Titular Professors
Professors
No prior particular knowledge required
The main objectives of the last subject of the Master are:
- To be able to develop a project based on the knowledge obtained throughout the program, describing a specific plan for the management of cybersecurity and critical infrastructures of an organization.
- To be able to organize an interdisciplinary team to respond to information security incidents and critical infrastructures of the organization, reducing conflicts between productive operations and data protection methods.
The students will be able to choose between working on a proposal of their work or 12 topics of their choice, related to the 12 areas of critical infrastructure defined in Spain. The choice will be made in order of request from the moment the communication is sent through the platform. The critical infrastructure area cannot be repeated.
Rules to comply with both for your company and for each of the companies in the infra-critical sector:
1) Obviously each sector you have to invent a company of the sector, for example, if you choose the 7. Central you choose a certain imagined that all must comply with the same plan, ditto for 11. Information and Communications Technologies, you choose a type operator with imagined name and for our work we will make the extrapolation that all Telcos must have the same Security Plan and the same Plan of defense to attacks.
2) All companies will have to have IT and OT.
https://ciberseguridadbidaidea.com/convergencia-entre-it-y-ot/#Que_es_di...
3) Special focus should be made on the interconnection of IT and OT networks.
4) All companies will have Wifi
5) All companies must have VPNs and an evolution to ZTNA in their roadmap.
https://revistabyte.es/ciberseguridad/ztna-vpn/
6) All PCs shall be platformed and prohibit BYOD in a physical form. Platform cybersecurity standards must be clear.
7) All companies will have workloads in On-Premise and Cloud. All cybersecurity elements must be defined.
8) All companies must have an Incident Response Plan with defined RPO/RTO.
9) All companies must have a DRP (Disaster Recovery Plan defined).
10) All companies must comply with GDPR (therefore all of them must be in EU), if you are interested in any other country please let us know and we will study it.
11) They must comply with NIST 2
https://es.linkedin.com/pulse/protegiendo-la-infraestructura-cr%C3%ADtic...
12) All companies must have a CISO that reports to the CEO or Management Committee and never to the CIO.
13) All companies must have a Cybersecurity Governance and specify what is done in case of non-compliance.
14) All companies must be Compliace of the chosen sector.
15) In companies with risk to life, they should have a level of coordination between the company and the municipality and the community.
16) In the event of a possible cyber incident, it should be clear which bodies should be informed and what are the deadlines for doing so.
List of the 12 critical areas:
1. financial and tax system (banking entities, information, securities and investments).
2. Administration (basic services, facilities, information networks, main assets and national heritage monuments).
3. Water (reservoirs, storage, treatment and networks).
4. Food (production, storage and distribution).
5. Power plants and networks (production and distribution).
6. Installations related to Outer Space.
7. Nuclear Power Plants (production, storage and transport of dangerous goods, nuclear, radiological materials, etc.).
8. Chemical industry (production, storage and transportation of dangerous goods, chemical materials, etc.).
9. Research: laboratories that due to their idiosyncrasy have or produce critical or hazardous materials, substances or elements.
10. Health (health sector and infrastructure).
11. Information and Communications Technologies (ICT, whether they are critical infrastructures in themselves, such as telecommunications networks, or provide information and communications services to other critical infrastructures).
12. Transportation (airports, ports, intermodal facilities, railroads and public transportation networks, traffic control systems).
- To show the learning outcome acquired in all subjects Recovery Process Management Tools.
- General competences indicated.
- Indicated transversal competences.
- Specific competences.
The blended mode is based on a proprietary methodology developed by La Salle URL that combines the active online methodology SDBL (Self Directed Based Learning) with several face-to-face sessions distributed throughout the master.
The SDBL methodology is based on situational learning and self-directed learning. With situational learning, the student is taught, through challenges, to deal with real problems and situations in the company with which he/she can consolidate the new knowledge acquired. With self-directed learning, the student decides how to advance in his training based on his previous experience.
On a weekly basis, the LMS (Learning Management System) platform releases the content of a new topic. The way the week works is as follows:
Synchronous kick-off session [1]:
o The teacher gives an overview of the contents and tasks that the student will encounter during the week. The objective of this meeting is to try to discover and reveal on a personal level which aspects of the week's tasks may be more difficult for the individual student.
o The teacher solves possible doubts of the students about the previous week's topic.
- Between synchronous connections:
o The student visualizes the content of the sessions and develops the tasks given to him/her about the topic of the week to consolidate knowledge and identify doubts.
- Synchronous check point session:
o The teacher solves any doubts the students may have about the contents of the current week.
o The teacher presents additional content or case studies, which are of interest to the students.
o The teacher generates debate and discussion among the students about the contents of the week in course with the objective of helping the students in their assimilation, therefore, improving their learning.
- Rest of the week. The objective is to finish the development of the tasks of the current week based on the clarifications received in the synchronous check point session to overcome the exercises, tasks and/or deliverables of the topic. It is worth mentioning that most of the time dedicated during this last part of the week should be spent on solving the tasks and deliverables, rather than on assimilating content (an aspect that should have been resolved between the kick-off and check point sessions).
The LMS platform opens the content gradually (week by week) so that the whole group follows the same academic path. In other words, the sequential opening of topics is done so that all students in the program are working on the same subjects simultaneously.
On the other hand, the blended mode also provides very dynamic and experiential face-to-face sessions. Several classes are seminar-style, where students experience the simulation of a cyber-incident based on a real case, putting into practice the concepts learned. The facilitators of these sessions, CISOs (Chied Information Security Officers) or Information Security Officers (ISOs) from recognized companies, will observe how the students handle the different challenges posed throughout the seminar and will discuss with them their recommendations and feedback at the end of the session.
Other face-to-face sessions are for monitoring the work done, where the students will be able to validate with the expert mentor the resolution of the tasks posed in the subjects and consult doubts before presenting the final version of their work in another face-to-face session programmed exclusively for this purpose.
[1] The synchronous sessions with the mentor are optional for students to attend, last approximately one hour, and are recorded and uploaded to the LMS.
These are the evaluation criteria for the TFM:
1. 60% Deliverable.
2. 40% Presentation in front of the members of the Evaluation Committee.
Addenda:
- Use of Artificial Intelligence tools.
This Master's course allows the use of AI to assist in the completion of a deliverable, but its use must be acknowledged. On the assumption that you have used any AI tool, include a paragraph at the end of any assignment that uses AI explaining what you used the AI for and what prompts you used to obtain the results. Failure to do so will be considered as an action that tends to falsify or defraud the academic evaluation systems and, therefore, the copying policy of La Salle Campus Barcelona Copying Policy | La Salle | Campus Barcelona (salleurl.edu) will be applied.
- Demonstrate academic integrity in the totality of their work.
If a student is caught cheating in any way on an exam, plagiarizing or rewriting exercises, activities, assignments, presentations, or turning in a team assignment in which he/she has not collaborated, be prepared to receive a penalty in the final grade.
The student and the group must ensure that the work they submit is their own. The student is responsible for citing all sources relied upon in their submissions, using quotation marks when language is taken directly from other sources.
1. 60% Deliverable
The deliverable will be assessed by the assigned tutor.
The deliverable must be able to show the learning result acquired in all subjects:
1. The student will be able to develop a project based on the knowledge achieved throughout the program, describing a specific plan for the management of cybersecurity and critical infrastructures of an organization.
2. The student must organize an interdisciplinary team to respond to incidents of information security and critical infrastructures of the organization by reducing conflicts between productive operations and data protection methods.
As for the general competences that this TFM is intended to provide:
1) To have the ability to synthesize the acquired knowledge and present results to an audience both specialist and non-specialist in Cybersecurity and Cyber Risk management.
2) To have the ability to adapt to new cyber threats by applying and generalizing the acquired knowledge.
In terms of transversal competencies:
1) Have the ability to be part of, integrate and get involved in an interdisciplinary team in order to participate in a Cybersecurity commission and drive action plans.
3) Be able to develop teamwork by performing in multidisciplinary environments, where contributions from disparate areas intersect to achieve a common goal.
Finally, in terms of specific competencies:
1) Be able to determine the human and financial resources, as well as the necessary activities, to turn the entity's Cybersecurity plans into viable projects aligned with the company's strategy.
2) Have the ability to apply technical/scientific knowledge and technical skills to the needs and environment of the company to develop services of business or social interest with sufficient guarantees in Cybersecurity.
3) Have the ability to generate and implement cybersecurity policies for information and critical infrastructure to achieve business objectives.
2. 40% Presentation
Description: In this part the skills acquired in presentations of all subjects, will serve to give students the opportunity to use them in the presentation of TFM. Students have learned to understand that it is as important how it is presented as the content itself.
The Wow effect to the recipients of the presentation will be a goal for the student to achieve. Even if the content is very technical, the presentation must be attractive enough to attract the attention of the recipients and to influence their opinion.
The presentation will be evaluated by the panel, composed of all the tutors and optionally a member of the Masters de la Salle management team.
Not applicable in TFM
Not applicable in TFM