This subject course combines two essential aspects of the degree: Management Systems and Information Systems. Situated within business organisations, it identifies the importance of the three pillars of cybersecurity for business continuity: Confidentiality, Integrity and Availability.

It works with the precise vocabulary of the security context to make possible a diagnosis tailored to each organisation's needs to open the way to constant improvement by means of Management Systems through the gradual reduction of vulnerabilities and the establishment of safeguards, without forgetting staff training and awareness-raising.

- Being familiar with the main concepts necessary for risk analysis and management in information systems

- Being familiar with the features of security management standards in information systems

- Designing, planning and implementing adequate IT security policies and measures in terms of effectiveness and cost

- Integrating technical IT security know-how into ethical, legal and organisational planning

- Being able to perform technical tasks that make up an information system security management system, such as proper control of passwords, backup copies, encryption, use of anti-malware, auditing and physical security.

- Designing training plans for people connected with information systems

- Efficient group working to coordinate technical and organisational tasks

- Being familiar with the legal framework governing professional practice (General Data Protection Regulation, Information Society Services Act and Digital Signature Act)

- Information System Security Risk Analysis and Management

- Backing up information and security copies

- Controlling access to information resources: identification and authentication. The digital signature

- Malware: security risks and measures

- The human factor

- Encrypting information: contexts of use and basic techniques

- Software protection

- Planning, organisation and administration of IT security, audits: technical and standard

- Legal, ethical and organisational aspects: General Data Protection Regulation, Information Society Services Act and Digital Signature Act

Lectures (M) introduce concepts in presentations that are published on the eGela platform, allowing discussion of the main pillars of Security Management in the context of organisations and its importance in Information Systems.

Practical work (GL) makes it possible to approach typical security issues through individual and group reflection. This can take different forms and includes the study of scientific articles, press articles, pair work exercises, group protective software selection processes and active participation in conferences on security and personal data protection, among others. The work is submitted as reports and public presentations and is assessed by the lecturer and by colleagues.

• Continuous Assessment System
• Final Assessment System
• Tools and qualification percentages:
  • Written test to be taken (%): 60
  • Team projects (problem solving, project design)) (%): 40

Obligatory tasks of different kinds will be set during the course, both individually and as a group. Deliverables will consist of reports and presentations to give in class, assessed by the lecturer and by colleagues according to predetermined criteria.

For continuous assessment practical work, reports and presentations will be worth 40% of the final mark. There will be a final written examination worth 60% of the final mark, in which a minimum of 3.5 out of 10 must be scored to pass the course.

If continuous assessment is waived there will be a final examination worth 100% of the mark. The lecturer must be informed of this waiver by the 9th week, in accordance with current regulations.

If the final examination is not attended it will be considered not sat.

If the course cannot be assessed face-to-face, the relevant changes will be made to carry it out online by using the IT tools available at the UPV/EHU. The particulars of this online assessment will be made public.

Assessment of the extraordinary session will be by a single written examination covering the topics seen in the lectures and laboratory work, updating cases from one year to the next. Relevant material produced by students will be made available for reference to the rest of the eGela platform.

Class notes, classroom and laboratory teaching support material. Data Protection Act, Information Society Services Act and Digital Signature Act.

Basic bibliography

- Álvaro Gómez Vieites, "Enciclopedia de la Seguridad Informática", Ra-Ma 2011 (2ª edición actualizada)

- Jesús Costas Santos, "Seguridad y Alta Disponibilidad", Ra-Ma 2011.

In-depth bibliography

- Yves-Michel Leporcher, Frédéric Goujon y Billal Chouli, "Blockchain. De la teoría a la práctica, de la idea a la implementación", ENI ediciones, 2020
- ACISSI, "Seguridad Informática – Ethical Hacking. Conocer el ataque para una mejor defensa", 2ª ed,ENI ediciones, 2013
C.J. Bennett y C.D. Raab, "The governance of privacy", MIT Press 2006
- B. Schneier, "Beyond Fear: Thinking Sensibly About Security in an Uncertain World", Springer, 2006.

Journals

IEEE Security & Privacy

- .Seguridad
https://revista.seguridad.unam.mx/ (acceso 20/05/2024)

Web addresses

- INCIBE: Instituto Nacional de Ciberseguridad (antes INTECO)
https://www.incibe.es (access: 20/05/2024)
- Criptored: red telemática de criptografía y seguridad de la información
https://www.criptored.es/ (access: 20/05/2024)
- Intypedia: Information Security Encyclopedia
https://intypedia.com/ (access: 20/05/2024)
- RedIRIS: Servicio de Seguridad
https://www.rediris.es/cert/ (access: 20/05/2024)
- SBD: Security By Default
http://www.securitybydefault.com/ (access: 20/05/2024)
- Hispasec
https://hispasec.com/ (access: 20/05/2024)
- Agencias Española y Vasca de Protección de Datos
https://www.aepd.es/ (access: 20/05/2024)
https://www.avpd.euskadi.eus/ (access: 20/05/2024)
- Un informático en el lado del mal (Chema Alonso)
https://www.elladodelmal.com/ (access: 20/05/2024)
- Softzone (seguridad)
https://www.softzone.es/category/seguridad/ (access: 20/05/2024)
- Cyberseguridad
https://cyberseguridad.net/ (access: 20/05/2024)
- Noticias seguridad
https://noticiasseguridad.com/ (access: 20/05/2024)