Checking date: 03/12/2021


Course: 2021/2022

Cibersecurity Engineering applied to information sytems
(18200)
Study: Dual Bachelor in Computer Science and Engineering, and Business Administration (233)


Coordinating teacher: ESTEVEZ TAPIADOR, JUAN MANUEL

Department assigned to the subject: Department of Computer Science and Engineering

Type: Compulsory
ECTS Credits: 6.0 ECTS

Course:
Semester:




Requirements (Subjects that are assumed to be known)
Criptography and Information Security (Year 3, Semester 1) Computer Networks (Year 3, Semester 1) Operating Systems (Year 2, Semester 2)
Skills and learning outcomes
Description of contents: programme
1. Introduction to Cybersecurity 1.1. What is cybersecurity? 1.2. The CIA Triad 1.3. Vulnerabilities, Threats, Risks, and Controls 1.4. Adversaries 1.5. Design Principles 1.6. Research Areas in Cybersecurity 2. Authentication 2.1. User Authentication 2.2. Authentication Factors 2.3. Passwords and Password Managers 2.4. Biometric Authentication 2.5. Federated Identity 3. Access Control 3.1. The Protection Problem 3.2. Access Control Models 3.3. Access Control in Linux (I): Credentials and the Permission System: 3.4. Access Control in Linux (II): POSIX ACLs and Capabilities 4. Network Security 4.1. Communication Security 4.2. TCP/IP Security 4.3. Network Discovery and Scanning 4.4. Web Security 4.5. Firewalls 4.6. Intrusion Detection Systems 5. Security Protocols: TLS 5.1. History and Design Goals. 5.2. The Handshake Protocol 5.3. The Record Protocol 5.4. Interception and Certificate Pining 6. Vulnerabilities 6.1. Vulnerability Types 6.2. Numbering (CVE) and Metrics (CVSS) 6.3. Life Cycle of a Vulnerability 7. Malware 7.1. Malicious Code 7.2. Types 7.3. Payloads, Propagation and Activation 7.4. Case Studies 8. Cybersecurity Regulation 8.1. Regulation in the US 8.2. Regulation in the EU 8.3. Privacy Regulation
Learning activities and methodology
The teaching methodology includes: 1. Lectures to present the knowledge base that students must acquire. Students will be provided with the lecture notes used in class along with additional documents and basic text references to help in the study of the topics covered. (2 ECTS) 2. Practical lectures, where the students will have to solve exercises and quizzes. (1 ECTS) 3. Discussion of real cases to illustrate concepts and techniques introduced during the lectures. (1 ECTS) 4. Lab sessions in computer labs, where the students will learn techniques and develop skills in the use of cybersecurity tools, including binary analysis, distributed systems security and network security. (2 ECTS)
Assessment System
  • % end-of-term-examination 40
  • % of continuous assessment (assigments, laboratory, practicals...) 60
Calendar of Continuous assessment
Basic Bibliography
  • Ross J. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems (2nd Edition). Wiley.

The course syllabus may change due academic events or other reasons.