No prior particular knowledge required
- To be able to organize the management of cybersecurity incidents through a specific action plan.
- Be able to identify agile management frameworks in cybersecurity.
- Be able to write specific reports with the analysis and processing of data to highlight anomalies, unusual user behavior or other threats.
- Know how to determine the fundamental tools and technologies for prediction, detection, analysis, response and recovery from cybersecurity incidents.
- Security and critical infrastructure analysis
- Cybersecurity Incident Response and Management
- Cybersecurity Incident Management
- Management of a CyberSOC (Security Operations Center SOC)
- Forensic analysis
- Cyber resilience and business continuity
- Data collection and alarm management
- Data correlation and alarm generation
The blended mode is based on a proprietary methodology developed by La Salle URL that combines the active online methodology SDBL (Self Directed Based Learning) with several face-to-face sessions distributed throughout the master.
The SDBL methodology is based on situational learning and self-directed learning. With situational learning, the student is taught, through challenges, to deal with real problems and situations in the company with which he/she can consolidate the new knowledge acquired. With self-directed learning, the student decides how to advance in his training based on his previous experience.
On a weekly basis, the LMS (Learning Management System) platform releases the content of a new topic. The way the week works is as follows:
-Synchronous kick-off session [1]:
o The teacher gives an overview of the contents and tasks that the student will encounter throughout the week. The objective of this meeting is to try to discover and reveal on a personal level which aspects of those to be covered during the week may be more difficult for the individual student.
o The teacher solves possible doubts of the students about the previous week's topic.
- Between synchronous connections:
o The student visualizes the content of the sessions and develops the tasks given to him/her about the week's topic to consolidate knowledge and identify doubts.
- Synchronous check point session:
o The teacher solves any doubts the students may have about the contents of the current week.
o The teacher presents additional content or case studies that are of interest to the students.
o The teacher generates debate and discussion among the students about the contents of the week in course with the objective of helping the students in their assimilation, therefore, improving their learning.
- Rest of the week. The objective is to finish the development of the tasks of the current week based on the clarifications received in the synchronous check point session to overcome the exercises, tasks and/or deliverables of the topic. It is worth mentioning that most of the time dedicated during this last part of the week should be spent on solving the tasks and deliverables, rather than on assimilating content (an aspect that should have been resolved between the kick-off and check point sessions).
The LMS platform opens the content gradually (week by week) so that the whole group follows the same academic path. In other words, the sequential opening of topics is done so that all students in the program are working on the same subjects simultaneously.
On the other hand, the blended mode also provides very dynamic and experiential face-to-face sessions. Several classes are seminar-style, where students experience the simulation of a cyber-incident based on a real case, putting into practice the concepts learned. The facilitators of these sessions, CISOs (Chied Information Security Officers) or Information Security Officers (ISOs) from recognized companies, will observe how the students handle the different challenges posed throughout the seminar and will discuss with them their recommendations and feedback at the end of the session.
Other face-to-face sessions are for monitoring the work done, where students will be able to validate with the expert mentor the resolution of the tasks posed in the subjects and consult doubts before presenting the final version of their work in another face-to-face session programmed exclusively for this purpose.
Highly significant evaluation activities:
1. 20 multiple-choice questions: 30%.
2. Case study: 70%
Addenda:
- Use of Artificial Intelligence tools.
This Master's course allows the use of AI to assist in the completion of a deliverable, but its use must be acknowledged. On the assumption that you have used any AI tool, include a paragraph at the end of any assignment that uses AI explaining what you used the AI for and what prompts you used to obtain the results. Failure to do so will be considered as an action that tends to falsify or defraud the academic evaluation systems and, therefore, the copying policy of La Salle Campus Barcelona Copying Policy | La Salle | Campus Barcelona (salleurl.edu) will be applied.
- Demonstrate academic integrity in the totality of their work.
If a student is caught cheating in any way on an exam, plagiarizing or rewriting exercises, activities, assignments, presentations, or submitting team work that he/she has not collaborated on, be prepared to receive a penalty in the final grade for the course.
The student and the group must ensure that the work they submit is their own. The student is responsible for citing all sources relied upon in their submissions, using quotation marks when language is taken directly from other sources.
1. Multiple choice questions with 4 answers and only one correct answer. Mistakes do not count. Each question, if correct, will count 1.5 points, up to a maximum of 30 points.
2. A cyber incident will be described by the teacher or each student can document a public one or one from his/her work environment. On that case a practical case must be developed in which some of the contents are developed in detail, highlighting the effects of the absence of controls as well as an adequacy plan that will allow in the future, prevent, protect, monitor, detect, respond or recover if the same incident occurs again. Maximum score 70 points.
a. Description of the pre-incident context. 10 points
b. Description of the sequence of the incident. 10 points
c. Description of ineffective or absent controls. 10 points
d. Description of the containment or response plan that was implemented. 10 points.
e. Description of future suitability plan. 20 points.
f. Description of the applicable regulatory framework. 10 points.
1. Cyber Resilience in critical infraestructure. ISBN-13: 978-1032583051.
2. Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents. ISBN-13: 978-1484238691
3. NIST Computer Security Incident Handling Guide. https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
4. Cybersecurity Blue Team Strategies: Uncover the secrets of blue teams to combat cyber threats in your organization. ISBN-13: 978-1801072472.
5. Digital Forensics. ISBN-13: 978-1119262381.
6. Cyber Resilience Fundamentals. ISBN-13: 978-3031526404.
7. Security Information and Event Management (Siem) Implementation (Network Pro Library) (NETWORKING & COMM - OMG)- ISBN-13: 978-0071701099
8. AI/ML in Cybersecurity: Your go to guide to understand AI & ML in Cybersecurity. ISBN-13: 978-2854456370
Present at each Session.