Cybersecurity strategy and governance
Cybersecurity strategy and governance
Approach cybersecurity from a practical perspective, in computing environments that recreate simulations of real situations. You will learn to implement a cybersecurity strategy and governance in public or private entities and to manage cybersecurity based on an organization’s management strategy.
Organizations operate in a digital reality that must be protected. For this reason, cybersecurity governance is a necessity that must be addressed by governing bodies and must be coordinated across the entire organizational chart through a well-defined strategy.
It is a mistake to believe that the risks from cyberthreats can be mitigated only through technology: the strategy and activities of the company determine the levels of exposure. A good level of cybersecurity is achieved not only with resources and equipment but also, more importantly, with the knowledge, involvement and supervision of the governing bodies.
This Executive Education program you endow you with sufficient capabilities to manage cyber threats through the creation of a cybersecurity committee that will detect, analyse and remedy cybersecurity and cyber risk audit aspects: ransomware, hacking and phishing attacks, cyber spying and social engineering attacks, documentation and emails lost due to an attack, incorrect data deletion, insecure remote access, password breaches, recovery plans, responses to cybersecurity incidents, collaboration with authorities, cyber risk insurance policies, and forensic and expert investigations.
Why choose this program
You will be part of a Cybersecurity Committee
You will gain direct experience of all the processes, services, supplies and strategies that must be managed to maintain control of cybersecurity, and you will be exposed through computer simulations to cybersecurity incidents that are experienced in real environments.
Spread over four afternoon sessions, enabling you to gain in-depth knowledge about cybersecurity without neglecting your professional obligations.
Grow your network of professional contacts with high level executives.
Who is it for?
The course is aimed at consultants, executive directors, managers, CEOs, administrators, area or business unit managers and other professionals and self-employed people who work in strategic decision-making in companies and organizations of any size and nature.
This Executive Education Course in Cybersecurity strategy and governance combines lecturer presentations with the participation of students, who over four sessions will make up the structure of a Cybersecurity Committee.
On the first day, the Cybersecurity Committee formed by the participants will launch all the preventive processes necessary for cybersecurity governance. During the course of the second day, the Cybersecurity Committee will have to tackle its first cybersecurity breaches. In this session, IT environments that simulate real events will be created to deal with ransomware, hacking and phishing attacks. During each of the breaches, the mistakes made during the preventive cybersecurity tasks carried out by the company will be identified and participants will learn how to recover from the security hole.
On the third day, participants will be the victims (in simulated environments) of lost data, internal sabotage, unauthorized remote access and the loss of user passwords. Finally, by the fourth day, the Cybersecurity Committee will have improved as a result of the incidents suffered and the preventive processes put in place. The Committee will also become aware that there is always a residual risk and so procedures will be designed to respond to a Cybersecurity incident.
Day one: Preventive cybersecurity
Cybersecurity is a necessity of digital society. Access to a cybersecurity whitepaper enables the organization to check its level of commitment and guarantees.
The scope of an organization's activities is defined by the people who comprise it. The appointment of people in charge of cybersecurity ensures that the functions and obligations are executed and supervised.
A cybersecurity roadmap allows the organization to define a strategy that protects it not only from present threats, but also from future ones.
Maintaining a cyber risk dashboard to know what the weak points are, allowing you to redirect policies with judgement Meanwhile, knowing how to interpret the results of a cybersecurity audit is essential to take advantage of its results.
Students are informed of the bodies that should be incorporated as information sources to enable them to improve and stay up to date.
Day two: Cybersecurity Breaches (I)
The student's virtual computer will be attacked by ransomware and blackmailed by a gang of cybercriminals. Once the events are over, students will be made aware of the antimalware measures that would have protected the company.
The company's website will be hacked and it will not be able to process customer orders. The students will identify the breach that caused this and the anti-hacking measures and advanced firewalls would have protected the server.
The students will be victims of a simulated Phishing attack. The reasons and consequences of the related information leak will be analysed. The absence of preventive measures will be reviewed.
The organization will suffer an information leak caused by the use of workers' social networks. The committee will implement a preventive monitoring and social engineering system that detects information leakage risks.
Day three: Cybersecurity Breaches (II)
The company will lose a virtual machine that did not have the necessary security measures in place. The students will implement encryption, obfuscation and anonymization mechanisms for corporate documentation.
The company will suffer a loss of information due to the wilful deletion of data by a former employee. Errors in the backup mechanism that did not contemplate internal sabotage will be identified.
The company will experience information theft due to insecure remote access. The Cybersecurity Committee will analyse the causes and decide how to strengthen the cybersecurity of its remote working processes.
The students will discover that company passwords have been disclosed on the deep web. The reasons will be identified and consequences avoided by implementing advanced access control systems.
Day four: Reactive cybersecurity
The Cybersecurity Committee will draw up the action protocol in the event of a cybersecurity incident.
Design of the cybersecurity incident response process.
The Cybersecurity Committee notifies a cybersecurity incident to law enforcement bodies and to the competent Cybersecurity Agency. Since the incident would have also affected personal data, the Data Protection Authority is also notified.
The conditions of the company's cyber risk policy are analysed to check whether the incidents suffered are covered.
The consequences of the incident require an expert report. And the Committee will have to determine how to act during a forensic investigation.
Upon passing the Executive Education Course in Cybersecurity strategy and governance, you will receive an official certificate from UPF Barcelona School of Management endorsed by the prestigious Pompeu Fabra University, the top ranked university in Spain and Latin America (Times Higher Education Ranking 2020).
Technological security auditor and CEO of a cybersecurity consultancy.
The course is structured over four days in which, through a project-based methodology, the participants will form part of an organization’s Cybersecurity Committee and will gain direct experience of all the processes, services, supplies and strategies that must be managed to maintain control of cybersecurity.
During the course, participants will be exposed, through simulations, to cybersecurity incidents that occur in real environments.
Collaborative learning and response to real attacks
Using a role play methodology, you will be part of a Cybersecurity Committee which must learn how to handle and resolve real cyberattacks in a simulated IT environment.
The program has a theoretical base, taught by lecturers, complemented with practical experience acquired in class through real business case studies.
We take full advantage of the time available, concentrating valuable learning within a few hours, in accordance with the demands of our participants, who hold positions of great responsibility in important companies.
Evaluation consists of following the sessions and practical exercises worked on in class.
The On-Campus&Live methodology allows you to follow the program in person and also remotely.
In this modality, two stable subgroups are opened that will coexist throughout the course: one face-to-face and the other with 100% remote students. The remote students will follow the program in a synchronous way with the face-to-face students. That is, they will share the same school calendar and schedule as the face-to-face students.
Personalized, interdisciplinary, and based on management as a practical resource for bringing ideas to life.
Executive Education training combines fundamental content for any professional currently employed in or seeking a managerial role, with activities aimed at putting the acquired knowledge into practice.
The Executive Education Course participant ecosystem is made up of professionals with a relevant career history.
The diversity of profiles and sectors represented in Executive training at UPF-BSM contributes added value to the learning experience. It consists of directors, CEOs, managers, executives, entrepreneurs, consultants and heads of teams, areas and departments.
Average years of professional experience
This Executive Education program will provide you with the necessary knowledge to exercise executive and Director/Management functions.
- CEO, Board of Directors or General Management of companies and organizations of any kind.
- Team or Department manager.
- Strategic consultant.
- Management positions in any of the functional areas of a company: marketing, finance, human resources, production, etc.
- Entrepreneur with your own project, thanks to the broad business vision provided to ensure its success.
- Intrapreneur: entrepreneur of projects within your organization.
Admission and enrolment
The admission and enrolment process for this course consists of a few simple steps.
Who can apply?
Our Executive Education Courses are aimed at professionals in or seeking management positions and looking to acquire or recycle essential knowledge for their executive professional development.
How to apply?
To enrol in this program, you must read and accept the Contract Terms and Conditions and fill in the registration form.
The following steps need to be taken to register for the course:
1. Fill in the admission application form. You will receive a username and password to access the eSecretaría platform.
2. On the platform, upload a scanned copy of your ID (both sides).
3. Go to the "Enrolment" section to pay for the course by credit card or bank transfer.
In certain cases, additional documentation may be requested.
The application is subject to the availability of places.
Grants, scholarships and financing
Grants and discounts
If you are a member of our alumni associations or of one of our partner universities, we offer you a series of applicable discounts on the amount of tuition for your program.
- UPF Barcelona School of Management or UPF-IDEC Alumni: If you have previously studied at UPF Barcelona School of Management or UPF-IDEC a 15 credits (or more) program and you decide to take on a new program with us, you are entitled to a discount of 20% on your program tuition fees. It is required to be registered in the Alumni network of the UPF Barcelona School of Management upon your application. This discount is not applicable to short courses and postgraduate courses which are part of the same itinerary.
- UPF Alumni: If you have previously studied a degree, a master program or a doctoral program at Pompeu Fabra University, you are entitled to a discount of 15% on the UPF Barcelona School of Management Masters and postgraduated program tuition fees (those programs with more than 15 credits) beginning on or after 01/01/2019.
- ESCI-UPF and Tecnocampus Alumni: If you have previously studied a degree or a master at ESCI-UPF or Tecnocampus, you are entitled to a discount of 15% on the UPF Barcelona School of Management Masters and postgraduated program tuition fees (those programs with more than 15 credits).
UPF Employee Discounts
If you are a member or family member of an employee of the UPF group or belonged to the collaborating institutions of the UPF Barcelona School of Management, you can enjoy a series of applicable discounts on the tuition fees for your program.
- Administrative and Service Staff (PAS) of Pompeu Fabra University. You are entitled to a 35% discount on tuition fees for open programs subject to prior communication from the rector's office and/or the UPF general manager's office.
- Administrative and Service Staff (PAS) and Teaching and Research Staff (PDI) of the UPF Group. Discount of 20% on tuition fees for open programs.
- Relatives (up to second degree) of UPF and the UPF's Institute of Continuing Education's Foundation teaching and research staff (PAS and PDI, in Spanish). Discount of 20% on tuition fees for open programs.
- If you work at a company member of the Institute of Continuing Education Foundation's Board of Trustees or at any of our councils' companies. Discount of 20% on the tuition fees of our master's and postgraduate courses.
Cybersecurity strategy and governance