da201-operations and database security - Web-Network ...

spongehousesSecurity

Nov 3, 2013 (3 years and 9 months ago)

77 views

Course Outline


A. Course Number and Title:

DA
201

Operations and Database

Security

Pre
-
requisite
: DA
107 Introduction to Information
Security

B. Curriculum:




Information Technology (1492), Technical elective

C. Course Description:



This course

will cover fundamentals of operations and database


security. Topics may include controls over hardware, software


and backups, audits and monitoring, operations personnel,


physical security concepts. Also security management and


concepts of web sec
urity.

D. Duration of Instructional Period:

150 minutes/week/15 weeks


classroom






100 minutes/week/15 weeks


laboratory






3,750 minutes/semester (4) credit hours

E. Lecture/Lab/Credit Hours:


3
-
2
-
4

F. Suggested Text(s):



Database Security
and Auditing








Sam Afyouni










Thomson Course Technology Copyright 2005






ISBN: 0
-
619
-
21559
-
3





Security In Distributed Computing: Did You Lock the Door?




Bruce, Glen and Dem
psey, Rob Prenhall Copyright 1997 ISBN:



0
-
131
-
829084


G. Course Outcomes:




Upon completion, the student will be able to:






1.Describe and understand how vulnerability scanning is used
to






pinpoint potential weaknesses in the infrastructure






2. Understand and demonstrate port scanning and vulnerability





scanning










3. Assess hacker challenges, malicious break
-
ins and insider





threats





4. Discuss encryption and steganography








5. Analyze the security issues that are specific to database





systems










6. Identify and secure web exposures







7. Observe TCP/IP pa
cket streams to understand zone based




security




H. Program Competencies:

1. Demonstrate knowledge of a broad business and real world



perspectives of information technology





2. Demonstrate analytical and critical thinking skills



3. Demonstrate the ability to apply analytical and logical



thinking to gathering and analyzing information, designing




and testing solutions to problems and formulating plans


4. Demonstrate the ability to visualize and articulate complex



problems and concepts






5. Use and apply current technical concepts and practices in the


core information technologies





6. Design effective and usable I
T
-
based solutions and integrate



those components into the user environment



7. Identify and evaluate current and emerging technologies and



assess their applicability to address the users’ needs
8. Demonstrate an understanding of best practices, standards and



their application







9. Demonstrate independent critical thinking and problem


solving skills
10. Communic
ate effectively and efficiently with clients, users


and peers both verbally and in writing, using appropriate


termin
ology






I. SUNY General Education Knowledge and Skills:

NA

J. ECC Graduate L
earning Outcomes (GLO):














1. To identify and logically analyze problems and issues





and to propose
and evaluate
solutions (Related Course







Objectives 3
-
5)











2. To apply appropriate mathematical procedures and








quantitative methods (Related Course Objectives 1
-
7)







3.


To read critically (Related Course Objectives 1
-
7)







4.

To operate a computer (Related Course Objectives 1
-
7)









K. Assessment of Student Learning
: 6 laboratory exercises @ 30 pts each


180







(participative & written)











Midterm Exam






60







Final Exam






60








Total Pos
sible Points



300

L. Library Resources:


Students are encouraged to use the resources of the various
computer labs on campus. Students are also encouraged to use
library resources.


Greg Holden (2004).

Guide to Firewalls and Network Security.

Bost
on, Mass
:

Thomson, Course Technology


Pfleeger, C. and Pfleeger, S.L. (2002)
Security in Computing.


Upper Saddle River, New Jersey: Pearson Education


Stallings, W. (2003).
Network Security Essentials.



Upper Saddle River, New Jersey: Pearson Educati
on

M. Topical Outline:


I.

Physical Security







1 week





A. Threats unique to physical security









B. Physical security monitoring components








C. Design, implementation and maintenance of countermeasures






II. Implementing Securi
ty







1 week



A. System Back
-
ups


B. Management Role in Policy Development


III. Security and Personnel








2 weeks



A. policies, standards, guidelines









B. accountability issues, user training









C. contractual securit
y


IV, Unix Security








1 week


A. Unix security architecture










V. Windows Security









1 week


A. systems management











B. registry











C. securing Windows

VI. Web Security









1 week




A. Browsers











B. CGI scripts











C. Cookies











D. Intellectual property protection









E. Surveillance software










VII. Introduction to Elements of Cryptography





2 weeks


A. Keys











B. Digi
tal certificates










C. Digital signatures











D. Digital watermarking


E. video watermarking

VIII. Database Security







1 week




A. Relational databases


B. Access control


1. Password policies


2 Role based, task based



C. Segregation of duties


IX. Di
stributed Systems Security






1 week


A. Setting up a virtual private network









X. Identification and Authentication





1 week


A. Kerberos












XI. Strengthening Defense Through O
ngoing Management



1 week




A. Security event management










B. Security auditing











C. Defense in depth









XII. Incident Response







1 week




A. Goals of a security incident response team








B. Response Process


XIII. Disaster
Recovery 1 week

A.

Basic Disaster Recovery Plans

B.

Preparation and Recovery

C. Classifications of Disasters

1.Information Warfare

2.Cyber
-
Attacks…types , responding to

D. Writi
ng Procedures

E. First Alert Procedures

1.Telecom & IT service providers

2.Communications

F. Resuming and Recovery of Operations

G. Business Continuity