Information Technology 645

ITEC 645
Information Security, Privacy, and Reliability

1. Catalog Entry

ITEC 645
Information Security, Privacy, and Reliability

Credit hours (3)
Prerequisites: Admission into the Data and Information Management program, or permission of instructor.

Advanced examination of the reliability, security and privacy issues in storage, transmission and processing of data. The course covers security of database management systems and the infrastructure on which they execute privacy issues and mechanisms that ensure reliability of enterprise database management systems.

2. Detailed Description of Course

    1) Fundamentals of information security and privacy
        a. Goals of security (confidentiality, integrity, availability, authentication, non-repudiation and
        b. Vulnerabilities and exploits on DBMS and data sets (e.g., Programming flaws, SQL injection,
             statistical inference attacks)
        c. Threat modeling and security analysis
    2) Information Security with data storage and management
        a. Cryptography (symmetric key, asymmetric key, secure hashes and modes of operation)
        b. Secure design principles (e.g., least privilege, complete mediation, separation of privilege,
           least common mechanism, defense in depth)
        c. Authentication
        d. Access control
        e. Access logs
        f. Security mechanisms (e.g., perimeter security, host based security)
        g. Secure operations (backups, hardening distributed databases, disaster recovery, business
    3) Privacy
        a. Statistical inference attacks and controls
        b. Legal issues (e.g. HIPAA, FERPA, ECPA)
    4) Reliability
        a. Failures
        b. Fault tolerance

3. Detailed Description of Conduct of Course

This course will be delivered in a lecture and discussion format with demonstration and application of concepts using one or more enterprise level database management systems.  

4. Goals and Objectives of the Course

Students who complete this course will be able to:
    1) Enumerate the main goals of security and privacy including confidentiality, integrity,
       availability, authentication, non-repudiation and accountability.
    2) Analyze and develop threat models for the security of database management systems,
       networks and distributed database infrastructures.  
    3) Analyze and develop threat models on the privacy of data (such as inference attacks).
    4) Perform security analysis on centralized and distributed database installations using techniques
       such as the Open Source Security Testing Methodology (OSSTMM).
    5) Describe and apply cryptographic algorithms, and mechanisms including secure hashes, secret
       key and public key cryptography, and their modes of operation to secure both stored data and data
       in transit across networks.
    6) Describe and apply standard secure design principles including least privilege, complete
       mediation, least common mechanism, economy of mechanism, defense in depth, reluctance to trust
       and privacy to the different database installations.
    7) Describe and deploy authentication, fine-grained access control and accountability mechanisms
       (such as access logs) on database management systems and distributed and centralized database
    8) Describe and deploy mechanisms that provide security such as intrusion detection systems and privacy such as those that protect against statistical inference attacks on databases.
    9) Perform secure operations including backup, recovery and secure updates.
    10) Administer security by enumerating the steps of risk management and developing security
        policies and plans such as acceptable usage policies, and business continuity and disaster recovery
    11) Enumerate and identify privacy issues of data taking into account the federal and state laws
        that govern privacy such as HIPAA, FERPA, and the Electronic Communication and Privacy Act.
    12) Describe reliability mechanisms to achieve fault tolerance in distributed databases.

5. Assessment Measures

A significant component of the assessment must measure each individual student’s mastery of the conceptual and applied knowledge and skills described in the course objectives. Evaluations may include but are not limited to assignments, projects, presentations, quizzes, and examinations.  

6. Other Course Information


Review and Approval

April 23, 2014