Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Security College of Alameda Copyright © 2007 Patrick McDermott Himeji Castle Hyogo, near Osaka Momoyama period c. 1601-1609.

Published byAmari Forester Modified over 9 years ago

Similar presentations

Presentation on theme: "Database Security College of Alameda Copyright © 2007 Patrick McDermott Himeji Castle Hyogo, near Osaka Momoyama period c. 1601-1609."— Presentation transcript:

1 Database Security College of Alameda pmcdermott@peralta.edu Copyright © 2007 Patrick McDermott Himeji Castle Hyogo, near Osaka Momoyama period c. 1601-1609

2 Database Security “Protection of database data against accidental or intentional loss, destruction, or misuse.” —Modern Database Management “Your goal as a database developer is to adequately protect your database and the information it contains, without imposing unnecessary restrictions on the people who use it. The type of security required to protect a database depends on how many people are using it and where it is stored.” —Steve Lambert

3 From a Job Posting Because of the increasing levels of hacking and the sensitive nature of data stored, security and disaster recovery have become increasingly important aspects of the work.

4 Threats 1.Accidental Loss –Human Error, Hardware/Software Failure 2.Theft & Fraud 3.Loss of Privacy/Confidentiality 4.Loss of Data Integrity 5.Loss of System Availability –For critical systems, lose sales, customers

5 Physical “Act of God” Earthquake Fire Flood Disk Failure “Act of (Hu-)Man” Hacker Cracker DoS –Denial of Service Programmer Error

6 Levels Hardware Operating System Database Management System Software Applications Program Network People Procedures –Twin for Signatures, Overrides, etc. –Only Supervisor Adds Vendors

7 Physical Protection Video Surveillance (Eye in the Sky) Token Devices: Key, card, etc. you must have to gain access Biometrics: Fingerprint, Retina Policy: >= 2 people in the room Policy re removal of Hardware/Software

8 Privacy “Get over it. You have no Privacy.” — Scott McNealy of Sun Microsystems Customer/Employee Confidential Data Fiduciary Responsibility –Legal –“Due Diligence” Ethical Business Impact –Embarrassment –Loss of Trust

9 Privilege Grant Revoke System Object View Security Classes/Groups

10 Logs & Audit Trails Camera doesn’t prevent crime, It witnesses Log Records Changes Every Credit Card Number Access Audit Trail any Sensitive Actions Someone Should Review

11 Data Encryption You can encrypt a database, which does not prevent it from being opened and viewed in Access, but does keep people who don’t have a copy of Access from reading or making sense of the data.

12 If They Don’t Know You If there is no info about you, they’re crooks –Login pmcdermott, don’t know it’s Patrick Too good the be True –Nigerian $$$Millions Don’t Click: You find the website –If FBI calls, say “I’ll call you” Get number from Phone Book

13 Pass- Word/Code Login Credentials Different for each System Not in any Dictionary Change Frequently Arbitrary, thus not deducible Type I vs. Type II Errors Security vs. Sharing Can’t Remember

14 The Data that wouldn’t Die!!! “Erased” data is merely de-referenced: It’s still there! Printouts, Listings Search employees but not the mail Nuclear password: 235 shredder 1.0 Mark Napier

15 Backup Remote Site Not in Same Earthquake Zone Nuclear War Plan: Forgettaboutit If you have it, you won’t need it. If you need it, you won’t have it.

16 Honey Pot To attract Hackers Catch Mislead Distract Red Spy vs. Blue Spy  “I know”  “I know he knows”  “I know he knows I know”  “I know he knows I know he knows”  “I know he knows I know he knows I know”  I Didn’t Know That!

17 My SSN Rant “I believe recent business practices to exploit the Internet have directly enabled identity theft to proliferate. When ID theft occurs, the institution that granted the credit using what in the previous history of banking would have been unthinkable negligence should have to compensate the victim, as opposed to the current system where the victim is lucky if the institution, after considerable effort and hassle, will even correct their records.” —Patrick McDermott

Download ppt "Database Security College of Alameda Copyright © 2007 Patrick McDermott Himeji Castle Hyogo, near Osaka Momoyama period c. 1601-1609."

Similar presentations

1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.

1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
CIT 1100. In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Computer Security and Risks 11.  2001 Prentice Hall11.2 Chapter Outline On-line Outlaws: Computer Crime Computer Security: Reducing Risks Security, Privacy,

Computer Security and Risks 11.  2001 Prentice Hall11.2 Chapter Outline On-line Outlaws: Computer Crime Computer Security: Reducing Risks Security, Privacy,
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Chapter 10 Privacy and Security McGraw-Hill

Chapter 10 Privacy and Security McGraw-Hill
Chapter 10 Privacy and Security.

Chapter 10 Privacy and Security.
Public Information Online. Timothy WhitneyCaroline Aaron.

Public Information Online. Timothy WhitneyCaroline Aaron.
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.

Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
Chapter 12 Information Security Management © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter 12 Information Security Management © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Sixth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 10 Privacy and Security.

McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 10 Privacy and Security.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved. 10-2 Competencies Describe concerns associated with computer.

1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved Competencies Describe concerns associated with computer.

Similar presentations

Ads by Google