Security of Information and Organizations 2025/2026

Important Dates

T1: November 19th, 16.30 (Tentative)
T2 (and T1): January 5th, 2026
RES: January 21st 2026
EES: September 2026

Planning

According to the UA academic schedule, classes will be lectured from September 15th, until December 22th. The subject is structured as 2 hours of theoretical lectures, 2 hours of practical laboratories, and 1 hour of tutoring hours (optional).

Theoretical classes will present key concepts related to the application of security to modern information systems, and organizations. The practical classes will be focused in the exploration of security mechanisms, and in the exploration and analysis of common security attacks.

The topics lectured in each class should be as follows. Changes may happen, so please check it frequently.

Week	Theoretical	Practical
Sep 15 - Sep 29	T1: Introduction to Security	P1-P4: Security Self Evaluation
Sep 22 - Sep 26	T1: Attacks and Vulnerabilities	P1-P4: XSS vulnerabilities and CORS
Sep 30 - Oct 3	T1: Incident Response in a Organization	P1-P4: SQL Injections
Oct 6 - Oct 10	T1: Modern Symmetric Cyphers	P1-P4: Symmetric Cryptography
Oct 13 - Oct 17	T1: Modern Symmetric Cyphers	P1-P4: Asymmetric Cryptography
Oct 20 - Oct 24	T1: Digests and Asymmetric Cryptography	P1-P4: Certificate Validation
Oct 27 - Oct 31	T1: Management of Asymmetric Keys	Project Discussion
Nov 2 - Nov 7	T1: Authentication Protocols and Methods	P1-P4: Authentication in SSH
Nov 10 - Nov 14	T1: Authentication Protocols and Methods	P1-P4: Authentication with FIDO2
Nov 17 - Nov 20	T1: Access Control Models	P1-P4: Access Control
Nov 24 - Nov 27	T1: Secure Application Development	P1-P4: Secure Development
Dec 1 - Dec 5	T1: Security in Operating Systems	P1-P4: Linux Security
Dec 8 - Dec 12	T1: Secure Communications	P1-P4: Linux Firewalls
Dec 15 - Dec 19	T1: Secure and Resilient Storage	P1-P4: Secure Storage

Rules

Faculty and Lectures

The team will be composed by João Paulo Barraca and Alfredo Matos.
Teaching staff will be available especially during the allocated tutoring slots.
Official course information will be available on this page, or through the Elearning platform.
Classes will be lectured in Portuguese, unless a foreign student is attending. In this case English will be used.
All lecture notes will be made available in English only. Laboratory guides will be provided in English only.

Attendance

Students can choose to attend the theoretical classes, and is highly recommended they do so every week as it correlates with a good outcome. Attendance to practical classes is mandatory and faults will be recorded. Students must be present at (at least) 70% of the practical classes. For this edition that results in a maximum of 4 unjustified faults. If a student exceeds the number of faults allowed, he will automatically fail the subject and won’t be allowed at any other evaluation during the current academic year.

Grading

Grading will be composed by two components (T and P), each contributing with 50% to the final grade. Both components are mandatory and have a minimum threshold.

Theoretical Component: Relates to the contents lectured during all classes, mostly focusing on the theoretical lectures.
- 1 (One) exam (E1), composed by 2 (two) parts (T1 and T2), covering all contents lectured (T or P).
  - An opportunity will be given to perform the first part (T1) in mid November.
  - If T1 is returned, it will be considered for grading, otherwise an equivalent part can be done in the Regular Season.
  - The second part (T2) will be available in the Regular Season.
- Dates:
  - T1: November TBD or in the Regular Season, including questions that address all contents until TBD.
  - T2: During the Regular Season, addressing all contents since TBD (including).
- Final Theoretical Grade: (T1 + T2)
- Minimum points of this component: 7 pts over 20.
  - i.e. $ T1 + T2 >= 7 $
Practical Component:
- Development of practical project by a group of X students. Exceptionally, less students may be allowed after explicit authorization by the faculty.
  - Assignments may be awarded a maximum bonus +10% due to the addition of additional innovations. Additional innovations is a bonus and can be discussed with the faculty before returning the project.
  - In the practical projects, each student will have a pool of 96 hours to allocate as required in their deliveries. This pool can be used to return assignments after the deadline without any penalty. After the pool is exhausted, a standard penalty of 0.1 points per hour applies up to 2 days. After 2 days (96h+48h), the assignment will not be accepted.
  - Projects will need to be defended at a date TBD.
- Minimum points of this component: 7 pts over 20.
  - i.e. $practical >= 7$

The following table summarizes the points of each component:

Component	Item	Weight
P	Project 1	10%
P	Project 2	40%
T	T1	25%
T	T2	25%

Repeat Exam season

The Repeat Exam Season takes place from January 21st until February 3rd. It is available for all students that failed to obtain at least 9.50 points during the Regular Season, or 3.5 and one of the components. The remaining students may also access this season, after the administrative process is initiated by the student.

Rules for this season will be updated at a later time

Special season

The special season usually takes place in September and is available to students in specific cases. Accessing this season will require an additional administrative process. Grading will be composed by two components, each contributing with 10 points to the final grade. It follows the same rules used in the Repeat Exam season.