Cybersecurity strategy and governance

Approach cybersecurity from a practical perspective, in computing environments that recreate simulations of real situations. You will learn to implement a cybersecurity strategy and governance in public or private entities and to manage cybersecurity based on an organization’s management strategy.

  • hackers
  • cybersecurity
  • cyberattacks
Next edition
Classes start
To be determined
Program ends
To be determined
Wednesday from 4 pm to 8 pm. Total length of the course: 16 h
ECTS credits
1200 €

Organizations operate in a digital reality that must be protected. For this reason, cybersecurity governance is a necessity that must be addressed by governing bodies and must be coordinated across the entire organizational chart through a well-defined strategy.

It is a mistake to believe that the risks from cyberthreats can be mitigated only through technology: the strategy and activities of the company determine the levels of exposure. A good level of cybersecurity is achieved not only with resources and equipment but also, more importantly, with the knowledge, involvement and supervision of the governing bodies.

This Executive Education program you endow you with sufficient capabilities to manage cyber threats through the creation of a cybersecurity committee that will detect, analyse and remedy cybersecurity and cyber risk audit aspects: ransomware, hacking and phishing attacks, cyber spying and social engineering attacks, documentation and emails lost due to an attack, incorrect data deletion, insecure remote access, password breaches, recovery plans, responses to cybersecurity incidents, collaboration with authorities, cyber risk insurance policies, and forensic and expert investigations.

Why choose this program


You will be part of a Cybersecurity Committee

You will gain direct experience of all the processes, services, supplies and strategies that must be managed to maintain control of cybersecurity, and you will be exposed through computer simulations to cybersecurity incidents that are experienced in real environments.


Executive training

Spread over four afternoon sessions, enabling you to gain in-depth knowledge about cybersecurity without neglecting your professional obligations.


High-level networking

Grow your network of professional contacts with high level executives.

Who is it for?

The course is aimed at consultants, executive directors, managers, CEOs, administrators, area or business unit managers and other professionals and self-employed people who work in strategic decision-making in companies and organizations of any size and nature.

Admission and enrolment


This Executive Education Course in Cybersecurity strategy and governance combines lecturer presentations with the participation of students, who over four sessions will make up the structure of a Cybersecurity Committee.

On the first day, the Cybersecurity Committee formed by the participants will launch all the preventive processes necessary for cybersecurity governance. During the course of the second day, the Cybersecurity Committee will have to tackle its first cybersecurity breaches. In this session, IT environments that simulate real events will be created to deal with ransomware, hacking and phishing attacks. During each of the breaches, the mistakes made during the preventive cybersecurity tasks carried out by the company will be identified and participants will learn how to recover from the security hole.

On the third day, participants will be the victims (in simulated environments) of lost data, internal sabotage, unauthorized remote access and the loss of user passwords. Finally, by the fourth day, the Cybersecurity Committee will have improved as a result of the incidents suffered and the preventive processes put in place. The Committee will also become aware that there is always a residual risk and so procedures will be designed to respond to a Cybersecurity incident.

Day one: Preventive cybersecurity

Drafting and publication of the White Paper on Cybersecurity

Cybersecurity is a necessity of digital society. Access to a cybersecurity whitepaper enables the organization to check its level of commitment and guarantees.

Appointments and definition of the functions and obligations of the people in charge of cybersecurity

The scope of an organization's activities is defined by the people who comprise it. The appointment of people in charge of cybersecurity ensures that the functions and obligations are executed and supervised.

Preparation of a roadmap and Cybersecurity Plan for the next 3-5 years

A cybersecurity roadmap allows the organization to define a strategy that protects it not only from present threats, but also from future ones.

Cyber risk assessment and analysis of a cybersecurity audit report

Maintaining a cyber risk dashboard to know what the weak points are, allowing you to redirect policies with judgement Meanwhile, knowing how to interpret the results of a cybersecurity audit is essential to take advantage of its results.

Presentation of reliable information sources and leading bodies

Students are informed of the bodies that should be incorporated as information sources to enable them to improve and stay up to date.

Day two: Cybersecurity Breaches (I)

Malware and ransomware

The student's virtual computer will be attacked by ransomware and blackmailed by a gang of cybercriminals. Once the events are over, students will be made aware of the antimalware measures that would have protected the company.

Hacking of one of the organization’s servers

The company's website will be hacked and it will not be able to process customer orders. The students will identify the breach that caused this and the anti-hacking measures and advanced firewalls would have protected the server.

Phishing attacks

The students will be victims of a simulated Phishing attack. The reasons and consequences of the related information leak will be analysed. The absence of preventive measures will be reviewed.

Cyber spying and Social Engineering attacks

The organization will suffer an information leak caused by the use of workers' social networks. The committee will implement a preventive monitoring and social engineering system that detects information leakage risks.

Day three: Cybersecurity Breaches (II)

Lost device, documentation and emails

The company will lose a virtual machine that did not have the necessary security measures in place. The students will implement encryption, obfuscation and anonymization mechanisms for corporate documentation.

Incorrect data deletion

The company will suffer a loss of information due to the wilful deletion of data by a former employee. Errors in the backup mechanism that did not contemplate internal sabotage will be identified.

Insecure remote access

The company will experience information theft due to insecure remote access. The Cybersecurity Committee will analyse the causes and decide how to strengthen the cybersecurity of its remote working processes.

Password breaches

The students will discover that company passwords have been disclosed on the deep web. The reasons will be identified and consequences avoided by implementing advanced access control systems.

Day four: Reactive cybersecurity

Disaster recovery plan

The Cybersecurity Committee will draw up the action protocol in the event of a cybersecurity incident.

Responses to cybersecurity incidents

Design of the cybersecurity incident response process.

Collaboration with the authorities

The Cybersecurity Committee notifies a cybersecurity incident to law enforcement bodies and to the competent Cybersecurity Agency. Since the incident would have also affected personal data, the Data Protection Authority is also notified.

Cyber risk insurance policies

The conditions of the company's cyber risk policy are analysed to check whether the incidents suffered are covered.

Forensic and expert investigations

The consequences of the incident require an expert report. And the Committee will have to determine how to act during a forensic investigation.

Qualification obtained

Upon passing the Executive Education Course in Cybersecurity strategy and governance, you will receive an official certificate from UPF Barcelona School of Management endorsed by the prestigious Pompeu Fabra University, the top ranked university in Spain and Latin America (Times Higher Education Ranking 2020).


Academic directors

Genís Margarit

Technological security auditor and CEO of a cybersecurity consultancy.


The course is structured over four days in which, through a project-based methodology, the participants will form part of an organization’s Cybersecurity Committee and will gain direct experience of all the processes, services, supplies and strategies that must be managed to maintain control of cybersecurity.

During the course, participants will be exposed, through simulations, to cybersecurity incidents that occur in real environments.


Collaborative learning and response to real attacks

Using a role play methodology, you will be part of a Cybersecurity Committee which must learn how to handle and resolve real cyberattacks in a simulated IT environment.


Practical approach

The program has a theoretical base, taught by lecturers, complemented with practical experience acquired in class through real business case studies.


Executive vision

We take full advantage of the time available, concentrating valuable learning within a few hours, in accordance with the demands of our participants, who hold positions of great responsibility in important companies.


Evaluation consists of following the sessions and practical exercises worked on in class. 


The On-Campus&Live methodology allows you to follow the program in person and also remotely.

In this modality, two stable subgroups are opened that will coexist throughout the course: one face-to-face and the other with 100% remote students. The remote students will follow the program in a synchronous way with the face-to-face students. That is, they will share the same school calendar and schedule as the face-to-face students.

Personalized, interdisciplinary, and based on management as a practical resource for bringing ideas to life.

Professional Future

Executive Education training combines fundamental content for any professional currently employed in or seeking a managerial role, with activities aimed at putting the acquired knowledge into practice.

Student profile

The Executive Education Course participant ecosystem is made up of professionals with a relevant career history. 

The diversity of profiles and sectors represented in Executive training at UPF-BSM contributes added value to the learning experience. It consists of directors, CEOs, managers, executives, entrepreneurs, consultants and heads of teams, areas and departments.


Average age


Average years of professional experience

Career opportunities

This Executive Education program will provide you with the necessary knowledge to exercise executive and Director/Management functions.

  • CEO, Board of Directors or General Management of companies and organizations of any kind.
  • Team or Department manager.
  • Strategic consultant.
  • Management positions in any of the functional areas of a company: marketing, finance, human resources, production, etc.
  • Entrepreneur with your own project, thanks to the broad business vision provided to ensure its success.
  • Intrapreneur: entrepreneur of projects within your organization.

Admission and enrolment

The admission and enrolment process for this course consists of a few simple steps.

Who can apply?

Our Executive Education Courses are aimed at professionals in or seeking management positions and looking to acquire or recycle essential knowledge for their executive professional development.

How to apply?

To enrol in this program, you must read and accept the Contract Terms and Conditions and fill in the registration form.

The following steps need to be taken to register for the course:

1. Fill in the admission application form. You will receive a username and password to access the eSecretaría platform.
2. On the platform, upload a scanned copy of your ID (both sides).
3. Go to the "Enrolment" section to pay for the course by credit card or bank transfer.

In certain cases, additional documentation may be requested. 

The application is subject to the availability of places.

Grants, scholarships and financing

Grants and discounts

Alumni discounts

If you are a member of our alumni associations or of one of our partner universities, we offer you a series of applicable discounts on the amount of tuition for your program.

UPF Employee Discounts

If you are a member or family member of an employee of the UPF group or belonged to the collaborating institutions of the UPF Barcelona School of Management, you can enjoy a series of applicable discounts on the tuition fees for your program.

Cybersecurity strategy and governance