Skip Navigation
 

ISSC431 - Database Systems Security

Course Details

Course Code: ISSC431 Course ID: 4409 Credit Hours: 3 Level: Undergraduate

This course is an introductory study of the principles, practices, procedures, and methodologies to ensure security of data at rest within databases. It appraises the convergence between database security and associated threat vectors and attack methods. It examines database types, security architecture, platform fundamentals, user administration, password management, security models, virtual private databases, and auditing models. It reviews database security processes, security configuration techniques, and auditing checklists. Course topics include: Secure Architecture, Privilege Management, and Auditing Processes.





Course Schedule

Registration Dates Course Dates Session Weeks
05/27/19 - 11/01/19 11/04/19 - 12/29/19 Fall 2019 Session I 8 Week session
06/24/19 - 11/29/19 12/02/19 - 01/26/20 Fall 2019 Session D 8 Week session
07/29/19 - 01/03/20 01/06/20 - 03/01/20 Winter 2020 Session B 8 Week session
08/26/19 - 01/31/20 02/03/20 - 03/29/20 Winter 2020 Session I 8 Week session
09/30/19 - 02/28/20 03/02/20 - 04/26/20 Winter 2020 Session D 8 Week session

Current Syllabi

  • Describe database systems and differentiate the variant splices
  • Describe the role of databases in organizations
  • Describe the operating context of databases and evaluate associated risks
  • Evaluate database security vulnerabilities and identify mitigation corresponding techniques
  • Develop a security strategy and solution for securing databases
  • Design a Database Security Audit Checklist

The grading will be based on Weekly assignments, discussion Forum postings, an open book final examination, and 3 research papers.

  1. Weekly Assignments: There will be eight Weekly assignments. The assignments and exercise will count as 20% of the final grade. The Weekly assignments will follow each of the major portions of the course. These assignments should include at least 3 references and be submitted in APA formatting. Assignments should be prepared in Microsoft Word or an equivalent word processor program and uploaded into the student folder by the due date.
  2. Discussion Forum Postings: There will be eight discussion Forum postings you will need to respond to. Answers should be a paragraph with a topic sentence that restates the question and supporting sentences using the terms, concepts, and theories from the required readings. Each answer should be a minimum of 250 words. You may respond to other students’ answers using the terms, concepts and theories from the required readings. All responses should be a courteous paragraph that contains a topic sentence with good supporting sentences. You may respond multiple times with a continuous discussion with points and counter points. The key requirement is to express your idea and then support your position using the terms, concepts and theories from the required readings to demonstrate to me that you understand the material. The discussion Forum postings will count as 20% of the final grade.
NameGrade %
Assignments 30.00 %
Week 1 Assignment 3.75 %
Week 2 Assignment 3.75 %
Week 3 Assignment 3.75 %
Week 4 Assignment 3.75 %
Week 5 Assignment 3.75 %
Week 6 Assignment 3.75 %
Week 7 Assignment 3.75 %
Week 8 Assignment 3.75 %
Forums 35.00 %
Week 1 Forum 4.38 %
Week 2 Forum 4.38 %
Week 3 Forum 4.38 %
Week 4 Forum 4.38 %
Week 5 Forum 4.38 %
Week 6 Forum 4.38 %
Week 7 Forum 4.38 %
Week 8 Forum 4.38 %
Weekly Quiz 10.00 %
Week 1 Quiz 1.25 %
Week 2 Quiz 1.25 %
Week 3 Quiz 1.25 %
Week 4 Quiz 1.25 %
Week 5 Quiz 1.25 %
Week 6 Quiz 1.25 %
Week 7 Quiz 1.25 %
Week 8 Quiz 1.25 %
DB Sec Research Paper 25.00 %
Database Security Research Paper - DRAFT 10.00 %
Database Security Research Paper 15.00 %

Web-Based Readings

WEEK 1:

Stronger Database Security Needed, Cyber Attacks Show. Retrieved November 14, 2011 from http://www.cioinsight.com/c/a/Latest-News/CyberAttacks-Highlight-Need-to-Focus-on-Stronger-Database-Security-342260/

WEEK 2:

Securing MySQL: Step-by-Step. Retrieved November 14, 2011 from http://www.symantec.com/connect/articles/securing-mysql-step-step

WEEK 3:

Understanding Password Policy for SQL Server Logins. Retrieved November 14, 2011 from http://support.microsoft.com/kb/2028712

Password Policy. Retrieved November 14, 2011 from http://msdn.microsoft.com/en-us/library/ms161959.aspx

SQL Server Security. Retrieved November 14, 2011 from http://technet.microsoft.com/en-us/library/ms172399.aspx

How to Add a User and Set User Privileges to SQL Server. Retrieved November 14, 2011 from http://support.microsoft.com/kb/191694

WEEK 4:

Introducing Oracle Database Security. Retrieved November 14, 2011 from http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/intro.htm

WEEK 5:

Preventing a Brute Force or Dictionary Attack: How to Keep the Brutes Away from Your Loot. Retrieved November 14, 2011 from http://www.codeproject.com/KB/architecture/brute-force-attack.aspx

WEEK 6:

Generate dynamic SQL statements in SQL Server. Retrieved November 14, 2011 from http://www.techrepublic.com/blog/datacenter/generate-dynamic-sql-statements-in-sql-server/306

SQL Injection Attacks – How to Find and Fix Them. Retrieved November 14, 2011 from http://www.acunetix.com/websitesecurity/sql-injection2.htm

SQL Injection. Retrieved November 14, 2011 from http://msdn.microsoft.com/en-us/library/ms161953.aspx

SQL Injection Attacks – Are You Safe? Retrieved November 14, 2011 from http://www.sitepoint.com/sql-injection-attacks-safe/

SQL Injection Lessons from X-Force Emergency Response Investigations. Retrieved November 14, 2011 from http://blogs.iss.net/archive/sql-injection-ers.html

WEEK 7:

8 Database Auditing: Security Considerations. Retrieved November 14, 2011 from http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/auditing.htm

Best Practices – Leaving an Audit Trail in Your Database. Retrieved November 14, 2011 from http://www.indywebshop.com/bestpractices/2006/07/28/leaving-an-audit-trail-in-your-database/

SQL Server Security Audit. Retrieved November 14, 2011 from http://www.sql-server-performance.com/2009/security-audit-server-level/

WEEK 8:

Penetration Testing: The Third Party Hacker. Retrieved November 14, 2011 from http://www.sans.org/reading_room/whitepapers/testing/penetration-testing-third-party-hacker_264

NoSQL (2016). Your Ultimate Guide to the Non-Relational Universe! Retrieved on January 1, 2016 from http://nosql-database.org/

Fidelis Cybersecurity (2014). Current Data Security Issues of NoSQL Databases. Retrieved December 19, 2015 from https://www.fidelissecurity.com/files/NDFInsightsWhitePaper.pdf

Book Title:Database Security - the VitalSource e-book is provided inside the classroom
ISBN:9781435453906
Publication Info:VS-Cengage
Author:Alfred Basta
Unit Cost:$80.60
Electronic ISBN:9781305328495
Electronic Unit Cost:$35.00

Previous Syllabi

Not current for future courses.