1. General information
Course:
SECURITY AND RISKS IN INFORMATION SYSTEMS
Code:
42403
Type:
ELECTIVE
ECTS credits:
6
Degree:
405 - DEGREE IN COMPUTER SCIENCE ENGINEERING (TA)
Academic year:
2023-24
Center:
15 - FACULTY OF SOCIAL SCIENCES AND INFORMATION TECHNOLOGIES
Group(s):
60
Year:
3
Duration:
C2
Main language:
Spanish
Second language:
Use of additional languages:
English Friendly:
Y
Web site:
Bilingual:
N
Lecturer:
FÉLIX ALBERTOS MARCO
- Group(s):
60
Building/Office
Department
Phone number
Email
Office hours
2.18
TECNOLOGÍAS Y SISTEMAS DE INFORMACIÓN
Felix.Albertos@uclm.es
2. Pre-Requisites
This is an optional subject of mention of the Module of Specific Technology of Information Systems. It is advisable to have taken the Basic Training module and the module Common to the Computer Science Branch (Modules I and II). It is recommended, therefore, to have a clear understanding of the basic concepts of interconnection and configuration of network devices, as well as an adequate level of performance in programming, operating systems and information systems.
3. Justification in the curriculum, relation to other subjects and to the profession
This course is part of the Specific Technology of Information Systems module. It is a necessary subject to obtain the mention corresponding to the mentioned intensification.
The course helps to achieve one of the skills that graduates in Computer Engineering at the UCLM must have: "Ability to design, develop, evaluate and ensure the accessibility, ergonomics, usability and security of computer systems, services and applications, as well as the information they manage".
The contents of this subject are related to those of other subjects taught in this curriculum: Information Systems, Operating Systems I, Computer Networks I and II, Professional Aspects of Computer Science, Development and Management of Information Systems.
4. Degree competences achieved in this course
| Course competences | |
|---|---|
| Code | Description |
| CB02 | Apply their knowledge to their job or vocation in a professional manner and show that they have the competences to construct and justify arguments and solve problems within their subject area. |
| CB03 | Be able to gather and process relevant information (usually within their subject area) to give opinions, including reflections on relevant social, scientific or ethical issues. |
| INS02 | Organising and planning skills. |
| INS03 | Ability to manage information and data. |
| INS04 | Problem solving skills by the application of engineering techniques. |
| PER01 | Team work abilities. |
| SI01 | Ability to integrate information and communiction technology solutions and entrepeneurial process so as to fulfil the needs for information in organisation, allowing them to meet their goals in an effective and efficient manner, providing them with competitive benefits. |
| SI02 | Ability to determine the needs of information and communication systems in an organisation, following security aspects and complying with current laws and regulations. |
| SI05 | Ability to understand and apply principles for the assessment of risks, and correctly apply them in the elaboration and execution of acting plans. |
| SI06 | Ability to understand and apply principles and management techniques for quality and technological innovation in organisations. |
| SIS01 | Critical thinking. |
| SIS03 | Autonomous learning. |
| SIS05 | Creativity. |
| SIS08 | Initiative and entrepreneurial abilities. |
| UCLM03 | Accurate speaking and writing skills. |
5. Objectives or Learning Outcomes
| Course learning outcomes | |
|---|---|
| Description | |
| Knowledge and application of the main mechanisms for securing company's IT and how to audit it. | |
| Ability to know how to define an information systems strategy and to know how to make a system plan that is aligned with this strategy. | |
| Ability to apply current regulations and legislation during the development, management and acquisition of information systems. | |
| Ability to use them to identify, prevent and resolve the most common and critical security threats. | |
| Knowledge of key information security concepts. | |
| Knowledge and application of the main risk management methods. | |
| Additional outcomes | |
| Not established. |
6. Units / Contents
-
Unit 1: Introduction
-
Unit 2: Information Security
-
Unit 3: Security in today's information systems
-
Unit 4: Risk management in information systems
-
Unit 5: Risk mitigation
-
Unit 6: Risk mitigation plans
7. Activities, Units/Modules and Methodology
| Training Activity | Methodology | Related Competences (only degrees before RD 822/2021) | ECTS | Hours | As | Com | Description | |
| Class Attendance (theory) [ON-SITE] | Lectures | INS03 SIS01 | 0.6 | 15 | N | N | ||
| Individual tutoring sessions [ON-SITE] | SIS01 SIS03 SIS05 | 0.18 | 4.5 | N | N | |||
| Study and Exam Preparation [OFF-SITE] | Self-study | INS02 INS03 SIS01 SIS03 SIS08 | 1.8 | 45 | N | N | ||
| Other off-site activity [OFF-SITE] | Practical or hands-on activities | INS02 INS03 INS04 PER01 SIS01 SIS03 SIS05 | 0.9 | 22.5 | N | N | ||
| Problem solving and/or case studies [ON-SITE] | Problem solving and exercises | CB02 CB03 INS02 INS04 PER01 SIS01 SIS03 SIS05 UCLM03 | 0.6 | 15 | Y | N | ||
| Writing of reports or projects [OFF-SITE] | Self-study | INS02 INS04 PER01 SIS01 SIS03 SIS05 UCLM03 | 0.9 | 22.5 | Y | N | ||
| Laboratory practice or sessions [ON-SITE] | Practical or hands-on activities | INS04 PER01 SI01 SI02 SI05 SI06 SIS01 SIS03 SIS05 | 0.72 | 18 | Y | Y | ||
| Other on-site activities [ON-SITE] | Assessment tests | INS02 INS04 SI01 SI02 SI05 SI06 SIS01 SIS03 SIS05 UCLM03 | 0.15 | 3.75 | Y | Y | ||
| Other on-site activities [ON-SITE] | Assessment tests | INS02 INS04 SI01 SI02 SI05 SI06 SIS01 SIS03 SIS05 UCLM03 | 0.15 | 3.75 | Y | Y | ||
| Total: | 6 | 150 | ||||||
| Total credits of in-class work: 2.4 | Total class time hours: 60 | |||||||
| Total credits of out of class work: 3.6 | Total hours of out of class work: 90 | |||||||
As: Assessable training activity Com: Training activity of compulsory overcoming (It will be essential to overcome both continuous and non-continuous assessment).
8. Evaluation criteria and Grading System
| Evaluation System | Continuous assessment | Non-continuous evaluation * | Description |
| Test | 25.00% | 0.00% | |
| Theoretical papers assessment | 15.00% | 15.00% | |
| Laboratory sessions | 25.00% | 25.00% | |
| Assessment of active participation | 10.00% | 10.00% | |
| Final test | 0.00% | 50.00% | |
| Test | 25.00% | 0.00% | |
| Total: | 100.00% | 100.00% |
According to art. 4 of the UCLM Student Evaluation Regulations, it must be provided to students who cannot regularly attend face-to-face training activities the passing of the subject, having the right (art. 12.2) to be globally graded, in 2 annual calls per subject , an ordinary and an extraordinary one (evaluating 100% of the competences).
Evaluation criteria for the final exam:
-
Continuous assessment:Evaluation criteria not defined
-
Non-continuous evaluation:Evaluation criteria not defined
Specifications for the resit/retake exam:
Evaluation criteria not defined
Specifications for the second resit / retake exam:
Evaluation criteria not defined
9. Assignments, course calendar and important dates
| Not related to the syllabus/contents | |
|---|---|
| Hours | hours |
| Unit 1 (de 6): Introduction | |
|---|---|
| Activities | Hours |
| Class Attendance (theory) [PRESENCIAL][Lectures] | 3 |
| Individual tutoring sessions [PRESENCIAL][] | 1.5 |
| Study and Exam Preparation [AUTÓNOMA][Self-study] | 9 |
| Other off-site activity [AUTÓNOMA][Practical or hands-on activities] | 1.5 |
| Problem solving and/or case studies [PRESENCIAL][Problem solving and exercises] | 3 |
| Writing of reports or projects [AUTÓNOMA][Self-study] | 1.5 |
| Laboratory practice or sessions [PRESENCIAL][Practical or hands-on activities] | 3 |
| Other on-site activities [PRESENCIAL][Assessment tests] | .75 |
| Other on-site activities [PRESENCIAL][Assessment tests] | .75 |
| Unit 2 (de 6): Information Security | |
|---|---|
| Activities | Hours |
| Class Attendance (theory) [PRESENCIAL][Lectures] | 4 |
| Individual tutoring sessions [PRESENCIAL][] | 1 |
| Study and Exam Preparation [AUTÓNOMA][Self-study] | 12 |
| Other off-site activity [AUTÓNOMA][Practical or hands-on activities] | 7 |
| Problem solving and/or case studies [PRESENCIAL][Problem solving and exercises] | 4 |
| Writing of reports or projects [AUTÓNOMA][Self-study] | 7 |
| Laboratory practice or sessions [PRESENCIAL][Practical or hands-on activities] | 5 |
| Other on-site activities [PRESENCIAL][Assessment tests] | 1 |
| Other on-site activities [PRESENCIAL][Assessment tests] | 1 |
| Unit 3 (de 6): Security in today's information systems | |
|---|---|
| Activities | Hours |
| Class Attendance (theory) [PRESENCIAL][Lectures] | 4 |
| Individual tutoring sessions [PRESENCIAL][] | 1 |
| Study and Exam Preparation [AUTÓNOMA][Self-study] | 12 |
| Other off-site activity [AUTÓNOMA][Practical or hands-on activities] | 7 |
| Problem solving and/or case studies [PRESENCIAL][Problem solving and exercises] | 4 |
| Writing of reports or projects [AUTÓNOMA][Self-study] | 7 |
| Laboratory practice or sessions [PRESENCIAL][Practical or hands-on activities] | 5 |
| Other on-site activities [PRESENCIAL][Assessment tests] | 1 |
| Other on-site activities [PRESENCIAL][Assessment tests] | 1 |
| Unit 4 (de 6): Risk management in information systems | |
|---|---|
| Activities | Hours |
| Class Attendance (theory) [PRESENCIAL][Lectures] | 4 |
| Individual tutoring sessions [PRESENCIAL][] | 1 |
| Study and Exam Preparation [AUTÓNOMA][Self-study] | 12 |
| Other off-site activity [AUTÓNOMA][Practical or hands-on activities] | 7 |
| Problem solving and/or case studies [PRESENCIAL][Problem solving and exercises] | 4 |
| Writing of reports or projects [AUTÓNOMA][Self-study] | 7 |
| Laboratory practice or sessions [PRESENCIAL][Practical or hands-on activities] | 5 |
| Other on-site activities [PRESENCIAL][Assessment tests] | 1 |
| Other on-site activities [PRESENCIAL][Assessment tests] | 1 |
| Global activity | |
|---|---|
| Activities | hours |
10. Bibliography and Sources
| Author(s) | Title | Book/Journal | Citv | Publishing house | ISBN | Year | Description | Link | Catálogo biblioteca |
|---|---|---|---|---|---|---|---|---|---|
| Darril Gibson, Andy Igonor | Managing Risk in Information Systems (Information Systems Security & Assurance), Third Edition | Jones and Bartlett Publishers, Inc | 978-1284183719 | 2020 | |||||
| David Kim, Michael G. Solomon | Fundamentals of Information Systems Security. Thrid Edition | Jones and Bartlett Publishers, Inc | 978-1284116458 | 2016 | |||||
| Nipun Jaswal | Mastering Metasploit, 3/E | Packt Publishing | 978-1-78899-061-5 | 2018 | https://learning.oreilly.com/library/view/mastering-metasploit-/9781788990615/cover.xhtml | ||||
| William Stalling and Lawrie Brown | Computer Security. Principles and Practice, 3/E | Pearson | 1-292-06617-2 | 2015 |