Master of Science in Cybersecurity Management

Learn the key techniques in cybersecurity and become an expert in the application of defensive security and attack methodologies. Power your future

Agile project management in Cybersecurity

Description
The main objective of the last subject of the Master is to introduce students to agile methodologies to achieve an adequate management of cybersecurity processes. On the other hand, examples of process management tools are also presented, such as: recovery, planning and restoration of services, backup management or remote maintenance. At the end of the course the students have an agile vision in Cybersecurity that involves adapting to the rapid and continuous changes in the cyber threat landscape that therefore requires the coordination of rapid and iterative processes and the promotion of effective collaboration between security teams and the rest of the organization. RA24. Be able to adapt a cybersecurity project to a management framework based on Agile Methods, essential in environments of unpredictability and accelerated change.
Type Subject
Primer - Obligatoria
Semester
Second
Course
1
Credits
3.00
Previous Knowledge
Objectives
Contents

- Cybersecurity and Agile Methods
- Recovery process management tools
- Post-incident recovery and service restoration planning
- Backup management
- Implementation of remote configuration and maintenance tools
- Plans for installation and operation of cybersecurity management systems
- Detailed inspection of network attacks
- Implementation of attack protection measures

Methodology

The blended mode is based on a proprietary methodology developed by La Salle URL that combines the active online methodology SDBL (Self Directed Based Learning) with several face-to-face sessions distributed throughout the master.
The SDBL methodology is based on situational learning and self-directed learning. With situational learning, the student is taught, through challenges, to deal with real problems and situations in the company with which he/she can consolidate the new knowledge acquired. With self-directed learning, the student decides how to advance in his training based on his previous experience.
On a weekly basis, the LMS (Learning Management System) platform releases the content of a new topic. The way the week works is as follows:

-Synchronous kick-off session [1]:
o The teacher gives an overview of the contents and tasks that the student will encounter throughout the week. The objective of this meeting is to try to discover and reveal on a personal level which aspects of those to be covered during the week may be more difficult for the individual student.
o The teacher solves possible doubts of the students about the previous week's topic.
- Between synchronous connections:
o The student visualizes the content of the sessions and develops the tasks given to him/her about the week's topic to consolidate knowledge and identify doubts.
- Synchronous check point session:
o The teacher solves any doubts the students may have about the contents of the current week.
o The teacher presents additional content or case studies that are of interest to the students.
o The teacher generates debate and discussion among the students about the contents of the week in course with the objective of helping the students in their assimilation, therefore, improving their learning.

- Rest of the week. The objective is to finish the development of the tasks of the current week based on the clarifications received in the synchronous check point session to overcome the exercises, tasks and/or deliverables of the topic. It is worth mentioning that most of the time dedicated during this last part of the week should be spent on solving the tasks and deliverables, rather than on assimilating content (an aspect that should have been resolved between the kick-off and check point sessions).

The LMS platform opens the content gradually (week by week) so that the whole group follows the same academic path. In other words, the sequential opening of topics is done so that all students in the program are working on the same subjects simultaneously.

On the other hand, the blended mode also provides very dynamic and experiential face-to-face sessions. Several classes are seminar-style, where students experience the simulation of a cyber-incident based on a real case, putting into practice the concepts learned. The facilitators of these sessions, CISOs (Chied Information Security Officers) or Information Security Officers (ISOs) from recognized companies, will observe how the students handle the different challenges posed throughout the seminar and will discuss with them their recommendations and feedback at the end of the session.
Other face-to-face sessions are for monitoring the work done, where students will be able to validate with the expert mentor the resolution of the tasks posed in the subjects and consult doubts before presenting the final version of their work in another face-to-face session programmed exclusively for this purpose.

[1] The synchronous sessions with the mentor are optional for students to attend, last approximately one hour, and are recorded and uploaded to the LMS.

Evaluation

These are the evaluation criteria for this subject:

1. 30% Final quiz - 30 multiple-choice questions.
2. 35% “Business Continuity” rubric.
3. 35% Rubric OKRs (Objectives and Key Results)

Addenda:

- Use of Artificial Intelligence tools.
This Master's course allows the use of AI to assist in the completion of a deliverable, but its use must be acknowledged. On the assumption that you have used any AI tool, include a paragraph at the end of any assignment that uses AI explaining what you used the AI for and what prompts you used to obtain the results. Failure to do so will be considered as an action that tends to falsify or defraud the academic evaluation systems and, therefore, the copying policy of La Salle Campus Barcelona - Copying Policy | La Salle | Campus Barcelona (salleurl.edu) will be applied.

- Demonstrate academic integrity in the totality of their work.

If a student is caught cheating in any way on an exam, plagiarizing or rewriting exercises, activities, assignments, presentations, or submitting team work that he/she has not collaborated on, be prepared to receive a penalty in the final grade for the course.

The student and the group must ensure that the work they submit is their own. The student is responsible for citing all sources relied upon in their submissions, using quotation marks when language is taken directly from other sources.

Evaluation Criteria

1. 30% Final Quiz - 30 multiple-choice questions.

Description: This assessment consists of an exam with 30 multiple-choice questions designed to measure students' theoretical knowledge of the topics covered in the course.
Purpose: To objectively evaluate students' mastery of key concepts and their ability to apply these concepts in multiple-choice situations.

2. 35% Rubric “Business Continuity.”

Description: This rubric enables future CISOs or members of a Board of Directors to deal with the consequences of a security incident.
Purpose: To assess proficiency in the creation of CISO reports to the CEO (phase 1) and to the Board of Directors (phase 2).

3. 35% OKRs (Objectives and Key Results) Rubric.

Description: This rubric enables future CISOs to not only develop effective cybersecurity OKRs, but also apply CFRs principles to improve communication, feedback and recognition within the cybersecurity team.
Purpose: To objectively evaluate the presentation of OKRs and CFRs of the assigned scenario.

Basic Bibliography

• “Mide lo que importa”: Cómo Google, Bono y la Fundación Gates cambian el mundo con OKR. John Doerr (Autor).
• CISSP (Certified Information Systems Security Professional) Official Study Guide, Eighth Edition.
• Metodología MAGERIT v3 - threat catalog.

Additional Material

• Podcast: Ricardo Tejero – Implantación OKR en Leroy Merlin.

List of Professors
Maria Viader Nogués