

(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN

The course syllabus may change due academic events or other reasons.