Southern Polytechnic State University

advertisement

Kennesaw State Universiyt

Information Technology Department

IT 6863 – Database Security and Auditing

Fall 2015

T 6:30-7:45 pm J260

Course Syllabus

Instructor: Svetlana Peltsverger

Phone: (678) 915-4285

Email: speltsve@kennesaw.edu

Office: Atrium Building J387

Office Hours: http://ksuweb.kennesaw.edu/~speltsve/

Catalog Description

Prerequisites: IT 5102 Intro to Security IT 5101 Intro to Database Systems or IT 5433 Databases:

Design and Applications.

This course provides students with an understanding of security concepts and practices in general and those specific to database security in a highly detailed implementation. Students will learn fundamental principles of database security and how to develop database applications embedding from simple to sophisticated security and auditing models using advanced database systems and software tools.

Course Outcomes

Students who complete this course successfully will be able to

Evaluate vulnerabilities of Database Management Systems.

Evaluate vulnerabilities of database driven applications.

Describe the methods for controlling database security.

Understand principles of database auditing.

Develop and implement a security plan for an enterprise level database (password policies, auditing policies, user privileges, profile, and roles).

Required Textbook

Hassan Afyouni, Database Security and Auditing: Protecting Data Integrity and Accessibility .

Course Technology, 2005. ISBN: 0-619-21559-3.

Required Materials

I will provide all instructions assuming that you have Windows computer. We will use open source software, VM Player and Virtual Box. All this is available for Linux/Unix/MAC.

You must have

2 GHz or faster processor

 minimum 4GB RAM

 free disk space minimum 40GB

 administrative rights to your PC

 owner's permission to install course software if you are not the owner of the system.

About the Course

This course will be conducted as BOTH a hybrid (1/2 in class - 1/2 web on Tuesdays 6:30-

7:45 pm J260 ) AND a fully online course for this term. The ONLY difference between the two sections is that students enrolled in hybrid section will have meetings on-campus. Everything else is due at the same time and the requirements are the same for both classes. People learn through interactions, to facilitate interactive learning this course will use Discussions feature of

D2L. Discussions will take place in an asynchronous manner.

NOTE: You can change sections only during ADD/DROP period. If you are in on campus section, you are required to attend all class meetings.

There are 13 content modules in this course – one for each week. Last week will be dedicated to the group project implementation and deployment. Week ends Wednesday at 11:59pm. All module assignments are due at 11:59 pm on Wednesday.

Proctored exam

(Face-to-face – including half-web – students are used to proctored exams, and should expect to attend all classes, as well as proctored exams.) Online students should ALSO note that proctored exams are required for the online version of this course, as well.

1. On campus students take the exam at a commonly scheduled time on the SPSU campus. Due to the limited number of seats, online students must have the instructor's approval if they wish to use this option

2. Online students take the exam at a commonly scheduled time at http://www.proctoru.com/

Note that it requires registration with proctorU.com, scheduling the exam and a payment of a nominal fee for this service, for which the student will be responsible.

PLEASE CONTACT THE INSTRUCTOR ASAP IF YOU HAVE ANY QUESTIONS.

Preparation of work for this course

You have to run all code examples from the module before you attempt to complete assigned lab. All assignments must be submitted through D2L before the corresponding deadline.

Each module contains:

1.

Assigned reading and additional reading for students who want to read further on the week's topic

2.

Online content.

3.

Assigned hands-on exercises.

4.

Discussion topic OR quiz.

5.

Apply your knowledge section.

For each content module you should:

1.

Read the on-line content and the assigned sections from the text.

2.

Post questions, corrections, or comments about the content in the discussion area designated for the module.

3.

Do assigned hands-on activities from the book. Use the discussion area, or email to the instructor or classmates, to ask for help with any exercises that give you difficulty.

4.

Take the Quiz and review your results. The Quiz is due at 11:59 PM on Wednesday, but I encourage you to take it earlier.

5.

Read and respond to the assigned discussion topic. All discussions must be completed by 11:59pm on Wednesday. Do not wait until the last minute to start, you will cause difficulties to your classmates and also have 30% penalty for starting

later than 24 hours before the deadline. Each person should give their opinion about assigned question (at least two paragraphs and references if applicable) and AT

LEAST TWO posts to comment on the work of your classmates.

Discussion grading criteria: a.

Preparation 20% - read material and post on time. b.

Information 20% - accurate information supported by external references. c.

Analysis 40% - highlights significant issues without overgeneralizing. d.

Interaction 20% - responses to peer's posts and where appropriate challenges other posts. e.

Penalty – 30% for starting later than 24 hours before the deadline. f.

Bonus – 15% for moderating the discussion.

6.

Do assigned lab. The Lab is due at 11:59 PM on Wednesday.

Throughout the course, you should log in regularly to check for announcements and email. The course Calendar posted on D2L contains all important dates. Any changes of dates will be publicized by post in discussion area and/or email.

Home & Lab Assignments and Discussions

All Assignments will be posted on D2L http://kennesaw.edu/d2l . All assignments, discussions and quizzes are due at 11:59 pm on Wednesday. If for some reason you have not been able to submit assignment by deadline, then you have 24 hours to submit your work with a 20% penalty (quizzes cannot be submitted later). No reports will be accepted after that.

All work turned in for this class must meet the style and submission guidelines http://ksuweb.kennesaw.edu/~speltsve/files/style_and_submission_guide_d2l.pdf

Work that does not meet the submission criteria will not be graded. Every effort will be made to return your graded assignments to you within one week. Scoring rubric will be provided for each assignment.

Grading Policy

Your grade will be based:

Proctored Test: 30

Your grading scale will be as follows:

Score ≥ 90 A

Score ≥ 80 & Score < 90

B Individual Project: 20

Group Project: 15

Score ≥ 70 & Score < 80

C

Labs Reports, Quizzes & Discussions: 35 Score ≥ 60 & Score < 70 D

Total: 100 Score < 60 F

Communications and Announcements

To communicate with you through e-mail I will use your D2L e-mail. Any changes of dates and announcements will be publicized by post in news area on D2L and/or email.

Contact me

1.

D2L Email or speltsve@kennesaw.edu (checked every day)

2.

Use the Discussion tool for the course in D2L (checked at least twice a week).

3.

Call me (678) 915-4285

4.

Stop by my office during office hours or schedule an appointment.

Course Calendar (subject to change)

Module

0

1

2

3

Topics

4

5

6

7

Orientation Syllabus

SQL Review

Security Architecture

Operating System Security Fundamentals and SQL review

SQL Procedures and Functions

Triggers

User Administration: Oracle

User Administration: MS SQL Server

8

Individual Project Due

Profiles, passwords, Privileges, and Roles 4

9 Database Application Security Models

10 Virtual Private Databases

5

6

11 Database Auditing Models

12 Application Data Auditing Database

Activities

7

8,9

Test

Group Project QA session

Group Project due

Group project reviews due

1-9

3

3

Ch Assigned discussions and/or lab reports and/or quizzes are due

WEDNESDAYS

21 August 2015 Friday

26 August 2015

1

2

2 September 2015

9 September 2015

16 September 2015

23 September 2015

30 September 2015

7 October 2015

7 October 2015

14 October 2015

21 October 2015

28 October 2015

4 November 2015

11 November 2015

17 November 2015

1 December 2015

2 December 2015

7 December, 2015

Important Dates

Classes Begin – August 17, 2015

Students Must Log Into Course to Confirm Attendance - August 17, 2015

Drop/Add - August 17 - 24, 2015

Last day to withdraw – October 7, 2015

Proctored Exam- Tuesday, November 17, 6:30 pm – 7:45 pm in J-260 for on campus students and Tuesday, November 17, 6:30 pm – 7:45 pm on ProctorU for online students. Online student take test in J260 with instructor permission (due to limited seating)

No “extra credit” work

will be given to improve one’s grade. Copies of your class work and test will be kept for record.

Academic conduct

Every KSU student is responsible for upholding the provisions of the Student Code of

Conduct, as published in the Undergraduate and Graduate Catalogs. Section 5c of the Student

Code of Conduct addresses the university’s policy on academic honesty, including provisions regarding plagiarism and cheating, unauthorized access to university materials, misrepresentation/falsification of university records or academic work, malicious removal, retention, or destruction of library materials, malicious/intentional misuse of computer

facilities and/or services, and misuse of student identification cards. Incidents of alleged academic misconduct will be handled through the established procedures of the Department of

Student Conduct and Academic Integrity (SCAI), which includes either an “informal” resolution by a faculty member, resulting in a grade adjustment, or a formal hearing procedure, which may subject a student to the Code of Conduct’s minimum one semester suspension requirement. See also https://web.kennesaw.edu/scai/content/ksu-student-code-conduct .

Network Etiquette

Communication in an online class takes special consideration. Please read the short list of tips below.

Be sensitive and reflective to what others are saying.

Don't use all caps. It is the equivalent of screaming.

Don't flame - These are outbursts of extreme emotion or opinion.

Think before you hit the post (enter/reply) button. You can't take it back!

Don't use offensive language.

Use clear subject lines.

Don't use abbreviations or acronyms unless the entire class knows them.

Be forgiving. Anyone can make a mistake.

Keep the dialog collegial and professional.

Attendance Policy

Online Students must log into GeorgiaView courses by 11:59pm of the day classes begin to confirm their attendance. If you fail to log into your courses by 11:59pm of the day classes begin, or fail to complete course activities within a two-week period at any time during the semester, the instructor will consider your lack of activity as an indication of your intention not to continue in the course. Failure to participate without officially withdrawing from the course will result in a grade of F.

Be sure to submit all assigned work on time. If you are not able to participate in assigned class activities, contact your instructor immediately.

Attendance and participation in class are expected. If you have any problems with attendance

(or something else), contact me BEFORE they become a problem.

If you must miss an exam due to illness you must e-mail or call me before the scheduled time and perhaps something can be arranged to avoid a zero for this exam. Failure to notify me prior to the scheduled time will produce an automatic zero for the exam. No makeup test except for emergencies with proof ( e.g. doctor’s slip)

Students with disabilities

Students with qualifying disabilities under the Americans with Disabilities Act (ADA) and/or

Section 504 of the Rehabilitation Act who require “reasonable accommodation(s)” to complete the course may request those from Office of Student Disability Services. Students requiring such accommodations are required to work with the University’s Office of Student Disability

Services rather than engaging in this discussion with individual faculty members or academic departments. If, after reviewing the course syllabus, a student anticipates or should have anticipated a need for accommodation, he or she must submit documentation requesting an accommodation and permitting time for a determination prior to submitting assignments or taking course quizzes or exams. Students may not request retroactive accommodation for needs that were or should have been foreseeable. Students should contact the office as soon as

possible in the term for which they are seeking accommodations. Student Disability Services is located in the Carmichael Student Center in Suite 267. Please visit the Student Disabilities

Services website at www.kennesaw.edu/stu_dev/sds for more information, or call the office at

470-578-2666.

Download