Ficha

Versión en español

Course: 2023/2024

Information security management

(16359)

Bachelor in Security Engineering (Plan: 282 - Estudio: 272)

Coordinating teacher: GONZALEZ-TABLAS FERRERES, ANA ISABEL

Department assigned to the subject: Computer Science and Engineering Department

Type: Compulsory

ECTS Credits: 6.0 ECTS

Course: 4º

Semester: 1º

Requirements (Subjects that are assumed to be known)

Mathematics, Statistics and Computer Module I (Basic Training), the material (subject) of Statistics (Operations Research) Module III (Fundamentals of Engineering) and the Technical subjects hiding information and Vulnerability, threats and computer security protocols.

Objectives

- Know how information security is managed in the State and the National Cybersecurity Strategy. - Understand de jure and de facto standardization schemes, international, European and national. - Master the ISO / IEC 27000, 27001 and 27002 standards for Information Security Management Systems. - Be able to design a security plan, developing the different parts of it, evaluating its compliance over time and correcting its deviations. - Analyze and manage the risks of a specific installation. - Prepare a comprehensive recovery plan for a real facility. - Master the classification schemes of Spanish, European and NATO information, as well as its maintenance and decalcification. - Understand the criteria and standards of evaluation and certification of the security of ICT systems and products and the ORDER PRE / 2740/2007 by which the National Scheme of Evaluation and Certification of Security is approved. - Carry out a compliance audit of the files and systems containing personal data. - Know the legal framework that regulates information security

Skills and learning outcomes

Link to document

Description of contents: programme

1. The administration and organization of cybersecurity in public administrations. 2. standardization, evaluation, certification and accreditation. Legal framework. 3. The information security management system. ISO 27XXX family. 4. Comprehensive Security Plan. 5. Analysis and risk management. The MAGERIT method. The PILAR tool. 6. Training programs and awareness. 7. Classification of information. 8. Evaluation and safety certification. 9. Audit security management and personal data. 10. Legal aspects related to security management.

Learning activities and methodology

Training activities include: Master classes. To facilitate their development, students will receive class presentations in the appropriate web tool and will have basic reference texts that allow them to complete and deepen the most important topics. Practices, individual or group tutorials and personal work of the student, including tests and exams. All this oriented to the acquisition of practical skills related to the program of the subject.

Assessment System

Questionnaires of theory: 15%
Practical work: 25%
Midterm Exam (non-releasing) : 20%
Final written exam in which the knowledge, skills and abilities acquired throughout the course will be evaluated globally: 40%. Attending the final exam is compulsory, and the student should get at least 40% of the maximum marks in the exam to be able to pass the unit.

% end-of-term-examination 40
% of continuous assessment (assigments, laboratory, practicals...) 60

Calendar of Continuous assessment

Basic Bibliography

Autoridad delegada para la protección de la información clasificada. Normas de la Autoridad nacional para a protección de la información clasificada. Ministerio de la Presidencia. 2012
C.M. Fernández Sánchez y M. Piattini Velthuis .. Modelo para el gobierno de las TIC basado en las normas ISO. AENOR. 2012
Departamento de Seguridad Nacional. Estrategia Nacional de Ciberseguridad. Ministerio de la Presidencia, reacciones con las Cortes e igualdad. 2019
L. Gómez Fernández; P.P. Fernández Rivero. Como implantar un SGSI según UNE-ISI/IEC 27001:2014 y su aplicación en el ENS. AENOR. 2015
. NORMA UNE-EN ISO/IEC 27000. UNE. 2019
. NORMA UNE-EN ISO/IEC 27001. UNE. 2017
. NORMA UNE-EN ISO/IEC 27002. UNE. 2017

Electronic Resources *

CENTRO CRIPTOLÓGICO NACIONAL · Serie CCN-STIC : https://www.ccn-cert.cni.es/
ENISA · Publications : http://www.enisa.europa.eu
INCIBE · Guías : www.incibe.es/CERT/guias_estudios
NIST · Special Publications (NIST-SP) : http://www.nist.gov/publication-portal.cfm

Detailed subject contents or complementary information about assessment system of B.T.

Go to the detailed contents

(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN

The course syllabus may change due academic events or other reasons.

More information: http://www.seg.inf.uc3m.es