Guia docente 2023_24
Centro Universitario de la Defensa de la Escuela Naval Militar de Marín
Master Universitario en Dirección TIC para la defensa
 Subjects
  Security management and risk analysis
   Contents
Topic Sub-topic
Topic 1: Introduction to Information Security Management. - The strategic importance of information and digital assets.
- The information security management process.
- Definition of security policies, plans, and procedures.
- Information Security Professionals: competencies, training, and certifications.
Topic 2: Risk Analysis and Management - The process of risk identification, analysis, and evaluation. - Review of major vulnerabilities and types of attacks on computer systems.
- Risk treatment.
- MAGERIT methodology.
- The model proposed by ISO 31000.
Topic 3: Information Security Management System. - Characteristics of an ISMS (Information Security Management System).
- Security certifications and standards: ISO 27001 and ENS.
- Information security policy and management in MINISDEF.
- STIC regulations of CCN.
Topic 4: Security Audits and Incident Response. - The information security audit process.
- Security incident management.
Topic 5: The importance of the human factor in information security. - Aspects to consider regarding the human factor and security.
- Social Engineering techniques.
- Phishing attacks.
- Definition of policies for safe and acceptable use of computer resources.

Universidade de Vigo            | Rectorado | Campus Universitario | C.P. 36.310 Vigo (Pontevedra) | España | Tlf: +34 986 812 000