No particular prior knowledge is required
- Be able to develop a reasoned list of specific concepts related to cybersecurity management based on information provided by legal documents and/or generic management and/or technology disclosure texts.
- Be able to identify the social and economic environment in corporate cybersecurity management based on information provided by socioeconomic and corporate management reports.
- Be able to recognize terminology, standards, and best practices related to cybersecurity and critical infrastructure management in legal texts and specific documents related to data governance, corporate governance, and the business environment.
- Cybersecurity Fundamentals
- Corporate governance and business environment
- Data governance. Digital governance and security.
- Lean Cybersecurity
- Privacy and anonymity management
- Risk analysis and management. An information security risk assessment (Emerging risk and threat landscape. Vulnerability and control deficiency analysis).
- Information security risk response (Risk treatment/Risk response options, Risk and control ownership).
- Risk monitoring and reporting
The blended mode is based on a proprietary methodology developed by La Salle URL that combines the active online methodology SDBL (Self Directed Based Learning) with several face-to-face sessions distributed throughout the master.
The SDBL methodology is based on situational learning and self-directed learning. With situational learning, the student is taught, through challenges, to deal with real problems and situations in the company with which he/she can consolidate the new knowledge acquired. With self-directed learning, the student decides how to advance in their training based on their previous experience.
On a weekly basis, the LMS (Learning Management System) platform releases the content of a new topic. The way the week works is as follows:
Synchronous kick-off session [1]:
o The teacher gives an overview of the contents and tasks that the student will encounter during the week. The objective of this meeting is to try to discover and reveal on a personal level which aspects of the week's tasks may be more difficult for the individual student.
o The teacher solves possible doubts of the students about the previous week's topic.
- Between synchronous connections:
o The student visualizes the content of the sessions and develops the tasks given to him/her about the topic of the week to consolidate knowledge and identify doubts.
- Synchronous check point session:
o The teacher solves any doubts the students may have about the contents of the current week.
o The teacher presents additional content or case studies, which are of interest to the students.
o The teacher generates debate and discussion among the students about the contents of the week in course with the objective of helping the students in their assimilation, therefore, improving their learning.
- Rest of the week. The objective is to finish the development of the tasks of the current week based on the clarifications received in the synchronous check point session to overcome the exercises, tasks and/or deliverables of the topic. It is worth mentioning that most of the time dedicated during this last part of the week should be spent on solving the tasks and deliverables, rather than on assimilating content (an aspect that should have been resolved between the kick-off and check point sessions).
The LMS platform opens the content gradually (week by week) so that the whole group follows the same academic path. In other words, the sequential opening of topics is done so that all students in the program are working on the same subjects simultaneously.
On the other hand, the blended mode also provides very dynamic and experiential face-to-face sessions. Several classes are seminar-style, where students experience the simulation of a cyber-incident based on a real case, putting into practice the concepts learned. The facilitators of these sessions, CISOs (Chied Information Security Officers) or Information Security Officers (ISOs) from recognized companies, will observe how the students handle the different challenges posed throughout the seminar and will discuss with them their recommendations and feedback at the end of the session.
Other face-to-face sessions are for monitoring the work done, where students will be able to validate with the expert mentor the resolution of the tasks posed in the subjects and consult doubts before presenting the final version of their work in another face-to-face session programmed exclusively for this purpose.
[1] The synchronous sessions with the mentor are optional for students to attend, last approximately one hour, and are recorded and uploaded to the LMS.
Highly significant evaluation activities:
1. 2 case studies to be delivered (40%).
2. Opinion on a case study (20%)
3. Group presentation (10%)
4. 20 multiple-choice questions (30%)
Addenda:
- Use of Artificial Intelligence tools.
This Master's course allows the use of AI to assist in the completion of a deliverable, but its use must be acknowledged. On the assumption that you have used any AI tool, include a paragraph at the end of any assignment that uses AI explaining what you used the AI for and what prompts you used to obtain the results. Failure to do so will be considered as an action that tends to falsify or defraud the academic evaluation systems and, therefore, the copying policy of La Salle Campus Barcelona Copying Policy | La Salle | Campus Barcelona (salleurl.edu) will be applied.
- Demonstrate academic integrity in the totality of their work.
If a student is caught cheating in any way on an exam, plagiarizing or rewriting exercises, activities, assignments, presentations, or submitting team work that he/she has not collaborated on, be prepared to receive a penalty in the final grade for the course.
The student and the group must ensure that the work they submit is their own. The student is responsible for citing all sources relied upon in their submissions, using quotation marks when language is taken directly from other sources.
The 2 case studies are delivered in the form of a PDF document shortly after the end of the synchronous sessions and are intended to be highly applicable. In both cases, the student chooses an organization or sector of activity in which he/she will delve into. In the first case, the importance of each of the three dimensions of cybersecurity, the application of critical infrastructure legislation and the impact on business continuity are analyzed. In the second case, the most important risks for this organization will be identified and then protection measures will be proposed, looking at their typology (preventive, detection, etc.). Rigor in the concepts applied to real situations will be assessed.
In the opinion on a case dealt with (the Pegasus case and government cell phones), they made an individual presentation (without Powerpoint) of 5 minutes maximum and sent the document used in the presentation. On this case they are invited to deepen the risk analysis of the case, focusing especially on the impact, on the exploitation of vulnerabilities zero click as is the case, on the incentives in the discovery of vulnerabilities (bug bounty) and on the threats to different spheres of cybersecurity: individual, organization, state or global. The ability to analyze a serious situation with high impact in the media and to be able to expose it in order to assess the value provided by cybersecurity will be valued.
The group presentation is about 20 minutes maximum, optionally with Powerpoint, with the participation of all the members of the group. They have chosen the groups and the topics. In this case they have been: cybersecurity awareness, artificial intelligence and cybersecurity in an SME. In this activity there is a great freedom while allowing to relate all the concepts seen in the subject. The content presented, the exposition capacity and the teamwork will be valued.
The multiple-choice exam questions are of similar difficulty to those of the self-assessments of the course sessions and cover all topics.
- Glosario de términos de ciberseguridad de INCIBE https://www.incibe.es/sites/default/files/contenidos/guias/doc/guia_glos...
- Guía de Seguridad (CCN-STIC-401) Glosario y abreviaturas https://www.ccn-cert.cni.es/pdf/guias/glosario-de-terminos/22-401-descar...
- Glossary of Key Information Security Terms de NIST https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7298r1.pdf y https://csrc.nist.gov/glossary
- El Libro Blanco del CISO - Segunda Edición https://www.ismsforum.es/ficheros/descargas/segunda-edicion-del-libro-bl...
- Global Risks Report 2023 - World Economic Forum https://www.weforum.org/reports/global-risks-report-2023/
- MAGERIT - versión 3.0 - Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información https://www.ccn-cert.cni.es/documentos-publicos/1791-magerit-libro-ii-ca...
- NIST Risk Management Framework https://csrc.nist.gov/Projects/risk-management
- NIST 800-53 Security and Privacy Controls for Information Systems and Organizations https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final , es un referente que está disponible gratuitamente
- Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final
- NIST Special Publication 800-39 Managing Information - Security Risk https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-39...
- Ciberamenazas y tendencias 2022 https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos/6786-ccn...
- ENISA Threat Landscape 2022 https://www.enisa.europa.eu/publications/enisa-threat-landscape-2022
- Guía de ciberataques de INCIBE https://www.incibe.es/sites/default/files/docs/guia-ciberataques/osi-gui...
- Guía sobre controles de seguridad en sistemas OT https://www.ismsforum.es/ficheros/descargas/maquetaguiaotv101621955967.pdf
- Lean, ISO, and Six Sigma | NIST https://www.nist.gov/baldrige/lean-iso-and-six-sigma
- The Risks Of Shadow IT For Businesses https://www.forbes.com/sites/forbestechcouncil/2022/12/26/the-risks-of-s...
- Baldrige Cubersecurity Excellence Builder - Key questions for improving your organization's cybersecurity performance https://www.nist.gov/system/files/documents/2019/03/24/baldrige-cybersec...
- Agile Cybersecurity https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=644318
- DoD Enterprise DevSecOps Fundamentals https://dodcio.defense.gov/Portals/0/Documents/Library/DoDEnterpriseDevS...
- Privacy Framework https://www.nist.gov/privacy-framework
- Risk Assessment and Analysis Methods: Qualitative and Quantitative https://www.isaca.org/resources/isaca-journal/issues/2021/volume-2/risk-...
- National Vulnerability Database https://nvd.nist.gov/
- Gestión de riesgos - Una guía de aproximación para el empresario https://www.incibe.es/sites/default/files/contenidos/guias/doc/guia_cibe...
- IA y automatización para la ciberseguridad https://www.ibm.com/downloads/cas/EONRVN07