Students in the Master of Science in Data Science program at Southern Methodist University are required to take the Data and Network Security course as part of their core coursework. This course focuses on the fundamental concepts, mechanisms and protocols for data and network security. Students learn public key cryptography; algorithms such as AES, DES and hash algorithms; and protocols built upon and applications that use those fundamental building blocks, such as message authentication, digital signatures and digital certificates. Students also learn about network security principles, access control and user authentication, privacy and the ethics of security.
We asked our students to reflect on the topics covered in this course and how the course has impacted the development of their data science skills. Here are a few of their responses:
As data scientists we will come into contact with sensitive information on a daily basis and it is essential that we are 100% ethical in our practice. Right now I believe the greatest security weakness lies with the user/individual. Educating the public on the importance of two-factor authentication, long unique alphanumeric passwords, and internet browsing safety, could make everyone’s data much safer. Any company that deals with an individual’s location, health, or financial data should make data security one of their top priorities. This information is personal and it is the right of the individual to determine if and to whom their information is shared. It is the role of companies, with whom the data is stored, to protect this right of the individual. Looking back on the Data and Network Security course there were two things I particularly enjoyed. First, it was important and interesting to learn about security vs practicality and how all security is based on trust. Secondly, I enjoyed the three coding assignments given throughout the semester. These assignments furthered my coding skills and taught me important aspects of security. For example, brute forcing a simple password with only a few lines of code. We also discussed the ACM code of ethics which defines the ethical standards needed in such a field.
– Daniel Ogier, DataScience@SMU student
We’ve moved from a world where online transactions nearly did not exist to one where we often pay with a mobile phone that also contains a great deal of our personal information. In addition to this, we’ve moved from static web pages to intelligent, personalized displays. Similar to this, it seems like security is moving in the direction of learning algorithms and adaptive threats and defenses. Data science is more relevant than ever in this area as developing learning systems which can exploit vulnerabilities or protect against them will become more common. The discussions in the Data and Network Security course were a lot of fun and extremely relevant. When there are privacy breaches almost weekly, frequent news items around surveillance, and a focus on digital privacy these discussions were interesting and really added to the course. It might seem to be a weird thing to add, but the homework in this course was also great – getting some hands on experience with encryption is a good thing to have.
It is extremely important to understand encryption and the ethics around the storage, access, and use of data. As we start to use and gather more data in our daily lives, knowing how the use of this data could impact others, how to keep this data safe, and the ramifications of using the data will only become more important. Ecommerce, social media, anything to do with banking or insurance, or any provider who houses PII (Personally Identifiable Information) are all fairly vulnerable. We’ve seen this with several insurance providers, several ecommerce sites, and even gaming platforms over the past several years as breaches have occurred. One of the central themes in these communications has been which data was taken, which should be safe, and which was encrypted or unencrypted.
– Andrew Pollock, DataScience@SMU student
My favorite aspect of the course is the broad approach to the topic. Many of us in the program will not ever be involved in the details of implementing security protocols at work, but the knowledge of the current state of security technology, how it got there, and how to speak the language is extremely important for a data scientist to understand. The puzzle-solver in me also got a big kick out of digging into cryptanalysis. I think understanding symmetric key and public key cryptography, message authentication codes, and the role they play in user authentication and data integrity is very important for data scientists to understand. We are likely to encounter these types of systems as we work with data in our careers.
Another important topic in the evolution of data security that we spent some time on in the course is the notion of data privacy. 15 years ago it would have seemed crazy that we would place so much personal information about ourselves online. As more and more of the things we use every day become collection points for this data, our notions of what data privacy encompasses and the ethical boundaries of using those data need to continue to grow. It’s a high priority topic for every company operating in today’s marketplace. While companies in different industries will have different approaches to data security, if it’s not something you’re considering as you put technology in place there’s a significant chance your business will suffer some negative consequences from that oversight.