Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Slides:



Advertisements
Similar presentations
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
Advertisements

Data Modeling and Database Design Chapter 1: Database Systems: Architecture and Components.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Auditing Computer-Based Information Systems
Chapter 1 Security Architecture
Auditing Computer Systems
Security Controls – What Works
Chapter 1 – Introduction
Data - Information - Knowledge
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Systems Analysis and Design in a Changing World, 6th Edition
1 Chapter 2 Database Environment Transparencies © Pearson Education Limited 1995, 2005.
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
Data Management I DBMS Relational Systems. Overview u Introduction u DBMS –components –types u Relational Model –characteristics –implementation u Physical.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Chapter 5 Database Application Security Models
Chapter 2 Database Environment Pearson Education © 2014.
Computer Security: Principles and Practice
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Chapter 1 Introduction to Databases
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Introduction to Databases Transparencies 1. ©Pearson Education 2009 Objectives Common uses of database systems. Meaning of the term database. Meaning.
Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
SEC835 Database and Web application security Information Security Architecture.
Chapter 15 Database Administration and Security
Cryptography and Network Security
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Concepts of Database Management, Fifth Edition
CSC271 Database Systems Lecture # 4.
Security Architecture
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Database Systems: Design, Implementation, and Management Ninth Edition Chapter 15 Database Administration and Security.
Lecture # 3 & 4 Chapter # 2 Database System Concepts and Architecture Muhammad Emran Database Systems 1.
Information Security What is Information Security?
Prepared By Prepared By : VINAY ALEXANDER ( विनय अलेक्सजेंड़र ) PGT(CS),KV JHAGRAKHAND.
Bayu Adhi Tama, M.T.I 1 © Pearson Education Limited 1995, 2005.
Database Environment Session 2 Course Name: Database System Year : 2013.
Chapter 2 Securing Network Server and User Workstations.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Programming Logic and Design Fourth Edition, Comprehensive Chapter 16 Using Relational Databases.
Introduction to Information Security
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 15 Database Administration and Security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction to Databases Dr. Osama AL Rababah. Objectives In this capture you will learn: Some common uses of database systems. The characteristics of.
Chapter 2 Database Environment.
1 Database Environment. 2 Objectives of Three-Level Architecture u All users should be able to access same data. u A user’s view is immune to changes.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 1 Database Systems.
INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Information Systems Security
Outline Types of Databases and Database Applications Basic Definitions
Chapter 16 Database Administration and Security
Managing the IT Function
Chapter 2 Database Environment Pearson Education © 2009.
Chapter 8 Data Base Security
Systems Design Chapter 6.
Database Environment Transparencies
IS4680 Security Auditing for Compliance
Chapter 2 Database Environment Pearson Education © 2014.
Presentation transcript:

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture

Database Security and Auditing2 Objectives Define security Describe an information system and its components Define database management system functionalities Outline the concept of information security

Database Security and Auditing3 Objectives (continued) Identify the major components of information security architecture Define database security List types of information assets and their values Describe security methods

Database Security and Auditing4 Security Database security: degree to which data is fully protected from tampering or unauthorized acts Comprises information system and information security concepts

Database Security and Auditing5 Information Systems Wise decisions require: –Accurate and timely information –Information integrity Information system: comprised of components working together to produce and generate accurate information Categorized based on usage

Database Security and Auditing6 Information Systems (continued)

Database Security and Auditing7 Information Systems (continued)

Database Security and Auditing8 Information Systems (continued)

Database Security and Auditing9 Information Systems (continued) Information system components include: –Data –Procedures –Hardware –Software –Network –People

Database Security and Auditing10 Information Systems (continued)

Database Security and Auditing11 Information Systems (continued) Client/server architecture: –Based on the business model –Can be implemented as one-tier; two-tier; n-tier –Composed of three layers Tier: physical or logical platform Database management system (DBMS): collection of programs that manage database

Database Security and Auditing12 Information Systems (continued)

Database Security and Auditing13 Database Management Essential to success of information system DBMS functionalities: –Organize data –Store and retrieve data efficiently –Manipulate data (update and delete) –Enforce referential integrity and consistency –Enforce and implement data security policies and procedures –Back up, recover, and restore data

Database Security and Auditing14 Database Management (continued) DBMS components include: –Data –Hardware –Software –Networks –Procedures –Database servers

Database Security and Auditing15 Database Management (continued)

Database Security and Auditing16 Information Security Information is one of an organization’s most valuable assets Information security: consists of procedures and measures taken to protect information systems components C.I.A. triangle: confidentiality, integrity, availability Security policies must be balanced according to the C.I.A. triangle

Database Security and Auditing17 Information Security (continued)

Database Security and Auditing18 Confidentiality Addresses two aspects of security: –Prevention of unauthorized access –Information disclosure based on classification Classify company information into levels: –Each level has its own security measures –Usually based on degree of confidentiality necessary to protect information

Database Security and Auditing19 Confidentiality (continued)

Database Security and Auditing20 Integrity Consistent and valid data, processed correctly, yields accurate information Information has integrity if: –It is accurate –It has not been tampered with Read consistency: each user sees only his changes and those committed by other users

Database Security and Auditing21 Integrity (continued)

Database Security and Auditing22 Integrity (continued)

Database Security and Auditing23 Availability Systems must be always available to authorized users Systems determines what a user can do with the information

Database Security and Auditing24 Availability (continued) Reasons for a system to become unavailable: –External attacks and lack of system protection –System failure with no disaster recovery strategy –Overly stringent and obscure security policies –Bad implementation of authentication processes

Database Security and Auditing25 Information Security Architecture Protects data and information produced from the data Model for protecting logical and physical assets Is the overall design of a company’s implementation of C.I.A. triangle

Database Security and Auditing26 Information Security Architecture (continued)

Database Security and Auditing27 Information Security Architecture (continued) Components include: –Policies and procedures –Security personnel and administrators –Detection equipments –Security programs –Monitoring equipment –Monitoring applications –Auditing procedures and tools

Database Security and Auditing28 Database Security Enforce security at all database levels Security access point: place where database security must be protected and applied Data requires highest level of protection; data access point must be small

Database Security and Auditing29 Database Security (continued)

Database Security and Auditing30 Database Security (continued) Reducing access point size reduces security risks Security gaps: points at which security is missing Vulnerabilities: kinks in the system that can become threats Threat: security risk that can become a system breach

Database Security and Auditing31 Database Security (continued)

Database Security and Auditing32 Database Security (continued)

Database Security and Auditing33 Database Security Levels Relational database: collection of related data files Data file: collection of related tables Table: collection of related rows (records) Row: collection of related columns (fields)

Database Security and Auditing34 Database Security Levels (continued)

Database Security and Auditing35 Menaces to Databases Security vulnerability: a weakness in any information system component

Database Security and Auditing36 Menaces to Databases (continued)

Database Security and Auditing37 Menaces to Databases (continued) Security threat: a security violation or attack that can happen any time because of a security vulnerability

Database Security and Auditing38 Menaces to Databases (continued)

Database Security and Auditing39 Menaces to Databases (continued) Security risk: a known security gap intentionally left open

Database Security and Auditing40 Menaces to Databases (continued)

Database Security and Auditing41 Menaces to Databases (continued)

Database Security and Auditing42 Asset Types and Their Value Security measures are based on the value of each asset Types of assets include: –Physical –Logical –Intangible –Human

Database Security and Auditing43 Security Methods

Database Security and Auditing44 Security Methods (continued)

Database Security and Auditing45 Database Security Methodology

Database Security and Auditing46 Summary Security: level and degree of being free from danger and threats Database security: degree to which data is fully protected from unauthorized tampering Information systems: backbone of day-to-day company operations

Database Security and Auditing47 Summary (continued) DBMS: programs to manage a database C.I.A triangle: –Confidentiality –Integrity –Availability Secure access points Security vulnerabilities, threats and risks

Database Security and Auditing48 Summary (continued) Information security architecture –Model for protecting logical and physical assets –Company’s implementation of a C.I.A. triangle Enforce security at all levels of the database

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.