ITEC 645
Information Security, Privacy, and Reliability
1. Catalog Entry
ITEC 645
Information Security, Privacy, and Reliability
Credit hours (3)
Prerequisites: Admission into the Data and Information Management program, or permission
of instructor.
Advanced examination of the reliability, security and privacy issues in storage, transmission and processing of data. The course covers security of database management systems and the infrastructure on which they execute privacy issues and mechanisms that ensure reliability of enterprise database management systems.
2. Detailed Description of Course
1) Fundamentals of information security and privacy
a. Goals of security (confidentiality, integrity, availability, authentication,
non-repudiation and
accountability)
b. Vulnerabilities and exploits on DBMS and data sets (e.g., Programming flaws,
SQL injection,
statistical inference attacks)
c. Threat modeling and security analysis
2) Information Security with data storage and management
a. Cryptography (symmetric key, asymmetric key, secure hashes and modes of
operation)
b. Secure design principles (e.g., least privilege, complete mediation, separation
of privilege,
least common mechanism, defense in depth)
c. Authentication
d. Access control
e. Access logs
f. Security mechanisms (e.g., perimeter security, host based security)
g. Secure operations (backups, hardening distributed databases, disaster recovery,
business
continuity)
3) Privacy
a. Statistical inference attacks and controls
b. Legal issues (e.g. HIPAA, FERPA, ECPA)
4) Reliability
a. Failures
b. Fault tolerance
3. Detailed Description of Conduct of Course
This course will be delivered in a lecture and discussion format with demonstration and application of concepts using one or more enterprise level database management systems.
4. Goals and Objectives of the Course
Students who complete this course will be able to:
1) Enumerate the main goals of security and privacy including confidentiality,
integrity,
availability, authentication, non-repudiation and accountability.
2) Analyze and develop threat models for the security of database management systems,
networks and distributed database infrastructures.
3) Analyze and develop threat models on the privacy of data (such as inference
attacks).
4) Perform security analysis on centralized and distributed database installations
using techniques
such as the Open Source Security Testing Methodology (OSSTMM).
5) Describe and apply cryptographic algorithms, and mechanisms including secure
hashes, secret
key and public key cryptography, and their modes of operation to secure both
stored data and data
in transit across networks.
6) Describe and apply standard secure design principles including least privilege,
complete
mediation, least common mechanism, economy of mechanism, defense in depth,
reluctance to trust
and privacy to the different database installations.
7) Describe and deploy authentication, fine-grained access control and accountability
mechanisms
(such as access logs) on database management systems and distributed and centralized
database
installations.
8) Describe and deploy mechanisms that provide security such as intrusion detection
systems and privacy such as those that protect against statistical inference attacks
on databases.
9) Perform secure operations including backup, recovery and secure updates.
10) Administer security by enumerating the steps of risk management and developing
security
policies and plans such as acceptable usage policies, and business continuity
and disaster recovery
plan.
11) Enumerate and identify privacy issues of data taking into account the federal
and state laws
that govern privacy such as HIPAA, FERPA, and the Electronic Communication
and Privacy Act.
12) Describe reliability mechanisms to achieve fault tolerance in distributed
databases.
5. Assessment Measures
A significant component of the assessment must measure each individual student’s mastery of the conceptual and applied knowledge and skills described in the course objectives. Evaluations may include but are not limited to assignments, projects, presentations, quizzes, and examinations.
6. Other Course Information
None.
Review and Approval
April 23, 2014