No prior particular knowledge required
- Be able to design and plan the company's cybersecurity policies and strategies in a specific plan.
- Be able to implement cybersecurity governance based on the development of a specific action plan.
- Be able to prepare a report on the methods required for cybersecurity governance based on the information provided by incident reports.
- Be able to create a framework to enable stakeholders to collaborate and resolve cybersecurity issues based on the development of a specific framework document.
- Cybersecurity Governance.
- Development of cybersecurity policies and strategies.
- Information security program development
- Information security management
- Identification and classification of information assets
- Information security policies, procedures and guidelines.
- Frameworks and industry standards for information security
- Preventive plan for periodic and extraordinary audits.
The blended mode is based on a proprietary methodology developed by La Salle URL that combines the active online methodology SDBL (SelfDirectedBasedLearning) with several face-to-face sessions distributed throughout the master.
The SDBL methodology is based on situational learning and self-directed learning. With situational learning, the student is taught, through challenges, to address real problems and situations of the company with which he/she can consolidate the new knowledge acquired. With self-directed learning, the student decides how to advance in his training based on his previous experience.
On a weekly basis, the LMS (Learning Management System) platform releases the content of a new topic. The way the week works is as follows:
Synchronous kick-off session[1]:
o The teacher gives an overview of the contents and tasks that the student will encounter throughout the week. The objective of this meeting is to try to discover and reveal on a personal level which aspects of those to be covered during the week may be more difficult for the individual student.
o The teacher solves possible doubts of the students about the previous week's topic.
- Between synchronous connections:
o The student visualizes the content of the sessions and develops the tasks given to him/her about the topic of the week to consolidate knowledge and identify doubts.
Synchronous checkpoint session:
o The teacher solves any doubts the students may have about the contents of the current week.
o The teacher presents additional content or case studies, which are of interest to the students.
o The teacher generates debate and discussion among the students about the contents of the week in course with the objective of helping the students in their assimilation, therefore, improving their learning.
Rest of the week. The objective is to finish the development of the tasks of the current week based on the clarifications received in the synchronous checkpoint session in order to overcome the exercises, tasks and/or deliverables of the topic. It is worth mentioning that most of the time spent during this last part of the week should be spent on solving the tasks and deliverables, rather than on assimilating content (an aspect that should have been resolved between the kick-off and checkpoint sessions).
The LMS platform makes the gradual opening of content (week by week) so that the whole group follows the same academic itinerary. In other words, the sequential opening of topics is done so that all students in the program are working on the same subjects simultaneously.
On the other hand, the blended learning modality also provides very dynamic and experiential face-to-face sessions. Several classes are seminar-style, where students experience the simulation of a cyber-incident based on a real case, putting into practice the concepts learned. The facilitators of these sessions, CISOs (Chied Information Security Officers) or Information Security Officers (ISOs) from recognized companies, will observe how the students handle the different challenges posed throughout the seminar and will discuss with them their recommendations and feedback at the end of the session.
Other face-to-face sessions are for monitoring the work done, where students will be able to validate with the expert mentor the resolution of the tasks posed in the subjects and consult doubts before presenting the final version of their work in another face-to-face session programmed exclusively for this purpose.
[1] The synchronous sessions with the mentor are optional for students to attend, last approximately one hour, and are recorded and uploaded to the LMS.
Highly significant evaluation activities:
1. 2 deliverables 60%
2. Group work 10%.
3. 20 multiple choice questions 30%.
Addenda:
- Use of Artificial Intelligence tools.
This Master's course allows the use of AI to assist in the completion of a deliverable, but its use must be acknowledged. On the assumption that you have used any AI tool, include a paragraph at the end of any assignment that uses AI explaining what you used the AI for and what prompts you used to obtain the results. Failure to do so will be considered as an action that tends to misrepresent or defraud the academic evaluation systems and, therefore, the La Salle Campus Barcelona copying policy will apply CopyingPolicy | La Salle | Campus Barcelona (salleurl.edu)
- Demonstrate academic integrity in the totality of their work.
If a student is caught cheating in any way on an exam, plagiarizing or rewriting exercises, activities, assignments, presentations, or submitting team work that he/she has not collaborated on, be prepared to receive a penalty in the final grade for the course.
The student and the group must ensure that the work they submit is their own. The student is responsible for citing all sources relied upon in their submissions, using quotation marks when language is taken directly from other sources.
2 deliverables (60%):
Deliverable 1 (30%)
Description: This deliverable consists of specific work assigned to students focused on the design and implementation of a telework contingency plan.
Purpose: To evaluate students' ability to apply cybersecurity concepts and adequately plan a secure environment for teleworking.
Deliverable 2 (30%)
Description: Similar to the first deliverable, but focused on another critical aspect of cybersecurity, develop an audit plan.
Purpose: To continue assessing students' skills in the practical application of their knowledge, this time developing all phases necessary to successfully prepare an audit plan.
1 Group practice (10%):
Description: In this practicum, students will assume the role of a cybersecurity incident response team at the fictitious company. A security breach compromising sensitive customer data, triggered by a phishing attack targeting employees in the sales department, will be simulated. Students will be required to coordinate the management of this incident, assigning specific roles and following a predefined plan to contain, eradicate and recover from the incident.
Purpose: To foster collaboration among students, allowing them to share knowledge and skills, and face challenges in a simulated environment that mirrors real-world situations.
20 multiple choice questions (30%):
Description: This assessment consists of a test with 20 multiple-choice questions designed to measure students' theoretical knowledge of the topics covered in the course.
Purpose: To objectively evaluate students' mastery of key concepts and their ability to apply these concepts in multiple-choice situations.
- Boletín Oficial del Estado (2023). Código de Derecho de la ciberseguridad. BOE.
- Tejerina Rodríguez, Ofelia (2020). Aspectos jurídicos de la ciberseguridad. RA-MA.
- Dirección de seguridad y gestión del ciberriesgo. Autores: Fernando Sevillano Jaen y Marta Beltran Pardo. Editorial: RA-MA (2020)
- Guía de Seguridad de las TIC CCN-STIC 802 (Guía de auditoría).
- Auditoria de tecnologías y sistemas de información. Autor: Mario Piattini Velthuis. Editorial: RA-MA (2008)
- Guide NIST SP 80012 (https://csrc.nist.gov/pubs/sp/800/12/r1/final)
- Guide NIST SP 800100 (https://csrc.nist.gov/pubs/sp/800/100/upd1/final)
- Guide NIST SP 800-53. Security and Privacy Controls for Information Systems and Organizations (https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final).
- NIST FIPS 199 - Standards for Security Categorization of Federal Information and Information Systems. (https://csrc.nist.gov/pubs/fips/199/final)
- NIST FIPS 200 - Minimum Security Requirements for Federal Information and Information Systems, NIST ( https://csrc.nist.gov/pubs/fips/200/final)
- Security Master Plan. National Cybersecurity Institute (INCIBE) https://www.incibe.es/sites/default/files/contenidos/politicas/documento...