SAFE - Postgraduate Certificate in Information Security

Familiarize students with the basic concepts of Operating System and Computer Architecture, particularly related concepts. In addition to a descriptive component of technology. The course provides practical workshops on common attacks (for example, buffer overflows) in popular operating systems (OpenBSD, Linux, Windows), to achieve a clear view of how they operate and how to protect and secure computers.

This course presents a detailed description of the TCP/IP protocol, placing special emphasis on the security features of the protocols that make them fail in the event of an attack. In addition to the theoretic descriptive component of the protocols, the course includes a series of exercises that show the operation of fundamental security technologies, such as firewalls, sniffers, honey pots and port scanners.

This course provides a theoretic, formative description the different formal models of security such as BellLapadula, Biba, Clark-wilson, Harrison-Ruzzo-Ullman, Denning, Chinese Wall and the different security certifications derived from these models, such as TCSEC (DoD Orange Book), ITSEC, Common Criteria (ISO 15408), SSE-CMM (ISO 21827), CMMI and ISO 27001, as well as standards such as ISO 17799, which defines the main information security controls to be taken into account in an organization.

During this course practices and discussions about formation and addition assessment strategies compatible to an Inquiry Based Sciences Teaching (IBST) approach will be held.

Consolidates the attendees’ skills to use techniques that enable the cryptographic assurance of information systems in real operational environments. This course combines a formal and structural presentation of the cryptographic problems, algorithms, standards and protocols (DES, 3DES, AES, SSL, X.509, SHA, pkcs, XML-Enc, XML-DSig, etc.) with concrete discussions on their use and application in real environments such as Java and .NET.

Presents administrative methodologies for security management. In the case of Risk Analysis, it presents the Octave and NIST800-30 methodology, for Continuity Planning, it presents BCP/DRP (Business Continuity Planning/Disaster Recovery Planning), and for Security Incidents Attention it presents NIST800-61. It will also present the basic organizational principles, such as responsibilities separation, less privileges, accountability, human resources procurement and termination.

Shows a complete vision of the Colombian and international regulations, from the ethical and legal standpoints, on informatics crimes, copyrights and patents. Evidence collection techniques and the forensic analysis in general to adequately manage incidents will be studied.

Provides a practical context to every concept studied during the specialization program through a final paper that approaches novelty problems connected to security issues. For instance, a problem yet to be explored in our environment is safe software development and integration. Thus, this course shall include the controls that should be embedded into systems and applications, steps to be followed during development, software development models, maintenance management, setup management, and the SSE-CMM and CMMI models.