Data Security and Privacy

As increasing amounts of data are captured about patients, consumers and citizens, and as more ways of linking and utilising such data emerge, so do concerns about the treatment of personal data — with these concerns emerging from a variety of stake-holders. As such, issues pertaining to database and applications security have increased in importance in recent years. Understanding how existing and emerging legislation might be considered in designing secure databases, as well as how such designs might be mapped to practical security measures, will be essential in an increasingly data-driven world.

Frequency

This course normally runs twice a year.

Course dates

Objectives

The successful participant will:

• have an awareness of both the risks and threats associated with data security, as well as the relevant legislative and regulatory frameworks;
• be able to utilise established and emerging theory in the design of secure access mechanisms;
• be in a position to reason about issues of privacy with respect to data release.

Contents

Context:

the changing landscape; privacy, data security and the law

Access control:

theory and practice; mandatory policies; role-based access control; policy languages

Privacy:

balancing privacy and utility; statistical database security; k-anonymity and related techniques; privacy languages

Requirements

Participants should have a basic understanding of computer security to the level provided by the Security Principles course; participants should also have some familiarity with predicate logic and set theory to the level provided by the Software Engineering Mathematics course.