Cybersecurity is a necessity in the labour market. According to Gartner, 60% of workers perform their functions remotely, so there is a growing need for workers trained in basic cybersecurity concepts, and 80% of organisations will take cybersecurity risks into account in their daily activities.

This course provides an introduction to the basic concepts of cybersecurity so that a broad spectrum of students can be trained in the subject.

This is an optional subject and is common to the following degrees:

• Grado en Ingeniería Electrónica y Automática

• Grado en Ingeniería Química Industrial

• Grado en Ingeniería Informática de Gestión y Sistemas de Información

These degrees are taught on the Araba campus. As it is common to the different degrees, this subject represents the first step for any student in the field of cybersecurity.

The main objective is, therefore, for students to acquire a general knowledge of cybersecurity in order to be able to decide whether they want to enter the world of cybersecurity and develop their professional career in this field.





Gartner https://www.gartner.es/es/articulos/las-7-principales-tendencias-en-ciberseguridad-para-2022

General competences

G003 - Ability to design, develop, evaluate and ensure the accessibility, ergonomics, usability and security of computer systems, services and applications, as well as of the information they manage.

G004 - Ability to define, evaluate and select hardware and software platforms for the development and implementation of computer systems, services and applications, in accordance with the knowledge acquired as established in section 5 of Annex II to the Resolution of the General Secretariat of Universities of 8 June 2009.

G007 - Ability to know, understand and apply the necessary legislation during the development of the profession of Technical Engineer in Computer Science and to handle specifications, regulations and compulsory standards.

G008 - Knowledge of basic subjects and technologies, enabling them to learn and develop new methods and technologies, as well as those that provide them with great versatility to adapt to new situations.

G009 - Ability to solve problems with initiative, decision-making, autonomy and creativity. Ability to know how to communicate and transmit the knowledge, skills and abilities of the profession of Technical Engineer in Computer Science.

G011 - Ability to analyse and assess the social and environmental impact of technical solutions, understanding the ethical and professional responsibility of the activity of the Computer Engineering Technician.



SPECIFIC COMPETENCES

M02CM01 - Ability to design, develop, select and evaluate computer applications and systems, ensuring their reliability, security and quality, in accordance with ethical principles and current legislation and regulations.

M02CM18 - Knowledge of the rules and regulations of computer science at national, European and international levels.

M03CM02 - Ability to determine the requirements of an organisation's information and communication systems, taking into account security aspects and compliance with current legislation and regulations.

M03CM05 - Ability to understand and apply the principles of risk assessment and apply them correctly in the development and implementation of action plans.



Grado en Ingeniería Electrónica Industrial y Automática y Grado en Ingeniería Química Industrial

General competences

C3 - Knowledge of basic and technological subjects, which enables them to learn new methods and theories, and gives them the versatility to adapt to new situations.

C6 - Ability to handle specifications, regulations and mandatory standards.

C9 - Capacity for organisation and planning in the sphere of the company and other institutions and organisations.

Transversal competences

C12 - Adopt a responsible, orderly attitude at work and willingness to learn, considering the challenge posed by the necessary continuous training.



Learning outcomes

RA1- Know the main professional careers in the field of cybersecurity.

RA2 - Know the main techniques related to cybersecurity.

RA3 - Know the regulations applicable to cybersecurity.

1. Introduction to Cybersecurity

1.1. Core competencies of cybersecurity professionals.

1.2. Principles of security. CID triad.

2. Security Risk Management

2.1. Basic concepts

2.2. Security governance

2.3. Types and categories of defensive access controls

2.4. Risk analysis

2.5. Types of attacks

2.6. Business continuity and disaster recovery

3. Operational Security

3.1. Security management

3.2. Separation of environments

3.3. Backup and Restore

3.4 Monitoring, event logging and intrusion detection

3.5. Forensic analysis

3.6. Redundancy and Fault Tolerance

3.7. Threats to the security of operations

3.8. Software vulnerabilities

4. Cryptography

4.1. Introduction

4.2. Symmetric cryptography

4.3. Asymmetric cryptography

4.4. Hash Functions

5. Access Control Methodologies

5.1. Identification and authentication

5.2. Information, physical and biometric keys

5.3. Secure passwords

6. Legislation and Data Protection

6.1. Privacy

6.2. GDPR

The teaching methodology is based on cooperative learning, using mainly group work and autonomous learning.



During the master classes there are sessions in which concepts are presented, reinforced with examples of situations in which these concepts are to be used.

During the exercise classes, the topic related to the lectures is developed in a practical way. These exercises will be mainly developed by the students in the most autonomous way possible.



During the development of the classes, group work activities, discussion and presentation of the results of exercises will be carried out systematically, with the aim of encouraging direct participation in the development of the course and to promote the motivation of the students.

• Continuous Assessment System
• Final Assessment System
• Tools and qualification percentages:
  • Written test to be taken (%): 30
  • Team projects (problem solving, project design)) (%): 70

For the ordinary exams, the default method will be continuous assessment, based on lectures, completion and defence of assignments and reports, with a low percentage of final written assessment. Class attendance will be compulsory.

The waiver of continuous assessment implies the completion of a final written exam of 100% of the subject.

The extraordinary exam will consist of a final written exam of 100% of the subject, or the development of a cybersecurity technique with its laboratory and solved and documented exercises.

The teaching materials will be made available to students through the egela platform or the teacher's website.

Basic bibliography

• Hunter, John M. D. An Information Security Handbook. Computer Communications and Networks. London: Springer London, 2001. https://doi.org/10.1007/978-1-4471-0261-8.

• Information Assurance. Computer Communications and Networks. London: Springer-Verlag, 2006. https://doi.org/10.1007/1-84628-489-9.

• Kizza, Joseph Migga, ed. A Guide to Computer Network Security. London: Springer London, 2009. https://doi.org/10.1007/978-1-84800-917-2.

• Thames, Lane, y Dirk Schaefer, eds. Cybersecurity for Industry 4.0. Springer Series in Advanced Manufacturing. Cham: Springer International Publishing, 2017. https://doi.org/10.1007/978-3-319-50660-9.

• EBEL, F. Hacking y Forensic: Desarrolle sus propias herramientas en Python. Epsilon. ENI, 2016. https://books.google.es/books?id=QXkcdCqMu4QC.

• OWASP. «OWASP», 2024. https://owasp.org/.

• Seguridad informática: ethical hacking : conocer el ataque para una mejor defensa. Epsilon (ENI). Ed. ENI, 2011. https://books.google.es/books?id=_ErN7om5HnAC.

In-depth bibliography

Bécue, Adrien, Nora Cuppens-Boulahia, Frédéric Cuppens, Sokratis Katsikas, y Costas Lambrinoudakis, eds. Security of Industrial Control Systems and Cyber Physical Systems. Vol. 9588. Lecture Notes in Computer Science. Cham: Springer International Publishing, 2016. https://doi.org/10.1007/978-3-319-40385-4.
Colbert, Edward J. M., y Alexander Kott, eds. Cyber-security of SCADA and Other Industrial Control Systems. Vol. 66. Advances in Information Security. Cham: Springer International Publishing, 2016. https://doi.org/10.1007/978-3-319-32125-7.
Hardening Linux. Apress, 2005. https://doi.org/10.1007/978-1-4302-0005-5.
Hassell, Jonathan. Hardening Windows. Berkeley, CA: Apress, 2004. https://doi.org/10.1007/978-1-4302-0681-1.
Machiraju, Suren, y Suraj Gaurav. Hardening Azure Applications. Berkeley, CA: Apress, 2015. https://doi.org/10.1007/978-1-4842-0920-2.
Goel, Sanjay, Yuan Hong, Vagelis Papakonstantinou, y Dariusz Kloza. Smart Grid Security. SpringerBriefs in Cybersecurity. London: Springer London, 2015. https://doi.org/10.1007/978-1-4471-6663-4.
Information Assurance. Computer Communications and Networks. London: Springer-Verlag, 2006. https://doi.org/10.1007/1-84628-489-9.

Journals

IEEE Security & Privacy https://www.computer.org/csdl/magazine/sp/2022/01

Web addresses

https://sp2024.ieee-security.org/
www.incibe.es
https://www.ciberseguridad.eus/
www.isaca.org