IT Graduate Certificate in Information Security and Assurance

 

Course Description

 

(3) IT 6837 Database Security and Auditing

 

Course Description: This course provides students with an understanding of security concepts and practices in general and those specific to database security in a highly detailed implementation. Students will learn fundamental principles of database security and how to develop database applications embedding from simple to sophisticated security and auditing models using advanced database systems and software tools.

 

Course Outline:

Security Architecture

       Database management systems

       Information security architecture

       Database security

       Asset types and their value

       Security methods and models

 

Operating System Security Fundamentals

       The operating system security environment

       The components of an OS security environment services

       Authentication methods

       User administration

       Password policies

       Vulnerabilities of operating systems

 

Administration of Users

       Documentation of user administration

       Operating system authentication

       Creating a SQL server user

       Removing and modifying users

       Default users

       Remote users

       Database links

       Linked and remote servers

       Practices for administrators and managers

 

Profiles, Password Policies, Privileges, and Roles

       Defining and using profiles

       Designing and implementing password policies

       Granting and revoking user privileges

       Creating, assigning, and revoking user roles

       Best practice

 

Database Application Security Models

       Type of users

       Security models

       Application types

       Application security models

       Data encryption

 

Virtual Private Database

       Overview of virtual private databases

       Implementing a VPD using views

       Implementing a VPD using application context in Oracle

       Implementing Oracle virtual private databases

       Data Dictionary in applications

       Viewing VPD policies and application contexts using policy manager

       Implementing row- and column-level security with SQL server

 

Database Auditing Tools

       Auditing overview

       Auditing environment

       Auditing process and objectives

       Auditing classifications and types

       Benefits and side effects of auditing

       Auditing models

 

Application Data Auditing

       DML action auditing architecture

       Oracle triggers

       SQL server triggers

       Fine-grained auditing (FGA) with Oracle

       DML statement audit trail

       Auditing application errors with Oracle

       Oracle PL/SQL procedure authorization

 

Auditing Database Activities

       Using Oracle database activities

       Creating DLL triggers with Oracle

       Auditing Database activities with Oracle

       Auditing server activity with Microsoft SQL Server 2000

       Implementing SQL profiler

       Security auditing with SQL server

 

Security and Auditing Project Cases

       Developing an online database

       Taking care of payroll

       Tracking town contracts

       Tracking database changes

       Developing a secure authorization repository