Add incalculable value to your Cybersecurity Policies by knowing all its nuances, from the security systems themselves to the threat analysis practices that will give you the keys that will put you at an advantage in your organization"

Why Study at TECH?

TECH is the world's largest 100% online business school. It is an elite business school, with a model based on the highest academic standards. A world-class center for intensive managerial skills training.   

TECH is a university at the forefront of technology, and puts all its resources at the student's disposal to help them achieve entrepreneurial success"

At TECH Global University

Innovation

The university offers an online learning model that combines the latest educational technology with the most rigorous teaching methods. A unique method with the highest international recognition that will provide students with the keys to develop in a rapidly-evolving world, where innovation must be every entrepreneur’s focus.

"Microsoft Europe Success Story", for integrating the innovative, interactive multi-video system.  

The Highest Standards

Admissions criteria at TECH are not economic. Students don't need to make a large investment to study at this university. However, in order to obtain a qualification from TECH, the student's intelligence and ability will be tested to their limits. The institution's academic standards are exceptionally high...  

95% of TECH students successfully complete their studies.

Networking

Professionals from countries all over the world attend TECH, allowing students to establish a large network of contacts that may prove useful to them in the future.  

100,000+ executives trained each year, 200+ different nationalities.

Empowerment

Students will grow hand in hand with the best companies and highly regarded and influential professionals. TECH has developed strategic partnerships and a valuable network of contacts with major economic players in 7 continents.  

500+ collaborative agreements with leading companies.

Talent

This program is a unique initiative to allow students to showcase their talent in the business world. An opportunity that will allow them to voice their concerns and share their business vision. 

After completing this program, TECH helps students show the world their talent. 

Multicultural Context

While studying at TECH, students will enjoy a unique experience by studying in a multicultural context. It's a program with a global vision, through which students can learn about the operating methods in different parts of the world, and gather the latest information that best adapts to their business idea. 

TECH's students represent more than 200 different nationalities.   

Learn with the best

In the classroom, TECH teaching staff discuss how they have achieved success in their companies, working in a real, lively, and dynamic context. Teachers who are fully committed to offering a quality specialization that will allow students to advance in their career and stand out in the business world. 

Teachers representing 20 different nationalities. 

TECH strives for excellence and, to this end, boasts a series of characteristics that make this university unique:   

Analysis

TECH explores the student’s critical side, their ability to question things, their problem-solving skills, as well as their interpersonal skills.  

Academic Excellence

TECH offers students the best online learning methodology. The university combines the Relearning method (a postgraduate learning methodology with the highest international rating) with the Case Study. A complex balance between tradition and state-of-the-art, within the context of the most demanding academic itinerary.  

TECH is the world’s largest online university. It currently boasts a portfolio of more than 10,000 university postgraduate programs. And in today's new economy, volume + technology = a ground-breaking price. This way, TECH ensures that studying is not as expensive for students as it would be at another university.  

At TECH, you will have access to the most rigorous and up-to-date case studies in the academic community”

TECH has structured this program based on the Relearning methodology, which means that the manager will not have to spend long hours studying in order to acquire all the required knowledge. Key terms and concepts in Cybersecurity Policies are given in a natural and reiterative way throughout the program, resulting in a much more progressive way of learning.  

You will be free to enter the virtual classroom 24 hours a day, being able to choose and adapt the pace of your studies to your own interests" 

Syllabus

The Executive Master's Degree in Corporate Cybersecurity Policy Management at TECH Global University is an intensive program that prepares students for the most demanding areas of business cybersecurity. 

The content of the Executive Master’s Degree in Corporate Cybersecurity Policy Management is designed to promote the development of managerial skills that enable more rigorous decision-making in uncertain environments. 

This program deals in depth with the digital world, security in this environment and the implementation of e-commerce in companies, and is designed to train professionals who understand Corporate Cybersecurity Policy Management, from a strategic, international and innovative perspective.  

This Executive Master’s Degree takes place over 12 months and is divided into 10 modules: 

Module 1. Information Security Management System 
Module 2. Organizational Aspects of Information Security Policy  
Module 3. Security Policies for the Analysis of Threats in Computer Systems 
Module 4. Practical Implementation of Software and Hardware Security Policies 
Module 5. Security Incident Management Policies 
Module 6. Implementation of Physical and Environmental Safety Policies in the Company 
Module 7. Secure Communications Policies in the Company 
Module 8. Practical Implementation of Security Policies against Attacks 
Module 9. Information Systems Security Policy Monitoring Tools 
Module 10. Practical Security Disaster Recovery Policy 

Where, When and How is it Taught?

TECH offers the possibility of studying this Executive Master's Degree in Corporate Cybersecurity Policy Management completely online. Over the course of 12 months, you will be able to access all the contents of this program at any time, allowing you to self-manage your study time. 

Module 1. Information Security Management System 

1.1. Information Security Key Aspects 

1.1.1. Information Security 

1.1.1.1. Confidentiality 
1.1.1.2. Integrity 
1.1.1.3. Availability 
1.1.1.4. Information Security Measurements 

1.2. Information Security Management Systems 

1.2.1. Information Security Management Models 
1.2.2. Documents to Implement an ISMS 
1.2.3. Levels and Controls of an ISMS 

1.3. International Norms and Standards 

1.3.1. International Standards in Information Security 
1.3.2. Origin and Evolution of the Standard 
1.3.3. International Information Security Management Standards 
1.3.4. Other Reference Standards 

1.4. ISO/IEC 27,000 Standards 

1.4.1. Purpose and Areas of Application 
1.4.2. Structure of the Standard 
1.4.3. Certification 
1.4.4. Accreditation Phases 
1.4.5. Benefits of ISO/IEC 27,000 Standards 

1.5. Design and Implementation of a General Information Security System 

1.5.1. Design and Implementation of a General Information Security System 
1.5.2. Phases of Implementation of a General Information Security System 
1.5.3. Business Continuity Plans 

1.6. Phase I: Diagnosis 

1.6.1. Preliminary Diagnosis 
1.6.2. Identification of the Stratification Level 
1.6.3. Level of Compliance with Standards/Norms

1.7. Phase II: Preparation 

1.7.1. Context of the Organization 
1.7.2. Analysis of Applicable Safety Regulations 
1.7.3. Scope of the General Information Security System 
1.7.4. General Information Security System Policy 
1.7.5. Objectives of the General Information Security System 

1.8. Phase III: Planning 

1.8.1. Asset Classification 
1.8.2. Risk Assessment 
1.8.3. Identification of Threats and Risks 

1.9. Phase IV: Implementation and Follow-Up 

1.9.1. Analysis of Results 
1.9.2. Assigning Responsibilities 
1.9.3. Timing of the Action Plan 
1.9.4. Monitoring and Audits 

1.10. Incident Management Security Policies 

1.10.1. Phases 
1.10.2. Incident Categorization 
1.10.3. Incident Management and Procedures 

Module 2. Organizational Aspects of Information Security Policy  

2.1. Internal Organization 

2.1.1. Assigning Responsibilities 
2.1.2. Segregation of Duties 
2.1.3. Contacts with Authorities 
2.1.4. Information Security in Project Management 

2.2. Asset Management 

2.2.1. Liability for Assets 
2.2.2. Classification of Information 
2.2.3. Handling of Storage Media

2.3. Security Policies in Business Processes 

2.3.1. Analysis of the Vulnerabilities of Business Processes 
2.3.2. Business Impact Analysis 
2.3.3. Classification of Processes with Respect to Business Impact 

2.4. Security Policies Linked to Human Resources 

2.4.1. Before Hiring 
2.4.2. During Contracting 
2.4.3. Termination or Change of Position 

2.5. Management Security Policies 

2.5.1. Management Guidelines on Information Security 
2.5.2. BIA - Analyzing the Impact 
2.5.3. Recovery Plan as a Security Policy 

2.6. Acquisition and Maintenance of Information Systems 

2.6.1. Information Systems Security Requirements 
2.6.2. Development and Support Data Security 
2.6.3. Test Data 

2.7. Security with Suppliers 

2.7.1. IT Security with Suppliers 
2.7.2. Management of Service Delivery with Assurance 
2.7.3. Supply Chain Security 

2.8. Operational Safety 

2.8.1. Operational Responsibilities 
2.8.2. Protection Against Malicious Code 
2.8.3. Backup Copies 
2.8.4. Activity and Supervision Records 

2.9. Safety and Regulatory Management 

2.9.1. Safety and Regulatory Management 
2.9.2. Compliance with Legal Requirements 
2.9.3. Information Security Reviews 

2.10. Business Continuity Management Security 

2.10.1. Business Continuity Management Security 
2.10.2. Continuity of Information Security 
2.10.3. Redundancies 

Module 3. Security Policies for the Analysis of Threats in Computer Systems 

3.1. Threat Management in Security Policies 

3.1.1. Risk Management 
3.1.2. Security Risk 
3.1.3. Threat Management Methodologies 
3.1.4. Implementation of Methodologies 

3.2. Phases of Threat Management 

3.2.1. Identification 
3.2.2. Analysis 
3.2.3. Localization 
3.2.4. Safeguard Measures 

3.3. Audit Systems for Threat Localization 

3.3.1. Threat Location Auditing Systems 
3.3.2. Classification and Information Flow 
3.3.3. Analysis of Vulnerable Processes 

3.4. Risk Classification 

3.4.1. Types of Risk 
3.4.2. Calculation of Threat Probability 
3.4.3. Residual Risk 

3.5. Risk Treatment 

3.5.1. Risk Treatment 
3.5.2. Implementation of Safeguard Measures 
3.5.3. Transfer or Assume 

3.6. Control Risks 

3.6.1. Continuous Risk Management Process 
3.6.2. Implementation of Security Metrics 
3.6.3. Strategic Model of Information Security Metrics 

3.7. Practical Methodologies for Threat Analysis and Control 

3.7.1. Threat Catalog 
3.7.2. Catalog of Control Measures 
3.7.3. Safeguards Catalog 

3.8. ISO 27005 

3.8.1. Risk Identification 
3.8.2. Risk Analysis 
3.8.3. Risk Evaluation 

3.9. Risk, Impact and Threat Matrix 

3.9.1. Data, Systems and Personnel 
3.9.2. Threat Probability 
3.9.3. Magnitude of Damage 

3.10. Design of Phases and Processes in Threat Analysis 

3.10.1. Identification of Critical Organizational Elements 
3.10.2. Determination of Threats and Impacts 
3.10.3. Impact and Risk Analysis 
3.10.4. Methods 

Module 4. Practical Implementation of Software and Hardware Security Policies 

4.1. Practical Implementation of Software and Hardware Security Policies 

4.1.1. Implementation of Identification and Authorization 
4.1.2. Implementation of Identification Techniques 
4.1.3. Technical Authorization Measures 

4.2. Identification and Authorization Technologies 

4.2.1. Identifier and OTP 
4.2.2. USB Token or PKI Smart Card 
4.2.3. The "Confidential Defense" Key 
4.2.4. Active RFID 

4.3. Software and Systems Access Security Policies

4.3.1. Implementation of Access Control Policies 
4.3.2. Implementation of Communications Access Policies 
4.3.3. Types of Security Tools for Access Control 

4.4. User Access Management 

4.4.1. Access Rights Management 
4.4.2. Segregation of Roles and Access Functions 
4.4.3. Implementation of Access Rights in Systems 

4.5. Access Control to Systems and Applications 

4.5.1. Minimum Access Rule 
4.5.2. Secure Logon Technologies 
4.5.3. Password Security Policies 

4.6. Identification Systems Technologies 

4.6.1. Active Directory 
4.6.2. OTP 
4.6.3. PAP, CHAP 
4.6.4. KERBEROS, DIAMETER, NTLM 

4.7. CIS Controls for Systems Hardening 

4.7.1. Basic CIS Controls 
4.7.2. Fundamental CIS Controls 
4.7.3. Organizational CIS Controls

4.8. Operational Safety 

4.8.1. Protection Against Malicious Code 
4.8.2. Backup Copies 
4.8.3. Activity Log and Supervision 

4.9. Management of Technical Vulnerabilities 

4.9.1. Technical Vulnerabilities 
4.9.2. Technical Vulnerability Management 
4.9.3. Restrictions on Software Installation 

4.10. Implementation of Security Policy Practices 

4.10.1. Implementation of Security Policy Practices 
4.10.2. Logical Vulnerabilities 
4.10.3. Implementation of Defense Policies 

Module 5. Security Incident Management Policies 

5.1. Information Security Incident Management Policies and Enhancements 

5.1.1. Incident Management 
5.1.2. Responsibilities and Procedures 
5.1.3. Event Notification 

5.2. Intrusion Detection and Prevention Systems (IDS/IPS) 

5.2.1. System Operating Data 
5.2.2. Types of Intrusion Detection Systems 
5.2.3. Criteria for IDS/IPS Placement 

5.3. Security Incident Response 

5.3.1. Data Collection Procedure 
5.3.2. Intrusion Verification Process 
5.3.3. CERT Organizations 

5.4. Intrusion Attempt Notification and Management Process 

5.4.1. Responsibilities in the Notification Process 
5.4.2. Classification of Incidents 
5.4.3. Resolution and Recovery Process 

5.5. Forensic Analysis as a Security Policy 

5.5.1. Volatile and Non-Volatile Evidence 
5.5.2. Analysis and Collection of Electronic Evidence 

5.5.2.1. Analysis of Electronic Evidence 
5.5.2.2. Collection of Electronic Evidence 

5.6. Intrusion Detection and Prevention Systems (IDS/IPS) Tools 

5.6.1. Snort 
5.6.2. Suricata 
5.6.3. Solar-Winds

5.7. Event Centralizing Tools 

5.7.1. SIM 
5.7.2. SEM 
5.7.3. SIEM 

5.8. CCN-STIC Security Guide 817

5.8.1. CCN-STIC Security Guide 817 
5.8.2. Cyber Incident Management 
5.8.3. Metrics and Indicators 

5.9. NIST SP800-61 

5.9.1. Computer Security Incident Response Capability 
5.9.2. Handling an Incident 
5.9.3. Coordination and Information Sharing

5.10. ISO 27035 

5.10.1. ISO 27035 Standard. Incident Management Principles 
5.10.2. Incident Management Plan Preparation Guidelines 
5.10.3. Incident Response Operations Guides 

Module 6. Implementation of Physical and Environmental Safety Policies in the Company 

6.1. Security Areas 

6.1.1. Physical Security Perimeter 
6.1.2. Working in Safe Areas 
6.1.3. Security of Offices, Offices and Resources

6.2. Physical Input Controls 

6.2.1. Physical Input Controls 
6.2.2. Physical Access Control Policies 
6.2.3. Physical Input Control Systems

6.3. Physical Access Vulnerabilities 

6.3.1. Physical Access Vulnerabilities 
6.3.2. Main Physical Vulnerabilities 
6.3.3. Implementation of Safeguards Measures 

6.4. Physiological Biometric Systems 

6.4.1. Fingerprint 
6.4.2. Facial Recognition 
6.4.3. Iris and Retinal Recognition 
6.4.4. Other Physiological Biometric Systems

6.5. Biometric Behavioral Systems 

6.5.1. Signature Recognition 
6.5.2. Writer Recognition 
6.5.3. Voice Recognition 
6.5.4. Other Biometric Behavioral Systems 

6.6. Biometrics Risk Management 

6.6.1. Biometrics Risk Management 
6.6.2. Implementation of Biometric Systems 
6.6.3. Vulnerabilities of Biometric Systems 

6.7. Implementation of Policies in Hosts 

6.7.1. Installation of Supply and Security Cabling 
6.7.2. Equipment Location 
6.7.3. Exit of the Equipment Outside the Premises 
6.7.4. Unattended Computer Equipment and Clear Post Policy 

6.8. Environmental Protection 

6.8.1. Fire Protection Systems 
6.8.2. Earthquake Protection Systems 
6.8.3. Earthquake Protection Systems

6.9. Data Processing Center Security 

6.9.1. Security Doors 
6.9.2. Video Surveillance Systems (CCTV) 
6.9.3. Safety Control 

6.10. International Physical Security Regulations 

6.10.1. IEC 62443-2-1 (European) 
6.10.2. NERC CIP-005-5 (USA) 
6.10.3. NERC CIP-014-2 (USA) 

Module 7. Secure Communications Policies in the Company 

7.1. Network Security Management 

7.1.1. Network Control and Monitoring 
7.1.2. Segregation of Networks 
7.1.3. Network Security Systems 

7.2. Secure Communication Protocols 

7.2.1. TCP/IP Model 
7.2.2. IPSEC Protocol 
7.2.3. TLS Protocol 

7.3. Protocol TLS 1.3 

7.3.1. Phases of a TLS1.3 Process 
7.3.2. Handshake Protocol 
7.3.3. Registration Protocol 
7.3.4. Differences with TLS 1.2 

7.4. Cryptographic Algorithms 

7.4.1. Cryptographic Algorithms Used in Communications 
7.4.2. Cipher-Suites 
7.4.3. Cryptographic Algorithms allowed for TLS 1.3 

7.5. Digest Functions 

7.5.1. Digest Functions 
7.5.2. MD6 
7.5.3. SHA 

7.6. PKI. Public Key Infrastructure 

7.6.1. PKI and its Entities 
7.6.2. Digital Certificate 
7.6.3. Types of Digital Certificates 

7.7. Tunnel and Transport Communications

7.7.1. Tunnel Communications 
7.7.2. Transport Communications 
7.7.3. Encrypted Tunnel Implementation 

7.8. SSH. Secure Shell 

7.8.1. SSH. Safe Capsule 
7.8.2. SSH Functions 
7.8.3. SSH Tools 

7.9. Audit of Cryptographic Systems 

7.9.1. Audit of Cryptographic Systems 
7.9.2. Integration Test 
7.9.3. Cryptographic System Testing 

7.10. Cryptographic Systems 

7.10.1. Cryptographic Systems 
7.10.2. Cryptographic Systems Vulnerabilities 
7.10.3. Cryptographic Safeguards 

Module 8. Practical Implementation of Security Policies against Attacks 

8.1. System Hacking 

8.1.1. System Hacking 
8.1.2. Risks and Vulnerabilities 
8.1.3. Countermeasures 

8.2. DoS Attack 

8.2.1. DoS Attack 
8.2.2. Risks and Vulnerabilities 
8.2.3. Countermeasures 

8.3. Session Hijacking 

8.3.1. Session Hijacking 
8.3.2. The Process of Hijacking 
8.3.3. Hijacking Countermeasures 

8.4. Evasion of IDS, Firewalls and Honeypots 

8.4.1. Evading IDS, Firewalls and Honeypots 
8.4.2. Avoidance Techniques 
8.4.3. Implementation of Countermeasures 

8.5. Hacking Web Servers 

8.5.1. Hacking Web Servers 
8.5.2. Attacks on Web Servers 
8.5.3. Implementation of Defence Measures 

8.6. Hacking Web Applications 

8.6.1. Hacking Web Applications 
8.6.2. Attacks on Web Applications 
8.6.3. Implementation of Defence Measures 

8.7. Hacking Wireless Networks 

8.7.1. Hacking Wireless Networks 
8.7.2. Vulnerabilities in Wi-Fi Networks 
8.7.3. Implementation of Defense Measures 

8.8. Hacking Mobile Platforms 

8.8.1. Hacking Mobile Platforms 
8.8.2. Vulnerabilities of Mobile Platforms 
8.8.3. Implementation of Countermeasures 

8.9. Ransomware 

8.9.1. Ransomware 
8.9.2. Vulnerabilities Causing Ransomware 
8.9.3. Implementation of Countermeasures 

8.10. Social Engineering 

8.10.1. Social Engineering 
8.10.2. Types of Social Engineering 
8.10.3. Countermeasures for Social Engineering 

Module 9. Information Systems Security Policy Monitoring Tools 

9.1. Information Systems Monitoring Policies 

9.1.1. System Monitoring 
9.1.2. Metrics 
9.1.3. Types of Metrics 

9.2. Systems Auditing and Registration 

9.2.1. Systems Auditing and Registration 
9.2.2. Windows Auditing and Logging 
9.2.3. Linux Auditing and Logging 

9.3. SNMP Protocol. Simple Network Management Protocol 

9.3.1. SNMP Protocol 
9.3.2. SNMP Functions 
9.3.3. SNMP Tools 

9.4. Network Monitoring 

9.4.1. Network Monitoring 
9.4.2. Network Monitoring in Control Systems 
9.4.3. Monitoring Tools for Control Systems 

9.5. Nagios. Network Monitoring System 

9.5.1. Nagios 
9.5.2. Operation of Nagios 
9.5.3. Nagios Installation 

9.6. Zabbix. Network Monitoring System 

9.6.1. Zabbix
9.6.2. How Zabbix Works 
9.6.3. Zabbix Installation

9.7. Cacti. Network Monitoring System 

9.7.1. Cacti 
9.7.2. How Cacti Works 
9.7.3. Installation of Cacti 

9.8. Pandora. Network Monitoring System 

9.8.1. Pandora
9.8.2. Operation of Pandora 
9.8.3. Pandora Installation 

9.9. SolarWinds. Network Monitoring System 

9.9.1. SolarWinds
9.9.2. Operation of SolarWinds 
9.9.3. Installation of SolarWinds 

9.10. Monitoring Regulations 

9.10.1. Monitoring Regulations 
9.10.2. CIS Controls Over Auditing and Record Keeping 
9.10.3. NIST 800-123 (U.S.A.) 

Module 10. Practical Security Disaster Recovery Policy

10.1. DRP. Disaster Recovery Plan 

10.1.1. Objective of a DRP 
10.1.2. Benefits of a DRP 
10.1.3. Consequences of a Missing and Not up-to-Date DRP 

10.2. Guidance for Defining a DRP (Disaster Recovery Plan) 

10.2.1. Scope and Objectives 
10.2.2. Recuperation Strategy Design 
10.2.3. Assignment of Roles and Responsibilities 
10.2.4. Inventorying Hardware, Software and Services 
10.2.5. Tolerance for Downtime and Data Loss 
10.2.6. Establishment of the Specific Types of DRP Required 
10.2.7. Implementation of a Training, Awareness and Communication Plan

10.3. Scope and Objectives of a DRP (Disaster Recovery Plan) 

10.3.1. Response Guarantee 
10.3.2. Technological Components 
10.3.3. Scope of the Continuity Policy 

10.4. Disaster Recovery Plan (DRP) Strategy Design 

10.4.1. Disaster Recovery Strategy 
10.4.2. Budget 
10.4.3. Human and Physical Resources 
10.4.4. Management Positions at Risk 
10.4.5. Technology 
10.4.6. Data 

10.5. Continuity of Information Processes 

10.5.1. Continuity Planning 
10.5.2. Continuity Implementation 
10.5.3. Verification of Continuity Assessment 

10.6. Scope of a BCP (Business Continuity Plan) 

10.6.1. Determination of the Most Critical Processes 
10.6.2. Asset-Based Approach 
10.6.3. Process Approach 

10.7. Implementation of Guaranteed Business Processes 

10.7.1. Priority Activities (PA) 
10.7.2. Ideal Recovery Times (IRT) 
10.7.3. Survival Strategies 

10.8. Organizational Analysis 

10.8.1. Acquisition of information 
10.8.2. Business Impact Analysis (BIA) 
10.8.3. Risk Analysis in the Organization 

10.9. Response to Contingency 

10.9.1. Crisis Plan 
10.9.2. Operational Environment Recovery Plans 
10.9.3. Technical Work or Incident Procedures 

10.10. International Standard ISO 27031 BCP 

10.10.1. Objectives 
10.10.2. Terms and Definitions 
10.10.3. Operation 

A unique, key, and decisive educational experience to boost your professional development and make the definitive leap"