Security Data Analytics


Units: 6


Modern information security is full of big data problems. Discovering patterns and trends in cybersecurity incident data, detecting anomalous network or host traffic, predicting the likelihood of an email message containing malicious attachments or links – these are all examples of combining data sources and analytic techniques to preserve the confidentiality, integrity, and availability of information and information systems. In this course, we will cover analytic techniques such as clustering, classification, and anomaly detection, in the context of their applicability to the information security domain. We will explore the data sources that can be mined for security information. We will use hands-on labs to provide practical experience applying analytic techniques to these data sources. Finally, we will present strategies that can be used ensure the outputs of information security analytics are accurate, understandable and actionable by security practitioners and business decision makers alike.

Learning Outcomes

At the completion of this course, students will be able to:

  • Demonstrate competency in identifying effective combinations of data sources and analytic techniques that can be used to solve information security problems
  • Demonstrate competency in applying analytic techniques to information security data sets to identify patterns and anomalies, make predictions, and support security practitioner decision making
  • Demonstrate competency in measuring the effectiveness of information security analytics

Prerequisites Description

(90-711 or 95-796) and 95-752 and (90-812 or 95-888 or 95-898)