CCOG for CIS 277D archive revision 201403
You are viewing an old version of the CCOG. View current version »
- Effective Term:
- Summer 2014 through Summer 2019
- Course Number:
- CIS 277D
- Course Title:
- Database Security
- Credit Hours:
- 4
- Lecture Hours:
- 30
- Lecture/Lab Hours:
- 0
- Lab Hours:
- 30
Course Description
Intended Outcomes for the course
On completion of this course a student should be able to:
1. Carry out a risk analysis for a large database.
2. Implement identification and authentication procedures, fine-grained access control and data encryption techniques.
3. Set up accounts with privileges and roles.
4. Audit accounts and the database system.
5. Back-up and Restore a database.
Course Activities and Design
This course is presented with a combination of lectures and labs.
Students will be expected to complete DB security assignments.
Outcome Assessment Strategies
Students will complete the following assessments:
• Design and set up a DB with security principles in mind.
• Develop a risk analysis for a DB.
• Conduct an audit of DB usage.
• Create secure authentication procedures for web application users.
• Use well-established Encryption routines for data storage and retrieval.
• Troubleshoot DB security issues.
• Backup and restore a DB.
Course Content (Themes, Concepts, Issues and Skills)
• Review of System/Software/Security Development Life Cycle
• Survey typical security policies
o Importance of having a policy
o Policy must be weighed against the need for DB access
o DB security best practices
• Risk analysis
o Documentation
o Analysis is ongoing
o Contingency planning
• Passwords
o Good Vs Bad passwords
o Practicality of password rules
• Identification
o User-supplied Vs Technological
o Protecting against spoofing and Identity theft
• Authentication (Is the person who they say they are?)
o Connection pools and proxy authentication
o Enterprise users
o Web users
• Authorizations
o Privileges
o Roles
• Auditing
o Application audit
o Trigger audit
o Autonomous audit
o Data versioning
o Best practices for auditing
o Performance Testing
o Fine-grained auditing
• Fine-grained access control
o Local context
o Global context
o Object level
o Row or column level
• Label security
• Data encryption
o Key management
o Hashing
o Performance monitoring
• DB Backup and recovery
• Troubleshoot data integrity problem