Checking date: 20/06/2022

Course: 2022/2023

Information security management
Study: Bachelor in Security Engineering (272)

Coordinating teacher: RIBAGORDA GARNACHO, ARTURO

Department assigned to the subject: Department of Computer Science and Engineering

Type: Compulsory
ECTS Credits: 6.0 ECTS


Requirements (Subjects that are assumed to be known)
Mathematics, Statistics and Computer Module I (Basic Training), the material (subject) of Statistics (Operations Research) Module III (Fundamentals of Engineering) and the Technical subjects hiding information and Vulnerability, threats and computer security protocols.
- Know how information security is managed in the State and the National Cybersecurity Strategy. - Understand de jure and de facto standardization schemes, international, European and national. - Master the ISO / IEC 27000, 27001 and 27002 standards for Information Security Management Systems. - Be able to design a security plan, developing the different parts of it, evaluating its compliance over time and correcting its deviations. - Analyze and manage the risks of a specific installation. - Prepare a comprehensive recovery plan for a real facility. - Master the classification schemes of Spanish, European and NATO information, as well as its maintenance and decalcification. - Understand the criteria and standards of evaluation and certification of the security of ICT systems and products and the ORDER PRE / 2740/2007 by which the National Scheme of Evaluation and Certification of Security is approved. - Carry out a compliance audit of the files and systems containing personal data. - Know the legal framework that regulates information security
Skills and learning outcomes
Description of contents: programme
1. The administration and organization of cybersecurity in public administrations. 2. standardization, evaluation, certification and accreditation. Legal framework. 3. The information security management system. ISO 27XXX family. 4. Comprehensive Security Plan. 5. Analysis and risk management. The MAGERIT method. The PILAR tool. 6. Training programs and awareness. 7. Classification of information. 8. Evaluation and safety certification. 9. Audit security management and personal data. 10. Legal aspects related to security management.
Learning activities and methodology
Training activities include: Master classes. To facilitate their development, students will receive class presentations in the appropriate web tool and will have basic reference texts that allow them to complete and deepen the most important topics. Practices, individual or group tutorials and personal work of the student, including tests and exams. All this oriented to the acquisition of practical skills related to the program of the subject.
Assessment System
  • % end-of-term-examination 40
  • % of continuous assessment (assigments, laboratory, practicals...) 60
Calendar of Continuous assessment
Basic Bibliography
  • Autoridad delegada para la protección de la información clasificada. Normas de la Autoridad nacional para a protección de la información clasificada. Ministerio de la Presidencia. 2012
  • C.M. Fernández Sánchez y M. Piattini Velthuis .. Modelo para el gobierno de las TIC basado en las normas ISO. AENOR. 2012
  • Departamento de Seguridad Nacional. Estrategia Nacional de Ciberseguridad. Ministerio de la Presidencia, reacciones con las Cortes e igualdad. 2019
  • L. Gómez Fernández; P.P. Fernández Rivero. Como implantar un SGSI según UNE-ISI/IEC 27001:2014 y su aplicación en el ENS. AENOR. 2015
  • . NORMA UNE-EN ISO/IEC 27000. UNE. 2019
  • . NORMA UNE-EN ISO/IEC 27001. UNE. 2017
  • . NORMA UNE-EN ISO/IEC 27002. UNE. 2017
Recursos electrónicosElectronic Resources *
Detailed subject contents or complementary information about assessment system of B.T.
(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN

The course syllabus may change due academic events or other reasons.

More information: