Master of Science in Cybersecurity Management

Learn the key techniques in cybersecurity and become an expert in the application of defensive security and attack methodologies. Power your future

Identification of threats in Cybersecurity Management

Description
This subject has a technological nuance because it prepares students for the identification of cyber threats. To this end, it presents the management of threat data in prevention strategies through business surveillance in the digital environment. The student will be prepared to identify threats from incident reports, to carry out monitoring reports and to plan control using management policies. The tools and technologies to understand threats in order to build an effective defense strategy will be identified. A set of processes will be planned to provide internal control in the detection of indicators of attack or incident and the procedures for threat identification and recovery planning after a computer security incident will be automated. The learning outcomes of the subject are: RA13. To be able to identify threats in the management of cybersecurity from incident reports and informative studies of the sector. RA14. To be able to make a monitoring and control report of policies in cybersecurity management. RA15. Report on the phases involved in the life cycle of an intelligent threat. RA16. Know how to determine the fundamental tools and technologies to understand cyber threats, so as to build defense, damage reduction and network protection strategies.
Type Subject
Primer - Obligatoria
Semester
First
Course
1
Credits
5.00
Previous Knowledge
Objectives
Contents

- Threat Intelligence
- Cyber Intelligence
- Reverse Engineering
- WEB Security
- Detection of anomalies in the traffic of a corporate network
- Detection of attack or incident indicators
- Automation of procedures
- Recovery after a computer security incident

Methodology

The blended mode is based on a proprietary methodology developed by La Salle URL that combines the active online methodology SDBL (Self Directed Based Learning) with several face-to-face sessions distributed throughout the master.
The SDBL methodology is based on situational learning and self-directed learning. With situational learning, the student is taught, through challenges, to deal with real problems and situations in the company with which he/she can consolidate the new knowledge acquired. With self-directed learning, the student decides how to advance in his training based on his previous experience.
On a weekly basis, the LMS (Learning Management System) platform releases the content of a new topic. The way the week works is as follows:
Synchronous kick-off session [1]:
o The teacher gives an overview of the contents and tasks that the student will encounter during the week. The objective of this meeting is to try to discover and reveal on a personal level which aspects of the week's tasks may be more difficult for the individual student.
o The teacher solves possible doubts of the students about the previous week's topic.
- Between synchronous connections:
o The student visualizes the content of the sessions and develops the tasks given to him/her about the week's topic to consolidate knowledge and identify doubts.
- Synchronous check point session:
o The teacher solves any doubts the students may have about the contents of the current week.
o The teacher presents additional content or case studies that are of interest to the students.
o The teacher generates debate and discussion among the students about the contents of the week in course with the objective of helping the students in their assimilation, therefore, improving their learning.
- Rest of the week. The objective is to finish the development of the tasks of the current week based on the clarifications received in the synchronous check point session to overcome the exercises, tasks and/or deliverables of the topic. It is worth mentioning that most of the time dedicated during this last part of the week should be spent on solving the tasks and deliverables, rather than on assimilating content (an aspect that should have been resolved between the kick-off and check point sessions).

The LMS platform makes the gradual opening of content (week by week) so that the whole group follows the same academic itinerary. In other words, the sequential opening of topics is done so that all students in the program are working on the same subjects simultaneously.

On the other hand, the blended learning modality also provides very dynamic and experiential face-to-face sessions. Several classes are seminar-style, where students experience the simulation of a cyber-incident based on a real case, putting into practice the concepts learned. The facilitators of these sessions, CISOs (Chied Information Security Officers) or Information Security Officers (ISOs) from recognized companies, will observe how the students handle the different challenges posed throughout the seminar and will discuss with them their recommendations and feedback at the end of the session.
Other face-to-face sessions are for monitoring the work done, where students will be able to validate with the expert mentor the resolution of the tasks posed in the subjects and consult doubts before presenting the final version of their work in another face-to-face session programmed exclusively for this purpose.

[1] The synchronous sessions with the mentor are optional for students to attend, last approximately one hour, and are recorded and uploaded to the LMS.

Evaluation

Highly significant evaluation activities:
1. 3 deliverable assignments (20% for each assignment): 60% total.
2. Presentation of deliverables (individually or in groups), with questions on these deliverables: 10%.
3. Final test 20 questions: 30%.

Addenda:

- Use of Artificial Intelligence tools.
 
This Master's course allows the use of AI to assist in the completion of a deliverable, but its use must be acknowledged. On the assumption that you have used any AI tool, include a paragraph at the end of any assignment that uses AI explaining what you used the AI for and what prompts you used to obtain the results. Failure to do so will be considered as an action that tends to falsify or defraud the academic evaluation systems and, therefore, the copying policy of La Salle Campus Barcelona - Copying Policy | La Salle | Campus Barcelona (salleurl.edu) will be applied.

- Demonstrate academic integrity in the totality of their work.

If a student is caught cheating in any way on an exam, plagiarizing or rewriting exercises, activities, assignments, presentations, or submitting team work that he/she has not collaborated on, be prepared to receive a penalty in the final grade for the course.

The student and the group must ensure that the work they submit is their own. The student is responsible for citing all sources relied upon in their submissions, using quotation marks when language is taken directly from other sources.

Evaluation Criteria

3 deliverable tasks (20% for each task): 60% in total.

Deliverable 1 (20%):
Description: This deliverable consists of the management of a ramsonware attack. In addition to making sure we solve the current incident, we want to see what security measures we should take to avoid being a victim of further attacks in the future as we have the feeling that we may have too much company information publicly available on the Internet.

Deliverable 2 (20%):
Description: This deliverable consists of the review of the security posture in everything related to the organization's web security (including monitoring and user web browsing) and network security design (including monitoring, advanced protection and training to your security team).

Deliverable 3 (20%):
Description: This deliverable consists of conducting an investigation into a ramsonware cyber-attack that the company has suffered and producing a detailed report describing everything that happened in this attack.

Presentation of deliverables (individually or in groups), with questions on these deliverables: 10%.
Description: In this activity students must defend and explain the 3 deliverables they have completed individually or in groups in such a way that a board of directors can understand what has happened and what steps have been taken to remedy it in each of the situations raised in the deliverables.
Purpose: To assess students' mastery of key concepts and their ability to explain these concepts to a company's board of directors.

20 multiple choice questions (30%):

Description: This assessment consists of a test with 20 multiple-choice questions designed to measure students' theoretical knowledge of the topics covered in the course.
Purpose: To objectively evaluate students' mastery of key concepts and their ability to apply these concepts in multiple-choice situations.

Basic Bibliography

• OWASP Guia Contra Ataques Ransomware Christopher M. Frenz & Christian L. Diaz
• Open Source INTelligence (OSINT) Investigar personas e identidades en Internet Carlos Seisdedos y Vicente Aguilera ISBN: 978-84-09-44527-1
• OSIN Techniques: Resources for Uncovering Online Information (Enero 2023) de Michael Bazzell ISBN-13: 979-8-36636-040-1
• Hacking con buscadores: Google, Bing & Shodan + Robtex 3ª Edición Enrique Rando ISBN: 978-84-616-7589-0
• The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World´s Most Popular Disassembler de Chris Eagle ISBN-13: 978-1593272890
• Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software de Michael Sikorski y Andrew Honig ISBN-13: 978-1593272906
• The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux and Mac Memory de MH Hale Ligh ISBN-13: 978-1118825099
• Reversing: Secrets of Reverse Engineering de Eldad Eilam ISBN-13: 978-0764574818
• Web Application Security: A Beginner`s Guide de Bryan Sullivan y Vincent Liu ISBN-13: 978-0071776165
• La web enredada: Guía para la seguridad de aplicaciones web modernas de Michael Zalewski ISBN: 9788441531826
• Seguridad en Bases de Datos y Aplicaciones Web 2º Edición de Gabriel Gallardo Avilés ISBN-13: 978-1540420566
• Computación en la nube: Estrategias de Cloud Computing en las empresas de Luis Joyanes Aguilar ISBN-13: 978-8426718938
• Redes de computadoras: Un enfoque descendente de James Kurose y Heith W. Ross ISBN-13: 978-8490355282
• Seguridad de la información: Redes, informática y sistemas de información de Javier Areitio Bertolin ISBN-13: 978-8497325028
• Diseño de un prototipo con una arquitectura de red segura: Redes y comunicación de Johanna Choez Calderón y Wilson Chango ISBN-13: 978-6200030757
• Computación en la nube: Estrategias de Cloud Computing en las empresas de Luis Joyanes Aguilar ISBN-13: 978-8426718938
• Redes de computadoras: Un enfoque descendente de James Kurose y Heith W. Ross ISBN-13: 978-8490355282
• Seguridad de la información: Redes, informática y sistemas de información de Javier Areitio Bertolin ISBN-13: 978-8497325028
• Diseño de un prototipo con una arquitectura de red segura: Redes y comunicación de Johanna Choez Calderón y Wilson Chango ISBN-13: 978-6200030757

Additional Material

• Threat data management in prevention strategies.
o https://learn.microsoft.com/es-es/azure/defender-for-cloud/defender-for-...
• Business surveillance in the digital environment.
o https://azuremarketplace.microsoft.com/es-es/marketplace/apps/chorusit.m...
• Boosting of reverse engineering processes.
• WEB Security Management.
o https://learn.microsoft.com/bs-latn-ba/azure/web-application-firewall/ov...
• Network design for anomaly detection.
o https://azure.microsoft.com/es-es/products/azure-firewall
• Internal control processes to detect indicators of attack or incident..
o https://azure.microsoft.com/es-es/products/microsoft-sentinel/
• Automation of threat identification procedures.
• Recovery planning after a computer security incident.
o https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-arc...

List of Professors
Marc Corbalán i Querol