IT Graduate Certificate in Information Security and Assurance

 

Course Description

 

(3) IT 6837 Database Security and Auditing

 

Course Description: This course provides students with an understanding of security concepts and practices in general and those specific to database security in a highly detailed implementation. Students will learn fundamental principles of database security and how to develop database applications embedding from simple to sophisticated security and auditing models using advanced database systems and software tools.

 

Course Outline:

Security Architecture

·       Database management systems

·       Information security architecture

·       Database security

·       Asset types and their value

·       Security methods and models

 

Operating System Security Fundamentals

·       The operating system security environment

·       The components of an OS security environment services

·       Authentication methods

·       User administration

·       Password policies

·       Vulnerabilities of operating systems

 

Administration of Users

·       Documentation of user administration

·       Operating system authentication

·       Creating a SQL server user

·       Removing and modifying users

·       Default users

·       Remote users

·       Database links

·       Linked and remote servers

·       Practices for administrators and managers

 

Profiles, Password Policies, Privileges, and Roles

·       Defining and using profiles

·       Designing and implementing password policies

·       Granting and revoking user privileges

·       Creating, assigning, and revoking user roles

·       Best practice

 

Database Application Security Models

·       Type of users

·       Security models

·       Application types

·       Application security models

·       Data encryption

 

Virtual Private Database

·       Overview of virtual private databases

·       Implementing a VPD using views

·       Implementing a VPD using application context in Oracle

·       Implementing Oracle virtual private databases

·       Data Dictionary in applications

·       Viewing VPD policies and application contexts using policy manager

·       Implementing row- and column-level security with SQL server

 

Database Auditing Tools

·       Auditing overview

·       Auditing environment

·       Auditing process and objectives

·       Auditing classifications and types

·       Benefits and side effects of auditing

·       Auditing models

 

Application Data Auditing

·       DML action auditing architecture

·       Oracle triggers

·       SQL server triggers

·       Fine-grained auditing (FGA) with Oracle

·       DML statement audit trail

·       Auditing application errors with Oracle

·       Oracle PL/SQL procedure authorization

 

Auditing Database Activities

·       Using Oracle database activities

·       Creating DLL triggers with Oracle

·       Auditing Database activities with Oracle

·       Auditing server activity with Microsoft SQL Server 2000

·       Implementing SQL profiler

·       Security auditing with SQL server

 

Security and Auditing Project Cases

·       Developing an online database

·       Taking care of payroll

·       Tracking town contracts

·       Tracking database changes

·       Developing a secure authorization repository