Security and Privacy of Information Systems
Code: 104539 ECTS Credits: 6| Degree | Type | Year |
|---|---|---|
| 2500001 Management of Smart and Sustainable Cities | OB | 2 |
Contact
- Name:
- Joan Bartrina Rapesta
- Email:
- joan.bartrina@uab.cat
Teachers
- (External) Enric Alibech
Teaching groups languages
You can view this information at the end of this document.
Prerequisites
None.
Objectives and Contextualisation
In this subject, basic concepts related to security and privacy aspects when applying Information Technologies and Communications solutions in the society will be introduced.
It will be mandatory to introduce basic knowledge about technologies, the impact on the privacy of its use, cybersecurity tools, security audits, computer forensics, and legal aspects.
Competences
- Critically analyse work carried out and demonstrate a desire to improve.
- Design platforms of management, integration of public and government services applying technologies and systems of sensorization, acquisition, processing and communication of data.
- Generate innovative and competitive proposals in professional activity.
- Prevent and solve problems, adapt to unforeseen situations and take decisions.
- Solve urban management problems using knowledge, methodology and procedures for the design and implementation of computer applications for different types of environment (web, mobile, cloud) and different paradigms.
- Students must be capable of collecting and interpreting relevant data (usually within their area of study) in order to make statements that reflect social, scientific or ethical relevant issues.
- Students must be capable of communicating information, ideas, problems and solutions to both specialised and non-specialised audiences.
- Students must develop the necessary learning skills to undertake further training with a high degree of autonomy.
- Work cooperatively in complex and uncertain environments and with limited resources in a multidisciplinary context, assuming and respecting the role of the different members of the group.
Learning Outcomes
- Critically analyse work carried out and demonstrate a desire to improve.
- Describe the essential mechanisms of data transmission, and international standards.
- Describe the security needs of a computer application as the basis for managing a service in which sensitive data is stored, handled and transmitted.
- Generate innovative and competitive proposals in professional activity.
- Prevent and solve problems, adapt to unforeseen situations and take decisions.
- Students must be capable of collecting and interpreting relevant data (usually within their area of study) in order to make statements that reflect social, scientific or ethical relevant issues.
- Students must be capable of communicating information, ideas, problems and solutions to both specialised and non-specialised audiences.
- Students must develop the necessary learning skills to undertake further training with a high degree of autonomy.
- Work cooperatively in complex and uncertain environments and with limited resources in a multidisciplinary context, assuming and respecting the role of the different members of the group.
Content
Introduction
1. The security of information
1.1 The value of information
1.2 Basic ideas about information security
1.3 Technical security and legal security
1.4 Kinds of security
2. Practical strategies in security
2.1 What is security in computer science?
2.2 Basic measures in security
2.3 Data and applications security
2.4 Entities responsible for the security
3. Cryptography and digital signature
3.1 Basics of cryptography
3.2 Public and private keys
3.3 Symmetric and asymmetric keys
3.4 Certification authorities
3.5 The digital signature
4. Security in computer networks and communications
4.1 Internet.
5. Introduction to exploiting vulnerabilities
5.2 Intrusion: exploding of vulnerabilities.
5.3 Common Intrusion tools
6. Computer Forensics
6.1 Forensics sciences
6.2 Computer forensics
6.3 Stages of a forensics analysis
6.4 Legal aspects of the investigation of computer crimes.
7. International standards of legal compliance.
7.1 Security plans
7.2 Information systems audits
7.3 Normative
Activities and Methodology
| Title | Hours | ECTS | Learning Outcomes |
|---|---|---|---|
| Type: Directed | |||
| Theory | 26 | 1.04 | |
| Type: Supervised | |||
| Problems and practices | 24 | 0.96 | |
| Type: Autonomous | |||
| Autonomous work (practices, activities) | 96 | 3.84 |
The theoretical knowledge is introduced and reinforced through the oral presentation of the teacher, as well as through autonomous work of the student with the study of specific materials or with learning activities proposed by the teacher of the subject.
All the data and materials of the subject will be available in the Virtual Campus. This same platform will be used to achieve fluid communication between the students and the teacher.
The teaching methodology will be based on three types of activity:
- Directed activity: theoretical, practical and problem analysis classes.
- Supervised activity: assistance to tutorials and performance of exercises with guided follow-up.
- Autonomous activity: part of the student's study and resolution of cases, individually or in groups.
Transversal competences
T03 Generate innovative and competitive proposals in professional activity.
T05 Critically evaluate the work done and demonstrate a spirit of improvement.
Supervised activities will be discussed and evaluated.
Annotation: Within the schedule set by the centre or degree programme, 15 minutes of one class will be reserved for students to evaluate their lecturers and their courses or modules through questionnaires.
Assessment
Continous Assessment Activities
| Title | Weighting | Hours | ECTS | Learning Outcomes |
|---|---|---|---|---|
| Evaluation of theorical contents | 60 | 4 | 0.16 | 2, 6, 7, 8 |
| Participation | 10 | 0 | 0 | 4, 5, 6, 7 |
| Preparation of work document and defense | 30 | 0 | 0 | 1, 3, 5, 7, 9 |
The evaluation of the learning will be of continuous and will consist of the following elements:
a) Two tests on the contents of the syllabus. These exams will be done in the middle and at the end of the semester. They will represent 60% of the final mark (30% + 30%).
b) The student will do a set of practical tasks in groups of two people. The performance of the work represents 20% and the ability to resolve problems autonomously 10%.
c) The evaluation of the active participation of the student in the debates and the activities of the course, and the quality of the documents delivered. It will represent 10% of the final mark.
1. Continuous assessment tests
There are two tests that include the six blocks of matter (1, 2 and 3 in the first test and 4, 5 and 6 in the second test). Continuous evaluation dates are set at the beginning of the course and do not have alternative recovery date in case of non-attendance. If there is any change in programming due to adaptation to possible incidents, it will always be reported on these changes.
|
Continuous assessment tests |
Weight of tests |
Minimum score to calculate averages |
|
1,2,3 |
50% |
4.0 |
2. Final evaluation note
| Final score | Weight in final score
|
|
Continuous evaluation |
60% |
3. Will pass the subject anyone who:
• Have passed the two exams with at least a score of 4 and with a minimum average grade of 5.
• Have the delivered works approved (minimum grade of 5 in all deliveries).
• Have participated regularly in the activities of the course.
• Obtain a minimum global grade equal to or greater than 5.
4. Rating
The final score of the subject will be the weighted average of all the evidence of evaluation: exams (60%), practice works (20%), ability to resolve problems (10%) and participation (10%). It will consist of a score between 0 and 10. To pass the course you must have obtained a minimum total score of 5.
5. Re-evaluation
Once the ordinary assessment has finished, the student will have the possibility of a re-evaluation exam within the dates programmed by the Faculty.
a) In order to be able to re-evaluate, it must have participated in the evaluation tests and delivered the work as well as having done the defense.
b) The results of the work and the defense will not be re-evalauated.
c) In the re-evaluation, the maximum grade that can be obtainedfor each of the re-evaluated tests is 5.
6. Repeating students
At the beginning of the academic year, if possible, it will be notified if there is validation of the work and its defense. In case of being, the validation will only be made to those students that request it and have passed the work and the defense in the previous course.
7. Non-evaluable cases
In case no delivery is made, it will not be included in any laboratory session and no exam will be carried out, the corresponding grade will be "not evaluable". In any other case, "unanswered" counts as a 0 for calculating the weighted average, which will be a maximum of 4.5. That is, participation in an activity evaluated implies that "not presented" in other activities such as zeros are taken into account. For example, an absence in a laboratory session implies a zero note for that activity.
8. Honors license plates
To pass the course with honors, the student will have to a grade greater than or equal to 9.5 in each part, up to 5% of those enrolled in descending order of final grade. At the discretion of the teaching staff, they may also be granted in other cases.
9. Copies, plagiarisms and irregularities
Notwithstanding other disciplinary measures deemed appropriate, and in accordance with the current academic regulations, irregularities committed by a student that may lead to a variation of the qualification will be classified by zero (0). For example, plagiarizing, copying, copying, ..., an evaluation activity, will imply suspending this evaluation activity with zero (0). Assessment activities qualified in this way and by this procedure will not be recoverable. If it is necessary to pass any of these assessment activities to pass the subject, this subject will be suspended directly, without opportunity to re-evaluate it in thesame course.
Bibliography
- Colobran, M. Arques, J. Iparraguirre, J. Com s'ha de fer l'informe pericial d'un delicte informàtic?
Editorial UOC (2012)
- Guia del Reglamento General de Protección de Datos para Responsables de Tratamiento. Agencia Espanyola de Protección de Datos.
https://www.aepd.es/media/guias/guia-rgpd-para-responsables-de-tratamiento.pdf
- Guia práctica para las evaluaciones de impacto en la protección de los datos sujetas al RGPD. Agencia Espanyola de Protección de Datos.
https://www.aepd.es/media/guias/guia-evaluaciones-de-impacto-rgpd.pdf
- GUÍA PRÁCTICA para la evaluación de impacto relativa a la protección de datos. Agencia Espanyola de Protección de Datos (2018)
http://apdcat.gencat.cat/web/.content/03-documentacio/Reglament_general_de_proteccio_de_dades/documents/GUIA-EVALUACION-DE-IMPACTO-CAST-2.0.pdf
- Garcia, E. Lopez, M. Ortega,J Una introducción a la CRIPTOGRAFIA (2005)
http://www.criptored.upm.es/guiateoria/gt_m182a.htm
- Smart Cities. Development and Governance Frameworks. Editors: Mahmood, Zaigham (Ed.) (2018)
- Smart Cities Cybersecurity and Privacy. Editors: Danda Rawat Kayhan Zrar Ghafoor. (1st November 2018)
Software
The latest Kali Linux distribution will be used during the course.
Language list
Information on the teaching languages can be checked on the CONTENTS section of the guide.