Kennesaw State Universiyt
Information Technology Department
IT 6863 – Database Security and Auditing
Fall 2015
T 6:30-7:45 pm J260
Course Syllabus
Instructor: Svetlana Peltsverger
Phone: (678) 915-4285
Email: speltsve@kennesaw.edu
Office: Atrium Building J387
Office Hours: http://ksuweb.kennesaw.edu/~speltsve/
Prerequisites: IT 5102 Intro to Security IT 5101 Intro to Database Systems or IT 5433 Databases:
Design and Applications.
This course provides students with an understanding of security concepts and practices in general and those specific to database security in a highly detailed implementation. Students will learn fundamental principles of database security and how to develop database applications embedding from simple to sophisticated security and auditing models using advanced database systems and software tools.
Students who complete this course successfully will be able to

Evaluate vulnerabilities of Database Management Systems.

Evaluate vulnerabilities of database driven applications.

Describe the methods for controlling database security.

Understand principles of database auditing.

Develop and implement a security plan for an enterprise level database (password policies, auditing policies, user privileges, profile, and roles).
Hassan Afyouni, Database Security and Auditing: Protecting Data Integrity and Accessibility .
Course Technology, 2005. ISBN: 0-619-21559-3.
I will provide all instructions assuming that you have Windows computer. We will use open source software, VM Player and Virtual Box. All this is available for Linux/Unix/MAC.
You must have

2 GHz or faster processor
 minimum 4GB RAM
 free disk space minimum 40GB
 administrative rights to your PC
 owner's permission to install course software if you are not the owner of the system.

This course will be conducted as BOTH a hybrid (1/2 in class - 1/2 web on Tuesdays 6:30-
7:45 pm J260 ) AND a fully online course for this term. The ONLY difference between the two sections is that students enrolled in hybrid section will have meetings on-campus. Everything else is due at the same time and the requirements are the same for both classes. People learn through interactions, to facilitate interactive learning this course will use Discussions feature of
D2L. Discussions will take place in an asynchronous manner.
NOTE: You can change sections only during ADD/DROP period. If you are in on campus section, you are required to attend all class meetings.
There are 13 content modules in this course – one for each week. Last week will be dedicated to the group project implementation and deployment. Week ends Wednesday at 11:59pm. All module assignments are due at 11:59 pm on Wednesday.
(Face-to-face – including half-web – students are used to proctored exams, and should expect to attend all classes, as well as proctored exams.) Online students should ALSO note that proctored exams are required for the online version of this course, as well.
1. On campus students take the exam at a commonly scheduled time on the SPSU campus. Due to the limited number of seats, online students must have the instructor's approval if they wish to use this option
2. Online students take the exam at a commonly scheduled time at http://www.proctoru.com/
Note that it requires registration with proctorU.com, scheduling the exam and a payment of a nominal fee for this service, for which the student will be responsible.
PLEASE CONTACT THE INSTRUCTOR ASAP IF YOU HAVE ANY QUESTIONS.
You have to run all code examples from the module before you attempt to complete assigned lab. All assignments must be submitted through D2L before the corresponding deadline.
Each module contains:
1.
Assigned reading and additional reading for students who want to read further on the week's topic
2.
Online content.
3.
Assigned hands-on exercises.
4.
Discussion topic OR quiz.
5.
Apply your knowledge section.
For each content module you should:
1.
Read the on-line content and the assigned sections from the text.
2.
Post questions, corrections, or comments about the content in the discussion area designated for the module.
3.
Do assigned hands-on activities from the book. Use the discussion area, or email to the instructor or classmates, to ask for help with any exercises that give you difficulty.
4.
Take the Quiz and review your results. The Quiz is due at 11:59 PM on Wednesday, but I encourage you to take it earlier.
5.
Read and respond to the assigned discussion topic. All discussions must be completed by 11:59pm on Wednesday. Do not wait until the last minute to start, you will cause difficulties to your classmates and also have 30% penalty for starting

later than 24 hours before the deadline. Each person should give their opinion about assigned question (at least two paragraphs and references if applicable) and AT
LEAST TWO posts to comment on the work of your classmates.
Discussion grading criteria: a.
Preparation 20% - read material and post on time. b.
Information 20% - accurate information supported by external references. c.
Analysis 40% - highlights significant issues without overgeneralizing. d.
Interaction 20% - responses to peer's posts and where appropriate challenges other posts. e.
Penalty – 30% for starting later than 24 hours before the deadline. f.
Bonus – 15% for moderating the discussion.
6.
Do assigned lab. The Lab is due at 11:59 PM on Wednesday.
Throughout the course, you should log in regularly to check for announcements and email. The course Calendar posted on D2L contains all important dates. Any changes of dates will be publicized by post in discussion area and/or email.
All Assignments will be posted on D2L http://kennesaw.edu/d2l . All assignments, discussions and quizzes are due at 11:59 pm on Wednesday. If for some reason you have not been able to submit assignment by deadline, then you have 24 hours to submit your work with a 20% penalty (quizzes cannot be submitted later). No reports will be accepted after that.
All work turned in for this class must meet the style and submission guidelines http://ksuweb.kennesaw.edu/~speltsve/files/style_and_submission_guide_d2l.pdf
Work that does not meet the submission criteria will not be graded. Every effort will be made to return your graded assignments to you within one week. Scoring rubric will be provided for each assignment.
Your grade will be based:
Proctored Test: 30
Your grading scale will be as follows:
Score ≥ 90 A
Score ≥ 80 & Score < 90
B Individual Project: 20
Group Project: 15
Score ≥ 70 & Score < 80
C
Labs Reports, Quizzes & Discussions: 35 Score ≥ 60 & Score < 70 D
Total: 100 Score < 60 F
To communicate with you through e-mail I will use your D2L e-mail. Any changes of dates and announcements will be publicized by post in news area on D2L and/or email.
1.
D2L Email or speltsve@kennesaw.edu (checked every day)
2.
Use the Discussion tool for the course in D2L (checked at least twice a week).
3.
Call me (678) 915-4285
4.
Stop by my office during office hours or schedule an appointment.

Module
0
1
2
3
Topics
4
5
6
7
Orientation Syllabus
SQL Review
Security Architecture
Operating System Security Fundamentals and SQL review
SQL Procedures and Functions
Triggers
User Administration: Oracle
User Administration: MS SQL Server
8
Individual Project Due
Profiles, passwords, Privileges, and Roles 4
9 Database Application Security Models
10 Virtual Private Databases
5
6
11 Database Auditing Models
12 Application Data Auditing Database
Activities
7
8,9
Test
Group Project QA session
Group Project due
Group project reviews due
1-9
3
3
Ch Assigned discussions and/or lab reports and/or quizzes are due
WEDNESDAYS
21 August 2015 Friday
26 August 2015
1
2
2 September 2015
9 September 2015
16 September 2015
23 September 2015
30 September 2015
7 October 2015
7 October 2015
14 October 2015
21 October 2015
28 October 2015
4 November 2015
11 November 2015
17 November 2015
1 December 2015
2 December 2015
7 December, 2015

Classes Begin – August 17, 2015

Students Must Log Into Course to Confirm Attendance - August 17, 2015

Drop/Add - August 17 - 24, 2015

Last day to withdraw – October 7, 2015

Proctored Exam- Tuesday, November 17, 6:30 pm – 7:45 pm in J-260 for on campus students and Tuesday, November 17, 6:30 pm – 7:45 pm on ProctorU for online students. Online student take test in J260 with instructor permission (due to limited seating)
No “extra credit” work
will be given to improve one’s grade. Copies of your class work and test will be kept for record.
Every KSU student is responsible for upholding the provisions of the Student Code of
Conduct, as published in the Undergraduate and Graduate Catalogs. Section 5c of the Student
Code of Conduct addresses the university’s policy on academic honesty, including provisions regarding plagiarism and cheating, unauthorized access to university materials, misrepresentation/falsification of university records or academic work, malicious removal, retention, or destruction of library materials, malicious/intentional misuse of computer

facilities and/or services, and misuse of student identification cards. Incidents of alleged academic misconduct will be handled through the established procedures of the Department of
Student Conduct and Academic Integrity (SCAI), which includes either an “informal” resolution by a faculty member, resulting in a grade adjustment, or a formal hearing procedure, which may subject a student to the Code of Conduct’s minimum one semester suspension requirement. See also https://web.kennesaw.edu/scai/content/ksu-student-code-conduct .
Communication in an online class takes special consideration. Please read the short list of tips below.

Be sensitive and reflective to what others are saying.

Don't use all caps. It is the equivalent of screaming.

Don't flame - These are outbursts of extreme emotion or opinion.

Think before you hit the post (enter/reply) button. You can't take it back!

Don't use offensive language.

Use clear subject lines.

Don't use abbreviations or acronyms unless the entire class knows them.

Be forgiving. Anyone can make a mistake.

Keep the dialog collegial and professional.
Online Students must log into GeorgiaView courses by 11:59pm of the day classes begin to confirm their attendance. If you fail to log into your courses by 11:59pm of the day classes begin, or fail to complete course activities within a two-week period at any time during the semester, the instructor will consider your lack of activity as an indication of your intention not to continue in the course. Failure to participate without officially withdrawing from the course will result in a grade of F.
Be sure to submit all assigned work on time. If you are not able to participate in assigned class activities, contact your instructor immediately.
Attendance and participation in class are expected. If you have any problems with attendance
(or something else), contact me BEFORE they become a problem.
If you must miss an exam due to illness you must e-mail or call me before the scheduled time and perhaps something can be arranged to avoid a zero for this exam. Failure to notify me prior to the scheduled time will produce an automatic zero for the exam. No makeup test except for emergencies with proof ( e.g. doctor’s slip)
Students with qualifying disabilities under the Americans with Disabilities Act (ADA) and/or
Section 504 of the Rehabilitation Act who require “reasonable accommodation(s)” to complete the course may request those from Office of Student Disability Services. Students requiring such accommodations are required to work with the University’s Office of Student Disability
Services rather than engaging in this discussion with individual faculty members or academic departments. If, after reviewing the course syllabus, a student anticipates or should have anticipated a need for accommodation, he or she must submit documentation requesting an accommodation and permitting time for a determination prior to submitting assignments or taking course quizzes or exams. Students may not request retroactive accommodation for needs that were or should have been foreseeable. Students should contact the office as soon as

possible in the term for which they are seeking accommodations. Student Disability Services is located in the Carmichael Student Center in Suite 267. Please visit the Student Disabilities
Services website at www.kennesaw.edu/stu_dev/sds for more information, or call the office at
470-578-2666.