1 / 15
Télécharger la présentation

Information Security Analytics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Analytics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course

  2. Course Outline • June 1: Introduction to Security, Data and Applications Security • June 8: Security Governance and Risks / Data mining overview • June 15: Access Control / Access control and policy for data management • June 22: Security architecture / Access control for web services and the cloud • June 29: Cryptography / Secure XML Publishing • July 6: Network Security / Physical Security /Review for exam • July 13: Exam #1 • July 20: Applications Security / Secure Data Architectures; Insider Threat Detection/ • July 27: Legal Aspects, Forensics • August 3: Operations Security, Disaster Planning • August 10: Special Topics, Exam #2

  3. Text Book • CISSP All-in-One Exam Guide, Fifth Edition • Author: Shon Harris • Hardcover: 1216 pages • Publisher: McGraw-Hill Osborne Media; 5 edition (January 15, 2010) • Language: English • ISBN-10: 0071602178 • ISBN-13: 978-0071602174

  4. Course Rules • Unless special permission is obtained from the instructor, each student will work individually. • Copying material from other sources will not be permitted unless the source is properly referenced. • Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department • No copying of anything from a paper except for about 10 words in quotes. No copying of figure even if it is attributed. You have to draw all figures. • COURSE ATTENDANCE IS MANDATORY

  5. Course Plan • Exam #1: 20 points – July 13 • Exam #2: 20 points - August 10 • Two term papers 10 points each: Total 20 points • July 6, July 27 • Programming project : 20 points • August 3 • Two Assignments: 10 points each: Total: 20 points • June 30 – July3, July 20

  6. Assignment #1 • Explain with examples the following • Discretionary access control • Mandatory access control • Role-based access control (RBAC) • Privacy aware role based access control • Temporal role based access control • Risk aware role-based access control • Attribute-based access control • Usage control (UCON)

  7. Term Paper #1 • Write paper on Identity Management for Cloud Computing • Identity Management • Cloud Computing security challenges • Apply identity management to cloud computing • Directions

  8. Assignment #2 • Suppose you are give the assignment of the Chief Security Officer of a major bank (e.g., Bank of America) or a Major hospital (e.g., Massachusetts General) • Discuss the steps you need to take with respect to the following (you need to keep the following in mining: Confidentiality, Integrity and Availability;; you also need to understand the requirements of banking or healthcare applications and the policies may be: • Information classification • Risk analysis • Secure networks • Secure data management • Secure applications

  9. Term Paper #2 • Write paper on any topic discussed in class (that is, any of the 10 CISSP modules)

  10. Contact • For more information please contact • Dr. Bhavani Thuraisingham • Professor of Computer Science and • Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 • Phone: 972-883-4738 • Fax: 972-883-2399 • Email: bhavani.thuraisingham@utdallas.edu • URL: • http://www.utdallas.edu/~bxt043000/

  11. Project • Software • Design document • Project description • Architecture (prefer with a picture) and description (software – e.g., Oracle, Jena etc.) • Results • Analysis • Potential improvements • References

  12. Paper: Original – you can use material from sources, reword (redraw) and give reference • Abstract • Introduction • Body of the paper • Comparing different approaches and analyzing • Discuss your approach, • Survey • Conclusions • References • ([1]. [2], - - -[THUR99]. • Embed the reference also within the text. • E.g., Tim Berners Lee has defined the semantic web to be -- -- [2].

  13. Index to Exam #1 • Lecture 1: Introduction to Info Systems Security • Lecture 2: Data Mining for Malware Detection* (1) • Lecture 3: Governance and Risk ** (2) • Lecture 4: Data Mining Overview • Lecture 5: Access Control* (1) • Lecture 6: Access Control and Policy for data * (1) • Lecture 7: Security Architecture* (1) • Lecture 8: Secure Web Services* (1) • Lecture 9: Secure Cloud* (1) • Lecture 10: Cryptography* (1) • Lecture #11: Secure publication of XML data * (1) Extra credit: One or two questions on any one of the above

  14. Papers to Read for Exam #1 • Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004) • Expert on Cloud technologies • Vaibhav Khadilkar • vvk072000@utdallas.edu

  15. Index to Exam #2 • Lecture 12: Network Security • Lecture 13: Physical Security • Lecture 14: Assured Cloud Computing (extra credit) • Lecture 15: Data and Applications Security • Lecture 16: Multilevel Secure Data Management • Lecture 17: Insider Threat • Lecture 18: Business Continuity Planning • Lecture 19: Operations Security • Lecture 20: Legal Aspects • Lecture 21 Digital Forensics • Lecture 22: Privacy • Lecture 23: NIST/NVD Lecture (extra credit)

More Related