Checking date: 10/07/2020

Course: 2020/2021

Cyber security management and administration
Study: Master in cybersecurity (288)

Coordinating teacher: RIBAGORDA GARNACHO, ARTURO

Department assigned to the subject: Department of Computer Science and Engineering

Type: Compulsory
ECTS Credits: 3.0 ECTS


Students are expected to have completed
Not apply
BASIC COMPETENCES: Form professionals with the ability to integrate knowledge and form judgments from incomplete or inaccurate information. Form professionals with the ability to communicate thoughts and judgments and give reasons accordingly. Form professionals with the ability to study and learn autonomously. LEARNING RESULTS: 1. Develop, deploy and maintain an Information Security Management System (ISMS). 2. In regard to the master plan of information technology of an organization, its security plan and given the available human resources, technological resources and so on, develop an information security plan. 3. Develop a business continuity plan given the maximum available recovery time. 4. Develop and maintain an information classification system. 5. Learn about the legal provisions concerning cibersecurity and its applications in the design of secure systems.
Description of contents: programme
1. Introduction and basic concepts. Normalization, evaluation, certification and accreditation. Institutes for standards. Legal framework. 2. Security management information system. ISO/IEC standards. Series 27XXX. UNEISO/IEC 27000:2014, UNE-EN ISO/IEC 27001:2017, UNE-EN ISO/IEC 27002:2017. Certifiable standards of the series. 3. Security plans. 4. Information classification. 5. Business continuity plan. UNE-EN-ISO 22301:2015 and UNE-ISO 22313:2013. 6. Cibersecurity strategies and legal framework. 7. Security auditing. Audit frameworks and standards. Audit of personal data. Evidences. Analysis. Audit report.
Learning activities and methodology
TRAINING ACTIVITIES Theoretical lessons. Theoretical-practical lessons. Tutoring Group work Individual work TEACHING METHODOLOGIES Class lectures with computer and audiovisual resources. Main concepts of the subject will be presented together with additional bibliography. Critical reading of recommended text: press articles, reports, tutorials and/or academic articles. They will be used for class discussions or to extent and consolidate taught concepts. Class presentations and discussions under the supervision of the teacher based on topics related to the subject, as well as case studies.
Assessment System
  • % end-of-term-examination 40
  • % of continuous assessment (assigments, laboratory, practicals...) 60
Basic Bibliography
  • C.M. Fernández Sánchez y M. Piattini Velthuis . Modelo para el gobierno de las TIC basado en las normas ISO. AENOR. 2012
  • L. Gómez Fernández; P.P. Fernández Rivero . Como implantar un SGSI según UNE-ISI/IEC 27001:2014 y su aplicación en el ENS. AENOR.
  • UNE EN-ISO/IEC. UNE-ISO/IEC 27001:2017. UNE.
  • UNE EN-ISO/IEC. UNE EN-ISO/IEC 27000:2019. UNE.
  • UNE EN-ISO/IEC . UNE EN-ISO/IEC 27002:2017. UNE.
Recursos electrónicosElectronic Resources *
Detailed subject contents or complementary information about assessment system of B.T.
(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN

The course syllabus and the academic weekly planning may change due academic events or other reasons.

More information: