1. Information Security Analytics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course

2. Course Outline l June 1: Introduction to Security, Data and Applications Security l June 8: Security Governance and Risks / Data mining overview l June 15: Access Control / Access control and policy for data management l June 22: Security architecture / Access control for web services and the cloud l June 29: Cryptography / Secure XML Publishing l July 6: Network Security / Physical Security /Review for exam l July 13: Exam #1 l July 20: Applications Security / Secure Data Architectures; Insider Threat Detection/ l July 27: Legal Aspects, Forensics l August 3: Operations Security, Disaster Planning l August 10: Special Topics, Exam #2

3. Text Book l CISSP All-in-One Exam Guide, Fifth Edition l Author: Shon Harris l Hardcover: 1216 pages l Publisher: McGraw-Hill Osborne Media; 5 edition (January 15, 2010) l Language: English l ISBN-10: 0071602178 l ISBN-13: 978-0071602174

4. Course Rules l Unless special permission is obtained from the instructor, each student will work individually. l Copying material from other sources will not be permitted unless the source is properly referenced. l Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department l No copying of anything from a paper except for about 10 words in quotes. No copying of figure even if it is attributed. You have to draw all figures. l COURSE ATTENDANCE IS MANDATORY

5. Course Plan l Exam #1: 20 points – July 13 l Exam #2: 20 points - August 10 l Two term papers 10 points each: Total 20 points - July 6, July 27 l Programming project : 20 points - August 3 l Two Assignments: 10 points each: Total: 20 points - June 30 – July3, July 20

6. Assignment #1 l Explain with examples the following - Discretionary access control - Mandatory access control - Role-based access control (RBAC) - Privacy aware role based access control - Temporal role based access control - Risk aware role-based access control - Attribute-based access control - Usage control (UCON)

7. Term Paper #1 l Write paper on Identity Management for Cloud Computing - Identity Management - Cloud Computing security challenges - Apply identity management to cloud computing - Directions

8. Assignment #2 l Suppose you are give the assignment of the Chief Security Officer of a major bank (e.g., Bank of America) or a Major hospital (e.g., Massachusetts General) l Discuss the steps you need to take with respect to the following (you need to keep the following in mining: Confidentiality, Integrity and Availability;; you also need to understand the requirements of banking or healthcare applications and the policies may be: - Information classification - Risk analysis - Secure networks - Secure data management - Secure applications

9. Term Paper #2 l Write paper on any topic discussed in class (that is, any of the 10 CISSP modules)

10. Contact l For more information please contact - Dr. Bhavani Thuraisingham - Professor of Computer Science and - Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 - Phone: 972-883-4738 - Fax: 972-883-2399 - Email: bhavani.thuraisingham@utdallas.edu - URL: - http://www.utdallas.edu/~bxt043000/

11. Project l Software l Design document - Project description - Architecture (prefer with a picture) and description (software – e.g., Oracle, Jena etc.) - Results - Analysis - Potential improvements - References

12. Paper: Original – you can use material from sources, reword (redraw) and give reference l Abstract l Introduction l Body of the paper - Comparing different approaches and analyzing - Discuss your approach, - Survey l Conclusions l References - ([1]. [2], - - -[THUR99]. - Embed the reference also within the text. - E.g., Tim Berners Lee has defined the semantic web to be -- -- [2].

13. Index to Exam #1 l Lecture 1: Introduction to Info Systems Security l Lecture 2: Data Mining for Malware Detection* (1) l Lecture 3: Governance and Risk ** (2) l Lecture 4: Data Mining Overview l Lecture 5: Access Control* (1) l Lecture 6: Access Control and Policy for data * (1) l Lecture 7: Security Architecture* (1) l Lecture 8: Secure Web Services* (1) l Lecture 9: Secure Cloud* (1) l Lecture 10: Cryptography* (1) l Lecture #11: Secure publication of XML data * (1) Extra credit: One or two questions on any one of the above

14. Papers to Read for Exam #1 l Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004) Elisa BertinoBarbara CarminatiElena FerrariAmar GuptaIEEE Trans. Knowl. Data Eng. 16 l Expert on Cloud technologies l Vaibhav Khadilkar l vvk072000@utdallas.edu vvk072000@utdallas.edu

15. Index to Exam #2 l Lecture 12: Network Security l Lecture 13: Physical Security l Lecture 14: Assured Cloud Computing (extra credit) l Lecture 15: Data and Applications Security l Lecture 16: Multilevel Secure Data Management l Lecture 17: Insider Threat l Lecture 18: Business Continuity Planning l Lecture 19: Operations Security l Lecture 20: Legal Aspects l Lecture 21 Digital Forensics l Lecture 22: Privacy l Lecture 23: NIST/NVD Lecture (extra credit)