The main goal of this subject is to make students aware of the complexity of ensuring security principles in today IT systems and architectures. Only by understanding IT security from an engineering point view, as a multidisciplinary subject, we can design and develop secure IT systems needed in modern societies. The student will acquire the necessary skills to design and plan global security solutions. Students will also become familiar with the different security mechanisms, their life cycle and cost. Finally, students must know the main laws and regulations that govern this matter.
In order to achieve these goals, students must acquire specific knowledge, capacities and attitudes:
Regarding knowledge, at the end of the course the student will be able to:
- Understand the concept of security as a complex process covering different areas and disciplines, aware of the fact that a system is as secure as its weakest component.
- Know in depth the security evaluation norms and certification procedures.
- Understand the specific risks regarding distributed systems and in particular the Internet.
- Identify physical threats and the corresponding countermeasures.
- Identify the different components of a security plan.
- Get to know the life cycle of a security plan and the feedback-based paradigms used.
- To learn the legal regulation of information security on the national, European and international scales.
With regard to capacities, the students will acquire specific and generic capacities.
Regarding specific capacities, the student will be able to:
- Analyze security protocols and manage security risks, mainly concerning distributed systems. (PO: a,b)
- Evaluate the possibility to implement one or another security mechanism depending on the security risk assessment. (PO: b, c, e)
- Create a complete security plan managing all the appropriate security measures. (PO: a, c, e, f)
Regarding generic capacities and skills, the student will be given the opportunity:
- To work on a specific system, in a particular environment, to investigate vulnerabilities and possible threats. (PO: b, e)
- To study and identify the necessary information to solve a particular security problem. (PO: b, c, e)
- Apply multi-disciplinal knowledge (technical, organizational and legal) for the resolution of a particular problem. (PO: c, e, f)
Regarding attitudes, the student will be encouraged to:
- Adopt a critical view over traditional, ad-hoc security systems based on the accumulation of security equipment, without ever conducting a formal analysis for the development of a global solution. (PO: i, j, k)
- Develop the collaborative skills to be able to obtain, from security IT managers, the necessary information about a system to analyze and assess risk, and to communicate the proposed solutions. (PO: d, f, g)
- A positive attitude towards team working, to coordinate different points of view and opinions, in search of global secure systems. (PO: d, f)
- A positive attitude towards the laws that affect the implementation of systems and security products.