Logo UAB
2020/2021

Information Systems Security Management

Code: 102161 ECTS Credits: 6
Degree Type Year Semester
2501232 Business and Information Technology OT 4 0
The proposed teaching and assessment methodology that appear in the guide may be subject to changes as a result of the restrictions to face-to-face class attendance imposed by the health authorities.

Contact

Name:
Xavier Verge Mestre
Email:
Xavier.Verge@uab.cat

Use of Languages

Principal working language:
catalan (cat)
Some groups entirely in English:
No
Some groups entirely in Catalan:
No
Some groups entirely in Spanish:
No

Teachers

Miguel Angel de Cara Ruiz
Genis Margarit Contel

Prerequisites

It would be advisable to follow also the course on networks offered in the degree (102169-Xarxes)

Objectives and Contextualisation

 Specific objectives:

• Analyse the situation of information security in organizations

• Understand the needs of information security in organizations and transmit them to the Management

• Understand the legal environment, international standards and regulations affecting information security

• Identify the impact of regulatory compliance relating to information security in organizations

 

 Specific Skills

 • Demonstrate skills in the overview of the security into the organization

• Demonstrate knowledge about the alignment of the organization's objectives with the information security objectives

• Identify the security status of the organisation from the management point of view

• Demonstrate knowledge of the course of action when information security risks are identified

• Demonstrate ability to communicate technical security topics to non-technical recipients, in both orally and in writing

 

Learning Outcomes

• Assess the state of information security in the organization, in line with the industry, the legal context, and the level of risk assumed by the Management

• Define the strategy of implementing a security management plan in the absence of this

• Provide students with technical and management skills to identify and, if apply, propose recommendations regarding technologies to be used, especially regarding the criteria to use cloud computing solutions.

• Write correctly and understandable documents and reports needed to comply with the rules and regulations applicable to the organization.

Competences

  • Appropriately drawing up technical reports according to the customer's demands.
  • Communicating with experts of other fields and non-experts.
  • Demonstrating a comprehension of the business information systems, taking into account their three specific dimensions (informational, technological and organisational) and being active in the specification, design and implementation of said systems.
  • Demonstrating a concern for quality in the objectives and development of the work.
  • Demonstrating the ability to plan in accordance to the objectives and available resources.
  • Proposing and managing the implementation of information systems depending on the quality requirements, sustainability and security in order to help them meet the organisation objectives.

Learning Outcomes

  1. Appropriately drawing up technical reports according to the customer's demands.
  2. Communicating with experts of other fields and non-experts.
  3. Demonstrating a concern for quality in the objectives and development of the work.
  4. Demonstrating the ability to plan in accordance to the objectives and available resources.
  5. Distinguishing the safety management activities and their implication in the design and implementation of information systems.
  6. Proposing and managing the implementation of information systems depending on the quality requirements, sustainability and security in order to help them meet the organisation objectives.

Content

1. Information Security

• What does Information Security mean?

• Importance of information security in corporate environments

• Risk assessment of information technology in corporate environments

• Information security related frameworks (ISO27001, SANS, CSA)

2. Technological environments

• Networks Communications

• Cloud Computing technological environments

• Forensic analysis in corporate environments

3. Ciphering and Cryptography

• Methods of enciphering

Symmetric and asymmetric key systems

Digital Signature

4. Compliance

• Legal Environment (GDPR, LOPD, LSSI, electronic signature, ..)

• Standards and recognized bodies (ISO, ISACA)

Methodology

General features

  1. Teacher-student relationship
    Relevant information of the subject detailing the particulars of the course (e.g. teaching guide, dates and conditions of the delivery of solved exercises and reports) will be published in the virtual campus. Eventual changes will be always posted in the Virtual Campus, since it is to be considered as the usual mechanism of exchange of information between teacher and students.
  2. Languages
    Classes will be conducted mostly in Catalan or Spanish although it is very common the appearance of terms in English. The written material or support to the subject (notes, bibliography, references or even exercises or cases) can be provided in Catalan or Spanish or in English. In this course the use of the English language may not be exceptional but usual. The final test and the retake exam will be written in Catalan or Spanish. Tests and exercises can be answered (and if necessary presented) in Catalan, Spanish or English.

 

Types of activities proposed during the course

  1. Theoretical classes, cases and sessions of exercises: These are lectures reserved to present the basic content of the subject. Furthermore, possible ways to complete or deepen the information received in these sessions are indicated. The case method can also be used as a teaching tool, depending on the degree of student participation.
  2. Problem Based Learning, cooperative learning, workshops and practical exercises:Some sessions will also make use of active learning methodologies or applied exercises where the student will have to face situations close to the daily professional practice of the subject. At least one individual activity and a teamwork will be required during the course, both supervised by the teaching team of the subject.
  3. Both teamwork and the collaborative exchange of information and tools to solve problems will be encouraged. However, the final learning process must be individual, carried out by the autonomous activity of each student, which should complement and enrich the work initiated into the lectures of the course. Supervised activity, around regulated tutoring and sporadic consultations, is also an essential tool in the acquisition of the knowledge provided by the subject.

Activities

Title Hours ECTS Learning Outcomes
Type: Directed      
Problem and exercise solving 15 0.6 2, 5, 6
Theoretical Classes and Case Studies 30 1.2 5, 6
Type: Supervised      
Teamwork 20 0.8 2, 5, 6
Type: Autonomous      
Individual work 50 2 5, 6
Report writing and Case Study preparation 32 1.28 2, 5, 6

Assessment

The evaluation consists of two complementary parts:

(1) Practices, Exercises and Participation (6 points):

  • Exercise (s) of problem-based learning, teamwork or individual work, class presentation of results and other tests to be determined. If the weight of the activity is 1 or more points, a notice will be published on the virtual campus at least one week in advance.
  • These activities, because they are continuously evaluated, can not be recovered. They will be delivered within the established deadlines and conditions that will be made public in the Virtual Campus of the subject.

(2) Exams/Theory (4 points):

  • Final written test on concepts and aspects dealt with during the course.
  • Mid-term exam.

General conditions to pass:


To pass the subject it is necessary to obtain 5 points having reached the following minimums:

  • Practices Exercises and Participation: minimum 2.5 points out of 6
  • Theory: minimum 1.5 points out of 4

Calculation of the final grade:

  • If the above mentioned minimums are reached, the final grade will consist of at least the sum of the marks obtained in the two parts. The professor may, however, increase it according to objective and equitable criteria. A student obtaining at least a grade of 5 will pass, whereas he/she will fail if the grade is less than 3.5; otherwise the student is allowed to go through the retake process described below.
  • If the minimum of the Practices, Exercises and Participation mark is not reached, the final grade of the subject will be that of this part and thus the student fails.
  • If the minimum of the Theory part is not reached, and the sum of the marks obtained in both parts is less than 3.5 points, the final grade will be this sum and therefore the student fails.
  • If the minimum of the Theorypart is not reached, and the sum of the marks obtained in both parts is greater than or equal to 3.5 points, the student is allowed to go through the retake process described below.

Any student who has made at least two deliveries in the continuous evaluation can not be considered as "non evaluable"..

Calendar of evaluation activities

The dates of the evaluation activities (exercises, assignments ...) will be announced well in advance during the semester.

The dates of the midterm and final exams are scheduled in the assessment calendar of the Faculty.

"The dates of evaluation activities cannot be modified, unless there is an exceptional and duly justified reason why an evaluation activity cannot be carried out. In this case, the degree coordinator will contact both the teaching staff and the affected student,and a new date will be scheduled within the same academic period to make up for the missed evaluation activity." Section 1 of Article 115. Calendar of evaluation activities (Academic Regulations UAB). Students of the Faculty of Economics and Business, who in accordance with the previous paragraph need to change an evaluation activity date must process the request by filling out an Application for exams' reschedulehttps://eformularis.uab.cat/group/deganat_feie/application-for-exams-reschedule

 

Grade revision process

After all grading activities have ended, students will be informed of the date and way in which the course grades will be published. Students will be also be informed of the procedure, place, date and time of grade revision following University regulations.

 

Retake Process

"To be eligible to participate in the retake process, it is required for students to have been previously been evaluated for at least two thirds of the total evaluation activities of the subject." Section 3 of Article 112 ter. The recovery (UAB Academic Regulations). Additionally, it is required that the student to have achieved an average grade of the subject between 3.5 and 4.9.

The date of the retake exam will be posted in the calendar of evaluation activities of the Faculty. Students who take this exam and pass, will get a grade of 5 for the subject. If the student does not pass the retake, the grade will remain unchanged, and hence, student will fail the course.

 

Irregularities in evaluation activities

In spite of other disciplinary measures deemed appropriate, and in accordance with current academic regulations, "in the case thatthe student makes any irregularity that could lead to a significant variation in the grade of an evaluation activity, it will be graded with a 0, regardless of the disciplinary process that can be instructed. In case of various irregularities occurin the evaluation of the same subject, the final grade of this subject will be 0". Section 10 of Article 116. Results of the evaluation. (UAB Academic Regulations).

Assessment Activities

Title Weighting Hours ECTS Learning Outcomes
Classwork, teamwork and participation 60% 0 0 2, 4, 3, 5, 6, 1
Exams 40% 3 0.12 3, 5, 6

Bibliography

You'll find it in the Virtual Classroom