Checking date: 30/03/2023

Course: 2023/2024

Risk Analysis in Cybersecurity
Master in Cybersecurity (Plan: 325 - Estudio: 288)

Coordinating teacher: RUBIO MANSO, JOSE MARIA

Department assigned to the subject: Telematic Engineering Department

Type: Electives
ECTS Credits: 3.0 ECTS


BASIC COMPETENCES - To be able to link knowledges and face the complexity of judging from incomplete or limited information to include their own reflexions over ethical and social responsibilities in the application of their knowledge (CB8). - To communicate their conclusions, knowledge and reasoning to non specialized audience in a clear way (CB9). - To continue their self learning to keep updated in their field of studies (CB10). GENERAL COMPETENCES - To know the technical and legal framework in cibersecurity, their implications in system design and in the usage of security tools (CG4). - To develop, deploy and maintain Information Security Management Systems (ISMS) (CG5). SPECIFIC COMPETENCES - Starting from the inventory of assets of an organization apply some of the existing methodologies to perform the risk analysis and know how to transmit the results to the organization (CE9). LEARNING OUTCOMES: *Develop a risk analysis for an organization that allows the identification and evaluation of them.
Skills and learning outcomes
Description of contents: programme
Introduction and general concepts on Risk Analysis. 1.1 Concepts: assets, threats, vulnerabilities, safeguards... 1.1.1 Qualitative and quantitative analysis. 1.1.2 Static and dynamic analysis. 1.2 Advanced aspects. 1.2.1 Threat modeling and categorization (STRIDE, DREAD, CAPEC). Web Site Threats (WASC). 1.2.2 Vulnerability Assessment and Penetration Tests (VAPT). Risk Analysis Methodologies. 2.1 ISACA(COSO), CRAMM, EBIOS, PCI-DSS, NIST SP-800... 2.1 ISO-27005. MAGERIT. Current and future application environments. 3.1 Cloud Computing. 3.2 Big Data - AI. 3.3 Internet Of Things (IoT). 3.4 Mobile environments (Wireles, Smartphones, ...).
Learning activities and methodology
Learning activities will consist of theoretical and practical lectures, tutoring, team working and individual work of the student. METHODOLOGY -The teacher will lecture using slides and practical demos to illustrate the students on the concepts. Bibliographic and further material will be provided to the students to go deepr into practical aspects. -The students will critically review given texts provided by the teacher. Some specialized press articles and manuals will be given for class discussion or self study -The students will present contents related to the subject, under the supervision of the teacher, to promote the discussion and constructive criticism -Students will perform personal or group assignments and deliver the documentation for evaluation, or class discussion.
Assessment System
  • % end-of-term-examination 40
  • % of continuous assessment (assigments, laboratory, practicals...) 60

Calendar of Continuous assessment

Basic Bibliography
  • AENOR. NORMA ISO/IEC 27005. AENOR. 2008
  • Adam. Shostack. Threat modeling : designing for security. John Wiley and Sons. 2014
  • John R. Vacca. Cyber Security and IT Infrastructure Protection. Syngress. 2013
Recursos electrónicosElectronic Resources *
Additional Bibliography
  • Gibson, Darril. Managing Risk in Information Systems (2nd Edition). Jones & Bartlett Learning. 2014
  • Gregory Allen. Threat assessment and risk analysis : an applied approach. Butterworth Heinemann. 2016
  • Marquina Llivisaca, Edgar Geovanny. Análisis y Gestión de Riesgos Implementando la Metodología MAGERIT. EAE. 2012
  • Uceda Vélez, Tony ; Morana, Marco M.Risk. Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. John Wiley & Sons Inc. 2015
Recursos electrónicosElectronic Resources *
(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN

The course syllabus may change due academic events or other reasons.