More and more companies need specialists in security management applied to IT. This program will allow you to progress professionally, delving into issues such as business continuity planning associated with security"

It is a fact: there are hardly any companies that do not use digital and IT tools in their internal processes. Activities and operations such as employee identification, logistics systems or contact with suppliers and customers are now mainly carried out using information technology. But these technologies must be subject to proper design and monitoring, as they can be exploited to obtain data or to gain access to sensitive aspects of the company.

For this reason, the security management specialist is an increasingly in-demand position, and cannot be filled by just any IT specialist. Highly up-to-date knowledge that takes into account the latest developments in cybersecurity is required. Thus, this Postgraduate diploma has been designed to offer the professional the latest advances in this area, delving into issues such as security audits, terminal equipment security, or the most effective response to different incidents.

This program is also developed in a 100% online format that adapts to the circumstances of the professional, allowing them to study when, where and however they want. It will also have a teaching staff of great prestige in the field of cybersecurity that will be supported by numerous multimedia resources to make the learning process comfortable, fast and effective.

This program will allow you to go deeper into aspects such as the life cycle of a business continuity plan or vulnerability management"

This Postgraduate diploma in IT Security Management contains the most complete and up-to-date educational program on the market. Its most notable features are:

• Case studies presented by IT and cybersecurity experts
• The graphic, schematic, and practical contents with which they are created, provide scientific and practical information on the disciplines that are essential for professional practice
• Practical exercises where the self-assessment process can be carried out to improve learning
• Its special emphasis on innovative methodologies
• Theoretical lessons, questions to the expert, debate forums on controversial topics, and individual reflection assignments
• Access to content from any fixed or portable device with an Internet connection

TECH provides you with the best multimedia resources: case studies, theoretical and practical activities, videos, interactive summaries... Everything so that the learning process is agile and you can take advantage of every minute invested"

The program’s teaching staff includes professionals from sector who contribute their work experience to this training program, as well as renowned specialists from leading societies and prestigious universities.

The multimedia content, developed with the latest educational technology, will provide the professional with situated and contextual learning, i.e., a simulated environment that will provide immersive training programmed to train in real situations.

This program is designed around Problem-Based Learning, whereby the professional must try to solve the different professional practice situations that arise throughout the program. For this purpose, the student will be assisted by an innovative interactive video system created by renowned and experienced experts.

You will be able to respond appropriately to all types of cybersecurity threats. Enroll and become a leading specialist"

Study at your own pace, without interruptions or rigid schedules: TECH's teaching method is that convenient"

The syllabus of this Postgraduate diploma in IT Security Management has been structured into 3 modules that will be developed throughout 450 hours of learning. During this period, the professional will delve into relevant aspects of this sector such as forensic analysis, information security models, the regulatory framework applicable in this area or the configuration of network security rules, among many other issues.

You will have at your disposal the most comprehensive syllabus, presented through didactic resources that you can access 24 hours a day”

Module 1. Information Security Architectures and Models

1.1. Information Security Architecture

1.1.1. ISMSI / PDS
1.1.2. Strategic Alignment
1.1.3. Risk Management
1.1.4. Performance Measurement

1.2. Information Security Models

1.2.1. Based on Security Policies
1.2.2. Based on Protection Tools
1.2.3. Bases on Teamwork

1.3. Security Model Key Components

1.3.1. Risk Identification
1.3.2. Definition of Controls
1.3.3. Continuous Assessment of Risk Levels
1.3.4. Awareness Plan for Employees, Suppliers, Partners, etc.

1.4. Risk Management Process

1.4.1. Asset Identification
1.4.2. Threat Identification
1.4.3. Risk Assessment
1.4.4. Prioritization of Controls
1.4.5. Reassessment and Residual Risk

1.5. Business Processes and Information Security

1.5.1. Business Processes
1.5.2. Risk Assessment Based on Business Parameters
1.5.3. Business Impact Analysis
1.5.4. Business Operations and Information Security

1.6. Continuous Improvement Process

1.6.1. Deming’s Cycle

1.6.1.1. Planning
1.6.1.2. Do
1.6.1.3. Verify
1.6.1.4. Act

1.7. Security Architectures

1.7.1. Selection and Homogenization of Technologies
1.7.2. Identity Management Authentication
1.7.3. Access Management Authorization
1.7.4. Network Infrastructure Security
1.7.5. Encryption Technologies and Solutions
1.7.6. Endpoint Detection and Response (EDR)

1.8. Regulatory Framework

1.8.1. Sectoral Regulations
1.8.2. Certifications
1.8.3. Legislations

1.9. The ISO 27001 Standard

1.9.1. Implementation
1.9.2. Certification
1.9.3. Audits and Penetration Tests
1.9.4. Continuous Risk Management
1.9.5. Classification of Information

1.10. Privacy Legislation GDPR

1.10.1. Scope of General Data Protection Regulation (GDPR)
1.10.2. Personal Data
1.10.3. Roles in the Processing of Personal Data
1.10.4. ARCO Rights
1.10.5. DPO Functions

Module 2. IT Security Management

2.1. Safety Management

2.1.1. Security Operations
2.1.2. Legal and Regulatory Appearance
2.1.3. Business Authorization
2.1.4. Risk Management
2.1.5. Identity and Access Management

2.2. Structure of the Security Area The CISO’s office

2.2.1. Organisational Structure. Position of the CISO in the Structure
2.2.2. Lines of Defence
2.2.3. CISO Office Organization Chart
2.2.4. Budget Management

2.3. Government Security

2.3.1. Security Committee
2.3.2. Risk Monitoring Committee
2.3.3. Audit Committee
2.3.4. Crisis Committee

2.4. Government Security Functions

2.4.1. Policies and Standards
2.4.2. Security Management Plan
2.4.3. Control Panels
2.4.4. Awareness and Training
2.4.5. Supply Chain Security

2.5. Security Operations

2.5.1. Identity and Access Management
2.5.2. Configuration of Network Security Rules Firewalls
2.5.3. IDS/IPS Platform Management
2.5.4. Vulnerability Analysis

2.6. Cybersecurity Framework NIST CSF

2.6.1. NIST Methodology

2.6.1.1. Log In
2.6.1.2. Protect
2.6.1.3. Detect
2.6.1.4. Respond
2.6.1.5. Recover

2.7. Security Operations Center (SOC) Functions

2.7.1. Protection Red Team, Pentesting, Threat Intelligence
2.7.2. Detection SIEM, User Behavior Analytics, Fraud Prevention
2.7.3. Response

2.8. Security Audits

2.8.1. Intrusion Test
2.8.2. Red Team Exercises
2.8.3. Source Code Audits Secure Development
2.8.4. Component Safety (Software Supply Chain))
2.8.5. Forensic Analysis

2.9. Incident Response

2.9.1. Preparation
2.9.2. Detection, Analysis and Reporting
2.9.3. Containment, Eradication and Recovery
2.9.4. Post-Incident Activity

2.9.4.1. Retention of Evidence
2.9.4.2. Forensic Analysis
2.9.4.3. Gap Management

2.9.5. Official Cyber Incident Management Guides

2.10. Vulnerability Management

2.10.1. Vulnerability Analysis
2.10.2. Vulnerability Assessment
2.10.3. System Basing
2.10.4. Day 0 Vulnerabilities Zero-Day

Module 3. Business Continuity Plan Associated with Security

3.1. Business Continuity Plans

3.1.1. Business Continuity Plans (BCP)
3.1.2. Business Continuity Plans(BCP) Key Aspects
3.1.3. Business Continuity Plan (BCP) for Company Valuation

3.2. Metrics in Business Continuity Plans (BCP)

3.2.1. Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
3.2.2. Maximum Tolerable Downtime (MTD)
3.2.3. Minimum Recovery Levels (ROL)
3.2.4. Recovery Point Objective (RPO)

3.3. Continuity Projects Types

3.3.1. Business Continuity Plans (BCP)
3.3.2. ICT Continuity Plan (ICTCP)
3.3.3. Disaster Recovery Plan (DRP)

3.4. Risk Management Associated with the BCP

3.4.1. Business Impact Analysis
3.4.2. Benefits of Implementing a BCP
3.4.3. Risk-Based Mentality

3.5. Life Cycle of a Business Continuity Plan

3.5.1. Phase 1: Organization Analysis
3.5.2. Phase 2: Determining the Continuity Strategy
3.5.3. Phase 3: Response to Contingency
3.5.4. Phase 4: Tests, Maintenance and Review

3.6. Organizational Analysis Phase of a BCP

3.6.1. Identification of Processes in the Scope of the BCP
3.6.2. Identification of Critical Business Areas
3.6.3. Identification of Dependencies between Areas and Processes
3.6.4. Determination of Appropriate BAT
3.6.5. Deliverables Creating a Plan

3.7. Phase of Determination of the Continuity Strategy in a BCP

3.7.1. Roles in the Strategy Determination Phase
3.7.2. Tasks of the Strategy Determination Phase
3.7.3. Deliverables

3.8. Contingency Response Phase in a BCP

3.8.1. Roles in the Response Phase
3.8.2. Tasks in this Phase
3.8.3. Deliverables

3.9. Testing, Maintenance and Revision Phase of a BCP

3.9.1. Roles in the Testing, Maintenance and Revision Phase
3.9.2. Tasks in the Testing, Maintenance and Revision Phase
3.9.3. Deliverables

3.10. ISO Standards Associated with Business Continuity Plans (BCP)

3.10.1. ISO 22301:2019
3.10.2. ISO 22313:2020
3.10.3. Other Related ISO and International Standards

This program will allow you to delve into issues such as identifying dependencies between areas and processes, a fundamental aspect to establish correct cybersecurity”