Ficha

Versión en español

Course: 2020/2021

Cyber security management and administration

(12393)

Master in Cybersecurity (Plan: 325 - Estudio: 288)

EPI

Coordinating teacher: RIBAGORDA GARNACHO, ARTURO

Department assigned to the subject: Computer Science and Engineering Department

Type: Compulsory

ECTS Credits: 3.0 ECTS

Course: 1º

Semester: 2º

Requirements (Subjects that are assumed to be known)

Not apply

Objectives

BASIC COMPETENCES: Form professionals with the ability to integrate knowledge and form judgments from incomplete or inaccurate information. Form professionals with the ability to communicate thoughts and judgments and give reasons accordingly. Form professionals with the ability to study and learn autonomously. LEARNING RESULTS: 1. Develop, deploy and maintain an Information Security Management System (ISMS). 2. In regard to the master plan of information technology of an organization, its security plan and given the available human resources, technological resources and so on, develop an information security plan. 3. Develop a business continuity plan given the maximum available recovery time. 4. Develop and maintain an information classification system. 5. Learn about the legal provisions concerning cibersecurity and its applications in the design of secure systems.

Description of contents: programme

1. Introduction and basic concepts. Normalization, evaluation, certification and accreditation. Institutes for standards. Legal framework. 2. Security management information system. ISO/IEC standards. Series 27XXX. UNEISO/IEC 27000:2014, UNE-EN ISO/IEC 27001:2017, UNE-EN ISO/IEC 27002:2017. Certifiable standards of the series. 3. Security plans. 4. Information classification. 5. Business continuity plan. UNE-EN-ISO 22301:2015 and UNE-ISO 22313:2013. 6. Cibersecurity strategies and legal framework. 7. Security auditing. Audit frameworks and standards. Audit of personal data. Evidences. Analysis. Audit report.

Learning activities and methodology

TRAINING ACTIVITIES Theoretical lessons. Theoretical-practical lessons. Tutoring Group work Individual work TEACHING METHODOLOGIES Class lectures with computer and audiovisual resources. Main concepts of the subject will be presented together with additional bibliography. Critical reading of recommended text: press articles, reports, tutorials and/or academic articles. They will be used for class discussions or to extent and consolidate taught concepts. Class presentations and discussions under the supervision of the teacher based on topics related to the subject, as well as case studies.

Assessment System

The assessment mission is to know the degree of compliance with the learning objectives, so all the student's work, individually or collectively will be assessed through continuous assessment of their activities through exercises and tests, practical work and other activities academic training described above.
A formative evaluation will be conducted through continuous feedback, which allows the student to assess what knows and what is expected of him. The final grade will take into account individual student activities and team activities. The activities carried out during the course, individual or group, will involve 45% of the note, a partial examination (not liberatory) another 15%, while the individual final exam constitute the remaining 40%. In any case, conducting final exam is compulsory, being necessary to obtain at least 40% of the maximum possible score in this test to pass the course.
For the extraordinary call, you can give three situations according to the student: 
a) You have followed the process of continuous evaluation and want to keep note of this. In this case, the test will have the same percentage value in the ordinary call, and the final grade for the course will consider the note of the continuous assessment and the grade obtained in the final exam. 
b) has not followed the process of continuous evaluation. In this case, you have the right to conduct an examination with a value of 100% of the total course grade. This review may contain questions relevant to the activities carried out during the course. 
c) Has followed the continuous evaluation process, but want to be qualified in the resit in the same conditions as in paragraph b).

% end-of-term-examination 40
% of continuous assessment (assigments, laboratory, practicals...) 60

Basic Bibliography

C.M. Fernández Sánchez y M. Piattini Velthuis . Modelo para el gobierno de las TIC basado en las normas ISO. AENOR. 2012
L. Gómez Fernández; P.P. Fernández Rivero . Como implantar un SGSI según UNE-ISI/IEC 27001:2014 y su aplicación en el ENS. AENOR.
UNE EN-ISO/IEC. UNE-ISO/IEC 27001:2017. UNE.
UNE EN-ISO/IEC. UNE EN-ISO/IEC 27000:2019. UNE.
UNE EN-ISO/IEC . UNE EN-ISO/IEC 27002:2017. UNE.

Electronic Resources *

CCN/CNI · Serie CCN-STIC : https://www.ccn-cert.cni.es/
ENISA · Publications : www.enisa.europa.eu/publications
INCIBE · Guías : www.incibe.es/CERT/guias_estudios
NIST · Special Publications (800 Series) : csrc.nist.gov/publications/PubsSPs.html

Detailed subject contents or complementary information about assessment system of B.T.

Go to the detailed contents

(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN

The course syllabus may change due academic events or other reasons.

More information: www.cosec.inf.uc3m.es