CYB810 – Analytics for Security and Privacy

The purpose of this unit is to provide students with an appreciation of the diverse role that analytics plays in cybersecurity practices both at an operational (systems) level, at a management level (weeks 9-10) and specific to threat management (weeks 7-8).

In the first half of the unit, students will gain practical experience with the tools, techniques and practices of security analytics. The unit covers key analytics tools and then proceeds to explore the contexts where they are used, such as incident response, access controls, text mining, and security intelligence. Big data analytics (particularly for threat intelligence) is covered in the second half of the unit. This is an organisational capability that helps in collection, integration and analysis of a large amount of business data generated in various forms at high speed to gain business insights for informed decision making.

By making use of big data analytics to collect, integrate and analyse cybersecurity data from a variety of sources such as logs, networks, endpoints, sensors, and cloud systems, cybersecurity managers can discover useful information about cybersecurity incidents.

Learning Outcomes:

• Critically reflect on the role and utility of analytics in cybersecurity
• Identify, describe, distinguish and critically analyse the utility of descriptive, prescriptive and predictive analytics in cybersecurity operations
• Identify, describe, distinguish and critically analyse the utility of diverse analytical tools such as text mining and intrusion detection for cybersecurity
• Describe, demonstrate the use of, and critically analyse the utility of analytics to detect, diagnose and recover from cybersecurity breaches
• Critically reflect on how ethics and codes of conduct apply to analytics for security and privacy