IT Graduate Certificate in Information Security and Assurance


Course Description


(3) IT 6837 Database Security and Auditing


Course Description: This course provides students with an understanding of security concepts and practices in general and those specific to database security in a highly detailed implementation. Students will learn fundamental principles of database security and how to develop database applications embedding from simple to sophisticated security and auditing models using advanced database systems and software tools.


Course Outline:

Security Architecture

       Database management systems

       Information security architecture

       Database security

       Asset types and their value

       Security methods and models


Operating System Security Fundamentals

       The operating system security environment

       The components of an OS security environment services

       Authentication methods

       User administration

       Password policies

       Vulnerabilities of operating systems


Administration of Users

       Documentation of user administration

       Operating system authentication

       Creating a SQL server user

       Removing and modifying users

       Default users

       Remote users

       Database links

       Linked and remote servers

       Practices for administrators and managers


Profiles, Password Policies, Privileges, and Roles

       Defining and using profiles

       Designing and implementing password policies

       Granting and revoking user privileges

       Creating, assigning, and revoking user roles

       Best practice


Database Application Security Models

       Type of users

       Security models

       Application types

       Application security models

       Data encryption


Virtual Private Database

       Overview of virtual private databases

       Implementing a VPD using views

       Implementing a VPD using application context in Oracle

       Implementing Oracle virtual private databases

       Data Dictionary in applications

       Viewing VPD policies and application contexts using policy manager

       Implementing row- and column-level security with SQL server


Database Auditing Tools

       Auditing overview

       Auditing environment

       Auditing process and objectives

       Auditing classifications and types

       Benefits and side effects of auditing

       Auditing models


Application Data Auditing

       DML action auditing architecture

       Oracle triggers

       SQL server triggers

       Fine-grained auditing (FGA) with Oracle

       DML statement audit trail

       Auditing application errors with Oracle

       Oracle PL/SQL procedure authorization


Auditing Database Activities

       Using Oracle database activities

       Creating DLL triggers with Oracle

       Auditing Database activities with Oracle

       Auditing server activity with Microsoft SQL Server 2000

       Implementing SQL profiler

       Security auditing with SQL server


Security and Auditing Project Cases

       Developing an online database

       Taking care of payroll

       Tracking town contracts

       Tracking database changes

       Developing a secure authorization repository