Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Slides:



Advertisements
Similar presentations
1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Auditing Computer-Based Information Systems
Database Administration and Security Transparencies 1.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems
Security+ Guide to Network Security Fundamentals
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Chapter 19 Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
Business Intelligence: Data and Text Management Instructor: Bajuna Salehe Web:
10/5/1999Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
DATABASE ADMINISTRATION AND SECURITY
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.
Chapter 13: Data Security & Disaster Recovery Database Management Systems.
II.I Selected Database Issues: 1 - SecuritySlide 1/24 II. Selected Database Issues Part 1: Security Lecture 1 Lecturer: Chris Clack 3C13/D6.
© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
D ATABASE A DMINISTRATION L ECTURE N O 4 Muhammad Abrar.
Data and Database Administration
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Today’s Lecture Covers < Chapter 6 - IS Security
ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security and Transaction Nhi Tran CS 157B - Dr. Lee Fall, 2003.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Types of Electronic Infection
D ATABASE A DMINISTRATION L ECTURE N O 3 Muhammad Abrar.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
11/4/2012ISC239 Isabelle Bichindaritz1 Database Security.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
CSC271 Database Systems Lecture # 31. Summary: Previous Lecture  Remaining steps/activities in  Physical database design methodology  Monitoring and.
MBA 664 Database Management Dave Salisbury ( )
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
1 Chapter 7 Data Protection Data Recovery As with almost all complex forms of computer hardware and software, there is always the possibility.
Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.
Welcome to the ICT Department Unit 3_5 Security Policies.
Chapter Name September 98 Security by Adrienne Watt.
Securing Network Servers
Design for Security Pepper.
Security and Administration Transparencies
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Chapter 17 Risks, Security and Disaster Recovery
Managing Multi-user Databases
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Move this to online module slides 11-56
Database Security &Threats
DATABASE SECURITY For CSCL (BIM).
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Implementation of security elements in database
Presentation transcript:

Chapter 16 Security

2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The type of threats that can affect a database system. u How to protect a computer system using computer-based controls. u How to protect a computer system using non-computer-based controls. u The purpose and main stages of risk analysis. u The purpose of data protection and privacy laws.

4 Database Security u Data is a valuable resource that must be strictly controlled and managed, as with any corporate resource. u Part or all of the corporate data may have strategic importance and therefore needs to be kept secure and confidential. u Protection of the database against intentional or unintentional threats using computer-based or non-computer-based controls. u Security considerations do not only apply to the data held in a database. Breaches of security may affect other parts of the system, which may in turn affect the database.

6 Database Security Involves measures to avoid: u Theft and fraud u Loss of confidentiality (secrecy) u Loss of privacy u Loss of integrity u Loss of availability u Threat – Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization.

8 Examples of Threats

9 Summary of Threats to Computer Systems

10 Typical Multi-user Computer Environment

11 Countermeasures – Computer-Based Controls u Authorization u Views u Backup and recovery u Integrity u Encryption u Associated procedures

12 Countermeasures – Computer-Based Controls u Authorization – The granting of a right or privilege, which enables a subject to legitimately have access to a system or a system’s object. u Authentication – A mechanism that determines whether a user is, who he or she claims to be. u View – Is the dynamic result of one or more relational operations operating on the base relations to produce another relation. A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request.

14 Countermeasures – Computer-Based Controls u Backup – Process of periodically taking a copy of the database and log file (and possibly programs) to offline storage media. u Journaling – Process of keeping and maintaining a log file (or journal) of all changes made to database to enable effective recovery in event of failure. u Checkpointing – Point of synchronization between the database and the transaction log file. All buffers are force-written to secondary storage. u Integrity – Prevents data from becoming invalid, hence giving misleading or incorrect results.

16 Countermeasures – Computer-Based Controls u Encryption – The encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key. u Associated Procedures u Authorization and Authentication u Backup u Recovery u Audit u Installation of new application software u Installation/upgrading of system software

18 Countermeasures – Non-Computer- Based Controls u Concerned with matters such as policies, agreements, and other administrative controls and includes: – Security policy and contingency plan – Personnel controls – Secure positioning of equipment – Escrow agreements – Maintenance agreements – Physical access controls

19 Authentication - User and Group Identifiers Authentication – Access Control Matrix

21 Security Policy Coverage u The area of the business it covers. u Responsibilities and obligations of employees. u The disciplinary action that will result from breaches of the policy. u Procedures that must be followed.

22 Contingency Plan Coverage u Key personnel and how to contact. u Who decides contingency exists. u Technical requirements of transferring operations to other site(s). u Operational requirements of transferring operations to other site(s). u Any important external contacts. u Whether insurance exists to cover situation.

23 Escrow Agreement u Legal contract concerning software, made between developers and clients, whereby a third party holds the source code for the client’s applications. u Client can acquire source code if developer goes out of business, and ensures that the client is not left with non-maintainable systems. u Often overlooked and under-managed.

24 Escrow Agreement Issues u Type of contents deposited. u Update process and the timing. u Details of any third party software used. u Whether verification of the deposit is required. u Conditions governing the release of the deposit. u Details of the release process.

25 PC Security u Moved easily and normally located on employees’ desks - often no access controls other than those that apply to the building or area. u Security includes – Use of keyboard lock. – Use of user identifier and/or password. – Procedures to control access to floppy discs. – Procedures to reduce risk of virus infection.

26 Database and Web Security Measures u Proxy servers u Firewalls u Digital signatures u Message digest algorithms and digital signatures u Digital certificates u Kerberos u Secure sockets layer (SSL) and Secure HTTP (SHTTP)

27 Security in Statistical Databases u Typically used to generate statistical information on various populations of data. u Details of individual records should remain confidential and not be accessible. u Main problem is how to assess whether answers to legal queries can be used to infer the answer to illegal queries.

28 Security Strategies in Statistical Databases u Preventing queries on only few entries. u Randomly adding entries to query result set to produce an error but approximates to the true response. u Using only a random sample to answer query. u Maintaining query profile and rejecting queries that use a high number of records identical to those used in previous queries.

29 Stages of Risk Analysis u Establish a security team. u Define scope of analysis and obtain system details. u Identify all existing countermeasures. u Identify and evaluate all assets. u Identify and assess all threats and risks. u Select countermeasures, undertake a cost/benefit analysis, compare with existing countermeasures. u Make recommendations. u Test security system.

30 Data Protection and Privacy Laws u Concerns personal data and rights of individuals with respect to their personal data. u Legislation attempts to protect individuals from abuse, and to enable organizations (both public and private) to carry out their lawful activities or duties. u Privacy – Right of an individual not to have personal information collected, stored, and disclosed either will fully or indiscriminately. u Data protection – Protection of personal data from unlawful acquisition, storage, and disclosure, and provision of the safeguards to avoid the destruction or corruption of legitimate data

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.