Portland Community College | Portland, Oregon

On completion of this course a student should be able to:
1. Carry out a risk analysis for a large database.
2. Implement identification and authentication procedures, fine-grained access control and data encryption techniques.
3. Set up accounts with privileges and roles.
4. Audit accounts and the database system.
5. Back-up and Restore a database.

This course is presented with a combination of lectures and labs.
Students will be expected to complete DB security assignments.

Students will complete the following assessments:
• Design and set up a DB with security principles in mind.
• Develop a risk analysis for a DB.
• Conduct an audit of DB usage.
• Create secure authentication procedures for web application users.
• Use well-established Encryption routines for data storage and retrieval.
• Troubleshoot DB security issues.
• Backup and restore a DB.

• Review of System/Software/Security Development Life Cycle
• Survey typical security policies
o Importance of having a policy
o Policy must be weighed against the need for DB access
o DB security best practices
• Risk analysis
o Documentation
o Analysis is ongoing
o Contingency planning
• Passwords
o Good Vs Bad passwords
o Practicality of password rules
• Identification
o User-supplied Vs Technological
o Protecting against spoofing and Identity theft
• Authentication (Is the person who they say they are?)
o Connection pools and proxy authentication
o Enterprise users
o Web users
• Authorizations
o Privileges
o Roles
• Auditing
o Application audit
o Trigger audit
o Autonomous audit
o Data versioning
o Best practices for auditing
o Performance Testing
o Fine-grained auditing
• Fine-grained access control
o Local context
o Global context
o Object level
o Row or column level
• Label security
• Data encryption
o Key management
o Hashing
o Performance monitoring
• DB Backup and recovery
• Troubleshoot data integrity problem