1 / 14

Information Security Analytics

Information Security Analytics. Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course. Course Outline. May 27: Introduction to Security, Data and Applications Security June 3: Security Governance and Risks June 10: Architecture June 17: Access Control

jennifertdavis
Download Presentation

Information Security Analytics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Analytics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course

  2. Course Outline • May 27: Introduction to Security, Data and Applications Security • June 3: Security Governance and Risks • June 10: Architecture • June 17: Access Control • June 24: Cryptography • July 1: Network Security • July 8: Physical Security, Exam #1 • July 15: Applications Security • July 22: Legal Aspects, Forensics • July 29: Operations Security, Disaster Planning

  3. Text Book • CISSP All-in-One Exam Guide, Fifth Edition • Author: Shon Harris • Hardcover: 1216 pages • Publisher: McGraw-Hill Osborne Media; 5 edition (January 15, 2010) • Language: English • ISBN-10: 0071602178 • ISBN-13: 978-0071602174

  4. Course Rules • Unless special permission is obtained from the instructor, each student will work individually. • Copying material from other sources will not be permitted unless the source is properly referenced. • Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department • No copying of anything from a paper except for about 10 words in quotes. No copying of figure even if it is attributed. You have to draw all figures.

  5. Course Plan • Exam #1: 20 points – July 8, 2011 • Exam #2: 20 points - August 5, 2011 (Location: ECS South 2.415) • ECSS 2.415 • Two term papers 10 points each: Total 20 points • Term paper 1: Due July 1, 2011 • Term Paper 2: Due July 29, 2011 • Programming project : 20 points • Due August 5 (new due date: August 10) • Two Assignments: 10 points each: Total: 20 points • Assignment #1: Due June 24, 2011 • Assignment #2: Due July 22, 2011

  6. Assignment #1 • Explain with examples the following • Discretionary access control • Mandatory access control • Role-based access control (RBAC) • Privacy aware role based access control • Temporal role based access control • Risk aware role-based access control • Attribute-based access control • Usage control (UCON)

  7. Term Paper #1 • Write paper on Identity Management for Cloud Computing • Identity Management • Cloud Computing security challenges • Apply identity management to cloud computing • Directions

  8. Assignment #2 • Suppose you are give the assignment of the Chief Security Officer of a major bank (e.g., Bank of America) or a Major hospital (e.g., Massachusetts General) • Discuss the steps you need to take with respect to the following (you need to keep the following in mining: Confidentiality, Integrity and Availability;; you also need to understand the requirements of banking or healthcare applications and the policies may be: • Information classification • Risk analysis • Secure networks • Secure data management • Secure applications

  9. Term Paper #2 • Write paper on any topic discussed in class (that is, any of the 10 CISSP modules)

  10. Contact • For more information please contact • Dr. Bhavani Thuraisingham • Professor of Computer Science and • Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 • Phone: 972-883-4738 • Fax: 972-883-2399 • Email: bhavani.thuraisingham@utdallas.edu • URL: • http://www.utdallas.edu/~bxt043000/

  11. Project • Software • Design document • Project description • Architecture (prefer with a picture) and description (software – e.g., Oracle, Jena etc.) • Results • Analysis • Potential improvements • References

  12. Paper: Original – you can use material from sources, reword (redraw) and give reference • Abstract • Introduction • Body of the paper • Comparing different approaches and analyzing • Discuss your approach, • Survey • Conclusions • References • ([1]. [2], - - -[THUR99]. • Embed the reference also within the text. • E.g., Tim Berners Lee has defined the semantic web to be -- -- [2].

  13. Guide to the lectures for Exam #2 • Malware discussed in Lectures 2, 22, 23, 24, 25, 26 (2) • Data and Applications Security : Lecture 11, 16, 17 (2 +1?) • Network security: Lecture 10 (2 +1?) • Physical security: Lecture 12 (1/3) • Operations security : Lecture 15 (1/3) • Business continuity planning: Lecture 14 (1/3) • Legal aspects (forensics, privacy): Lectures 13, 20, 21 (2) • Extra Credit • Hardware security: Lecture 25: URL (please read paper – maybe extra credit) • Ontology.CVE/NVD (maybe extra credit): Lecture 18 • Social network security (maybe extra credit): Lecture 19

  14. Papers to read • Privacy preserving data mining • Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving Data Mining. SIGMOD Conference 2000: 439-450 • Hardware security (extra credit maybe) • Please see URL in Lecture 25 – last page • Social network security (extra credit maybe) • Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu, Bhavani M. Thuraisingham: A semantic web based framework for social network access control. SACMAT 2009: 177-186

More Related