1. Information Security Analytics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course

2. Course Outline l May 27: Introduction to Security, Data and Applications Security l June 3: Security Governance and Risks l June 10: Architecture l June 17: Access Control l June 24: Cryptography l July 1: Network Security l July 8: Physical Security, Exam #1 l July 15: Applications Security l July 22: Legal Aspects, Forensics l July 29: Operations Security, Disaster Planning

3. Text Book l CISSP All-in-One Exam Guide, Fifth Edition l Author: Shon Harris l Hardcover: 1216 pages l Publisher: McGraw-Hill Osborne Media; 5 edition (January 15, 2010) l Language: English l ISBN-10: 0071602178 l ISBN-13: 978-0071602174

4. Course Rules l Unless special permission is obtained from the instructor, each student will work individually. l Copying material from other sources will not be permitted unless the source is properly referenced. l Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department l No copying of anything from a paper except for about 10 words in quotes. No copying of figure even if it is attributed. You have to draw all figures.

5. Course Plan l Exam #1: 20 points – July 8, 2011 l Exam #2: 20 points - August 5, 2011 (Location: ECS South 2.415) - ECSS 2.415 l Two term papers 10 points each: Total 20 points - Term paper 1: Due July 1, 2011 - Term Paper 2: Due July 29, 2011 l Programming project : 20 points - Due August 5 (new due date: August 10) l Two Assignments: 10 points each: Total: 20 points - Assignment #1: Due June 24, 2011 - Assignment #2: Due July 22, 2011

6. Assignment #1 l Explain with examples the following - Discretionary access control - Mandatory access control - Role-based access control (RBAC) - Privacy aware role based access control - Temporal role based access control - Risk aware role-based access control - Attribute-based access control - Usage control (UCON)

7. Term Paper #1 l Write paper on Identity Management for Cloud Computing - Identity Management - Cloud Computing security challenges - Apply identity management to cloud computing - Directions

8. Assignment #2 l Suppose you are give the assignment of the Chief Security Officer of a major bank (e.g., Bank of America) or a Major hospital (e.g., Massachusetts General) l Discuss the steps you need to take with respect to the following (you need to keep the following in mining: Confidentiality, Integrity and Availability;; you also need to understand the requirements of banking or healthcare applications and the policies may be: - Information classification - Risk analysis - Secure networks - Secure data management - Secure applications

9. Term Paper #2 l Write paper on any topic discussed in class (that is, any of the 10 CISSP modules)

10. Contact l For more information please contact - Dr. Bhavani Thuraisingham - Professor of Computer Science and - Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 - Phone: 972-883-4738 - Fax: 972-883-2399 - Email: bhavani.thuraisingham@utdallas.edu - URL: - http://www.utdallas.edu/~bxt043000/

11. Project l Software l Design document - Project description - Architecture (prefer with a picture) and description (software – e.g., Oracle, Jena etc.) - Results - Analysis - Potential improvements - References

12. Paper: Original – you can use material from sources, reword (redraw) and give reference l Abstract l Introduction l Body of the paper - Comparing different approaches and analyzing - Discuss your approach, - Survey l Conclusions l References - ([1]. [2], - - -[THUR99]. - Embed the reference also within the text. - E.g., Tim Berners Lee has defined the semantic web to be -- -- [2].

13. Guide to the lectures for Exam #2 l Malware discussed in Lectures 2, 22, 23, 24, 25, 26 (2) l Data and Applications Security : Lecture 11, 16, 17 (2 +1?) l Network security: Lecture 10 (2 +1?) l Physical security: Lecture 12 (1/3) l Operations security : Lecture 15 (1/3) l Business continuity planning: Lecture 14 (1/3) l Legal aspects (forensics, privacy): Lectures 13, 20, 21 (2) l Extra Credit l Hardware security: Lecture 25: URL (please read paper – maybe extra credit) l Ontology.CVE/NVD (maybe extra credit): Lecture 18 l Social network security (maybe extra credit): Lecture 19

14. Papers to read l Privacy preserving data mining - Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving Data Mining. SIGMOD Conference 2000: 439-450Ramakrishnan SrikantSIGMOD Conference 2000 l Hardware security (extra credit maybe) - Please see URL in Lecture 25 – last page l Social network security (extra credit maybe) - Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu, Bhavani M. Thuraisingham: A semantic web based framework for social network access control. SACMAT 2009: 177-186 Barbara CarminatiElena FerrariRaymond HeatherlyMurat KantarciogluSACMAT 2009