A. Course Number and Title: DA 201 Operations and Database Security

Course Outline

A. Course Number and Title: DA 201 Operations and Database Security

Pre-requisite: DA 107 Introduction to Information Security

B. Curriculum: Information Technology (1492), Technical elective

C. Course Description: This course will cover fundamentals of operations and database security. Topics may include controls over hardware, software and backups, audits and monitoring, operations personnel, physical security concepts. Also security management and concepts of web security.

D. Duration of Instructional Period: 150 minutes/week/15 weeks – classroom 100 minutes/week/15 weeks – laboratory 3,750 minutes/semester (4) credit hours

E. Lecture/Lab/Credit Hours: 3-2-4

Security In Distributed Computing: Did You Lock the Door?

0-131-829084

G. Course Outcomes: Upon completion, the student will be able to: 1.Describe and understand how vulnerability scanning is used to pinpoint potential weaknesses in the infrastructure 2. Understand and demonstrate port scanning and vulnerability scanning 3. Assess hacker challenges, malicious break-ins and insider threats

4. Discuss encryption and steganography 5. Analyze the security issues that are specific to database systems 6. Identify and secure web exposures 7. Observe TCP/IP packet streams to understand zone based security

H. Program Competencies: 1. Demonstrate knowledge of a broad business and real world

perspectives of information technology 2. Demonstrate analytical and critical thinking skills 3. Demonstrate the ability to apply analytical and logical

thinking to gathering and analyzing information, designing

and testing solutions to problems and formulating plans 4. Demonstrate the ability to visualize and articulate complex

problems and concepts 5. Use and apply current technical concepts and practices in the

core information technologies 6. Design effective and usable IT-based solutions and integrate

those components into the user environment 7. Identify and evaluate current and emerging technologies and

assess their applicability to address the users’ needs 8. Demonstrate an understanding of best practices, standards and

their application 9. Demonstrate independent critical thinking and problem

solving skills 10. Communicate effectively and efficiently with clients, users

and peers both verbally and in writing, using appropriate

terminology

I. SUNY General Education Knowledge and Skills: NA

J. ECC Graduate Learning Outcomes (GLO): 1. To identify and logically analyze problems and issues

and to propose and evaluate solutions (Related Course Objectives 3-5) 2. To apply appropriate mathematical procedures and quantitative methods (Related Course Objectives 1-7) 3. To read critically (Related Course Objectives 1-7) 4. To operate a computer (Related Course Objectives 1-7)

K. Assessment of Student Learning: 6 laboratory exercises @ 30 pts each 180 (participative & written) Midterm Exam 60 Final Exam 60 Total Possible Points 300

L. Library Resources: Students are encouraged to use the resources of the various computer labs on campus. Students are also encouraged to use library resources.

Greg Holden (2004). Guide to Firewalls and Network Security. Boston, Mass: Thomson, Course Technology

Pfleeger, C. and Pfleeger, S.L. (2002) Security in Computing. Upper Saddle River, New Jersey: Pearson Education

Stallings, W. (2003). Network Security Essentials. Upper Saddle River, New Jersey: Pearson Education

M. Topical Outline:

I. Physical Security 1 week A. Threats unique to physical security B. Physical security monitoring components C. Design, implementation and maintenance of countermeasures

II. Implementing Security 1 week

A. System Back-ups

B. Management Role in Policy Development

III. Security and Personnel 2 weeks A. policies, standards, guidelines B. accountability issues, user training C. contractual security

IV, Unix Security 1 week

A. Unix security architecture

V. Windows Security 1 week A. systems management B. registry C. securing Windows

VI. Web Security 1 week A. Browsers B. CGI scripts C. Cookies D. Intellectual property protection E. Surveillance software

VII. Introduction to Elements of Cryptography 2 weeks A. Keys B. Digital certificates C. Digital signatures D. Digital watermarking

E. video watermarking

VIII. Database Security 1 week

A. Relational databases

B. Access control

1. Password policies

2 Role based, task based

C. Segregation of duties

IX. Distributed Systems Security 1 week A. Setting up a virtual private network

X. Identification and Authentication 1 week A. Kerberos

XI. Strengthening Defense Through Ongoing Management 1 week A. Security event management B. Security auditing C. Defense in depth

XII. Incident Response 1 week A. Goals of a security incident response team B. Response Process

XIII. Disaster Recovery 1 week

A. Basic Disaster Recovery Plans

B. Preparation and Recovery

C. Classifications of Disasters

1.Information Warfare

2.Cyber-Attacks…types , responding to

D. Writing Procedures

E. First Alert Procedures

1.Telecom & IT service providers

2.Communications

F. Resuming and Recovery of Operations

G. Business Continuity