Untitled Quiz

Questions and Answers

What is meant by database security?

• The process of updating and deleting data
• The degree to which data is protected from tampering or unauthorized acts (correct)
• The capability to back up and restore data
• The ability to organize data effectively

Which of the following is NOT a component of an information system?

• Data
• Software
• Network
• Intellectual properties (correct)

What does the 'C' in the C.I.A. triangle represent?

• Control
• Compliance
• Connection
• Confidentiality (correct)

Which of the following is NOT a reason a system may become unavailable?

User requests (A)

Which functionalities are included in a Database Management System (DBMS)?

Organizing, storing, and retrieving data efficiently (B)

What does information security primarily aim to protect?

Information systems components (A)

What is essential for information to have integrity?

It must not be tampered with (A)

How should company information typically be classified?

According to the degree of confidentiality needed (C)

Which option best describes the value of information as an asset?

It provides a competitive advantage to organizations. (C)

Which element is NOT a part of the major components of information security architecture?

Sales and marketing strategies (B)

What aspect of confidentiality does information classification address?

Security measures for different levels (B)

Which of the following is a necessity for maintaining system availability?

A robust authentication process (A)

Which of the following is a key purpose of enforcing data security policies and procedures in a DBMS?

To control data access and maintain integrity (D)

In information system components, which of the following does NOT include a physical aspect?

Software (D)

What does the availability aspect of security ensure?

Systems are always functioning for authorized users (A)

What is one consequence of overly strict security policies?

System unavailability (D)

What is a primary objective of enforcing security at all database levels?

Protect data access points (A)

What component can be defined as a weakness in any information system component?

Security vulnerability (D)

Which of the following defines a security violation or attack that may occur at any time?

Security threat (D)

What does the C.I.A triangle in database security stand for?

Confidentiality, Integrity, Availability (D)

Which of the following is NOT one of the asset types mentioned in database security?

Digital (D)

What is a potential consequence of reducing data access point size?

Reduced security risks (A)

What term is used to describe known security gaps intentionally left open?

Security risk (C)

What do auditing procedures and tools help to maintain in a database security system?

Security accountability (D)

What is the definition of a relational database?

A collection of related data files (C)

What is an example of a human asset in the context of database security?

Database administrators (D)

Flashcards

Database Security

The protection of data from unauthorized access, modification, or destruction.

Information System

A collection of components (data, procedures, hardware, software, network, people) working together to produce accurate information.

DBMS Functionalities

Organizing, storing, retrieving, manipulating (updating/deleting), enforcing data integrity, security, and providing backups & restoration of data.

Information Security

Protecting information system components by using procedures and measures, including security policies and procedures.

Information Asset

Any data or information with value to an organization – ranging from customer data to financial reports

Security Architecture

A structure of components and procedures for ensuring information security.

Database Management System (DBMS)

Software to organize, manage, and retrieve data.

Security Methods

Techniques and measures to protect information assets. e.g., password protection, encryption.

CIA Triangle

A model for information security focusing on Confidentiality, Integrity, and Availability.

Confidentiality

Protecting information from unauthorized access and disclosure, based on its classification.

Integrity

Ensuring data accuracy and consistency; preventing unauthorized modification.

Availability

Ensuring authorized users can access information and systems when needed.

Security Policies

Rules and guidelines to protect information and systems, balanced according to CIA.

Data Classification

Categorizing information by its sensitivity level, to determine appropriate security measures.

Read Consistency

Ensuring each user only sees changes they made or those committed by others.

System Availability

Continual access to systems and information by authorized users.

Database Security

Protecting data from unauthorized access, modification, or destruction.

Security Access Point

Location where database security must be applied.

Security Gap

Points where security is missing in a system.

Security Threat

A risk that could breach a system security.

Security Vulnerability

A weakness in a system that can be exploited.

CIA Triangle

Confidentiality, Integrity, and Availability (in information security)

Relational Database

Database organized into related tables of data.

Data File

Collection of related tables.

Asset Value

Importance of data, considering its worth.

Information Security Architecture

Structure to protect assets.

Study Notes

Database Security and Auditing - Chapter 1: Security Architecture

• Objectives: Define security, describe information systems and their components, define database management system functionalities, outline the concept of information security, identify major components of information security architecture, define database security, list types of information assets and their values, describe security methods.

Security

• Database security: The degree to which data is fully protected from tampering or unauthorized acts.
• Includes: Information system and information security concepts.

Information Systems

• Wise decisions require: Accurate and timely information and information integrity.

• Information system: Components working together to generate accurate information.

• Categorized by usage:

  • Expert systems (ESS) — Long-term goals
  • Decision support systems (DSS) — Middle-level management
  • Management information systems (MIS) — Middle-level management
  • Transaction processing systems (TPS) — Lower-level management

• Components include: Data, Procedures, Hardware, Software, Network, People

Database Management

• Essential for information system success.

• DBMS functionalities:

  • Organize data
  • Store and retrieve data efficiently
  • Manipulate data (update/delete)
  • Enforce referential integrity and consistency
  • Enforce and implement data security policies and procedures
  • Back up, recover, and restore data

• DBMS components include: Data, Hardware, Software, Networks, Procedures, Database servers

Information Security

• Information is a valuable asset.
• Information security: Procedures and measures to protect information systems components.
• C.I.A. triangle: Confidentiality, Integrity, Availability.
• Security policies need balance.

Confidentiality

• Addresses: Prevention of unauthorized access and information disclosure based on classification.
• Classification levels: (e.g., Unclassified, External in-confidence, Internal in-confidence, Restricted, Classified)

Integrity

• Consistent and valid data: Processed correctly, yields accurate information.
• Information has integrity if:
  • It is accurate
  • It has not been tampered with
  • Read consistency: Each user sees only their changes and others committed.

Availability

• Systems must be available: To authorized users.
• Systems determine: User access to information.
• Reasons for system unavailability:
  • External attacks and lack of protection
  • System failure (lack of disaster recovery)
  • Overly stringent/obscure security policies
  • Poorly implemented authentication

Information Security Architecture

• Protects: Data and information
• Overall design: Company's implementation of the C.I.A. triangle
• Components include: Policies, procedures, security staff, detection equipment, security programs, monitoring equipment, auditing procedures & tools.

Database Security

• Enforce security: At all database levels.
• Security access point: Location where database security must be protected and applied.
• Data needs highest protection: Data access points should be small.
• Reducing access point size: Reduces security risks.
• Security gaps, vulnerabilities, threats: Points of missing security, system flaws, and potential breaches, respectively.

Database Security Levels

• Relational database: A collection of related data files.
• Data file: A collection of related tables.
• Table: A collection of related rows (records).
• Row: A collection of related columns (fields).

Menaces (Threats) to Databases

• Security vulnerability: Weakness in any information system component.
• Categories of database security vulnerabilities:
  • User mistakes
  • Software issues
  • Design and implementation flaws
  • Installation and configuration errors
• Security threat: Security violation or attack due to a vulnerability.
• Categories of database security threats:
  • People issues
  • Technological disasters
  • Malicious code
  • Natural disasters
• Security risk: Known security gap intentionally left open.

Asset Types and Their Value

• Security measures based on asset value.
• Types of assets: Physical, Logical, Intangible, Human

Security Methods

• Methods to protect components: (Examples in Table 1-6)

Database Security Methodology

• Database security implementation methodology (Example in Figure 1-16)

Summary

• Security: Level and degree of being free from danger and threats.
• Database security: Degree to which data is protected from unauthorized tampering.
• Information systems: Backbone of daily company operations.
• DBMS: Programs to manage databases.
• C.I.A. triangle: Confidentiality, Integrity, Availability.
• Secure access points, vulnerabilities, threats & risks: Important components for overall security.
• Information security architecture: A model protecting logical and physical assets.