Part 1_Operational Issues (Use) (1)
-
Upload
syafiq-fauzi -
Category
Documents
-
view
216 -
download
0
Transcript of Part 1_Operational Issues (Use) (1)
-
8/6/2019 Part 1_Operational Issues (Use) (1)
1/14
Operational Issues(Part 1)
Security Issues
Security FeaturesDBA Actions
-
8/6/2019 Part 1_Operational Issues (Use) (1)
2/14
Database integrity
Database integrity refers to acorrect processing of adatabase such as applying
the appropriate business ruleswhen performing a databaseoperation.
This ensures that thedatabases are notcompromised.
-
8/6/2019 Part 1_Operational Issues (Use) (1)
3/14
Database security
Database security on the otherhand refers to the vulnerabilityof the database to accidental
and/or intentional threats orerrors.
It is primarily concerned withaccess to a database:
who can access and what they
can access, and when they can access, and
from where.
-
8/6/2019 Part 1_Operational Issues (Use) (1)
4/14
-
8/6/2019 Part 1_Operational Issues (Use) (1)
5/14
1) Accidental losses, including human
error, software, and hardware-causedbreaches Establishing operating producers as
user authorization uniform softwareinstallation procedure and hardware
maintenance schedules are examplesof actions that may be taken toaddress threats from accidental losses.
As in any effort that involves humanbeings, some losses are inevitable, butwell thought our policies andprocedures should reduce the amountand severity of losses.
Of potentially more seriousconsequence are threats that are notaccidental.
-
8/6/2019 Part 1_Operational Issues (Use) (1)
6/14
2) Theft and fraud
These activities are going to perpetrate bypeople, quite possibly through electronicmeans, and may or may not alter data.
For example, control physical security, sothat unauthorized personnel are not ableto gain access to the machine room,should be established.
Data access policies that restrict alteringdata immediately prior to a payroll run willhelp to secure the data.
Establishment of a firewall to protectunauthorized access to inappropriate partsof database through outsidecommunication links is another example ofa security procedure that will hamperpeople who are intent of theft or fraud.
-
8/6/2019 Part 1_Operational Issues (Use) (1)
7/14
3) Loss of privacy or confidentiality Loss of privacy is usually taken to mean loss
of protection of data about individuals,while loss of confidentiality is usually takento mean loss of protection of criticalorganizational data, which may havestrategic value to the organization.
Failure to control privacy of informationmay lead to blackmail, bribery, publicembarrassment, or stealing of userpasswords.
Failure to control confidentiality may leadto loss of competitiveness.
State and federal laws now exist to requiresome types of organizations to create andcommunicate policies to ensure privacy ofcustomer and client data.
Security mechanisms must enforce thesepolicies, and failure to do so can meansignificant financial and reputation loss.
-
8/6/2019 Part 1_Operational Issues (Use) (1)
8/14
4) Loss of data integrity
When data is compromised,data will be invalid orcorrupted.
Unless data integrity is restoredthrough established backupand recovery procedures, anorganization may suffer serious
losses or make incorrect and
expensive decisions based onthe invalid data.
-
8/6/2019 Part 1_Operational Issues (Use) (1)
9/14
5) Loss of availability
Sabotage of hardware,networks, or applicationsmay cause the data to
become unavailable tousers, which again maylead to severe operationaldifficulties.
-
8/6/2019 Part 1_Operational Issues (Use) (1)
10/14
The most important security features of
data management software follow: Authorization Rules
Authorization or access control rules are rulesincorporated within a databasemanagement system (DBMS) to restrictaccess to data and operations (e.g., read,
write) on the data. The access rules specify who can access
and what data and what kind of tasks theycan perform.
The access control matrix is an attribute ofan organizations data, so it can be viewed
as a metadata. So, like the other metadata(e.g., table relationships, fields and theirtypes, validation rules), it should be storedand maintained in the DBMS repository. TheDBMS must protect not only the businessdata, but also the access control matrixwhich it uses to grant access to users.
-
8/6/2019 Part 1_Operational Issues (Use) (1)
11/14
Encryption Procedures Encryption techniques are used to protect highly
confidential or sensitive data (e.g., financialdata, police records), especially when they aretransmitted over communication or transmissionlines.
Encryption means coding or scrambling data toan unintelligible form so that those who read thedata cannot make any sense from it.
To read the data, the data must be decrypted,
i.e., decoded or unscrambled. That means a system that provides encryption
must also provide complementary decryptionroutines.
Both the encryption and decryption routinesmust also be protected from unauthorizedaccess.
Some DBMS provides routines that willautomatically encrypt the data when it is storedon a disk or transmitted over a communicationline.
Others allow users to write their ownencryption/decryption routines.
-
8/6/2019 Part 1_Operational Issues (Use) (1)
12/14
User-defined Procedures
Users can write their own proceduresto protect the data.
For example, they can writeprocedures to ensure that onlyauthorized personnel have access to
the data.
Usually this is accomplished by usingpasswords.
Users can also write procedures to
check the identity of the person(e.g., by using his or her identity card
or social security number, date ofbirth).
-
8/6/2019 Part 1_Operational Issues (Use) (1)
13/14
Authentication Schemes Passwords provide only limited security. They
may be stolen or guessed by trial and error. To overcome these weaknesses,
organizations may use biometric devices.
These devices are used to detect uniquepersonal characteristics such as voice,retina scan and fingerprints.
One way to implement this technique is byusing smart cards.
These cards can store the uniquecharacteristics of a user such as his/hervoice or fingerprint.
The users biometric data are thencompared with the previously stored value.If the data match, the user is grantedaccess to the system, and if they dont, theuser is denied access.
-
8/6/2019 Part 1_Operational Issues (Use) (1)
14/14
DBA privileged commands include commands forgranting and revoking privileges to individual
accounts, users, or user groups and performing thefollowing types of actions:
Account creation: This action creates anew account and password for a user or agroup of users to enable them to access
the DBMS. Privilege granting: This action permits the
DBA to grant certain privileges to certainaccounts.
Privilege revocation: This action permits theDBA to revoke (cancel) certain privilegesthat were previously given to certainaccounts.
Security level assignment: this actionconsists of assigning user accounts to theappropriate security classification level.