Untitled Quiz

Questions and Answers

What is meant by database security?

The process of updating and deleting data

The degree to which data is protected from tampering or unauthorized acts (correct)

The capability to back up and restore data

The ability to organize data effectively

Which of the following is NOT a component of an information system?

Data

Software

Network

Intellectual properties (correct)

What does the 'C' in the C.I.A. triangle represent?

Control

Compliance

Connection

Confidentiality (correct)

Which of the following is NOT a reason a system may become unavailable?

User requests

Which functionalities are included in a Database Management System (DBMS)?

Organizing, storing, and retrieving data efficiently

What does information security primarily aim to protect?

Information systems components

What is essential for information to have integrity?

It must not be tampered with

How should company information typically be classified?

According to the degree of confidentiality needed

Which option best describes the value of information as an asset?

It provides a competitive advantage to organizations.

Which element is NOT a part of the major components of information security architecture?

Sales and marketing strategies

What aspect of confidentiality does information classification address?

Security measures for different levels

Which of the following is a necessity for maintaining system availability?

A robust authentication process

Which of the following is a key purpose of enforcing data security policies and procedures in a DBMS?

To control data access and maintain integrity

In information system components, which of the following does NOT include a physical aspect?

Software

What does the availability aspect of security ensure?

Systems are always functioning for authorized users

What is one consequence of overly strict security policies?

System unavailability

What is a primary objective of enforcing security at all database levels?

Protect data access points

What component can be defined as a weakness in any information system component?

Security vulnerability

Which of the following defines a security violation or attack that may occur at any time?

Security threat

What does the C.I.A triangle in database security stand for?

Confidentiality, Integrity, Availability

Which of the following is NOT one of the asset types mentioned in database security?

Digital

What is a potential consequence of reducing data access point size?

Reduced security risks

What term is used to describe known security gaps intentionally left open?

Security risk

What do auditing procedures and tools help to maintain in a database security system?

Security accountability

What is the definition of a relational database?

A collection of related data files

What is an example of a human asset in the context of database security?

Database administrators

Study Notes

Database Security and Auditing - Chapter 1: Security Architecture

• Objectives: Define security, describe information systems and their components, define database management system functionalities, outline the concept of information security, identify major components of information security architecture, define database security, list types of information assets and their values, describe security methods.

Security

• Database security: The degree to which data is fully protected from tampering or unauthorized acts.
• Includes: Information system and information security concepts.

Information Systems

• Wise decisions require: Accurate and timely information and information integrity.

• Information system: Components working together to generate accurate information.

• Categorized by usage:

  • Expert systems (ESS) — Long-term goals
  • Decision support systems (DSS) — Middle-level management
  • Management information systems (MIS) — Middle-level management
  • Transaction processing systems (TPS) — Lower-level management

• Components include: Data, Procedures, Hardware, Software, Network, People

Database Management

• Essential for information system success.

• DBMS functionalities:

  • Organize data
  • Store and retrieve data efficiently
  • Manipulate data (update/delete)
  • Enforce referential integrity and consistency
  • Enforce and implement data security policies and procedures
  • Back up, recover, and restore data

• DBMS components include: Data, Hardware, Software, Networks, Procedures, Database servers

Information Security

• Information is a valuable asset.
• Information security: Procedures and measures to protect information systems components.
• C.I.A. triangle: Confidentiality, Integrity, Availability.
• Security policies need balance.

Confidentiality

• Addresses: Prevention of unauthorized access and information disclosure based on classification.
• Classification levels: (e.g., Unclassified, External in-confidence, Internal in-confidence, Restricted, Classified)

Integrity

• Consistent and valid data: Processed correctly, yields accurate information.
• Information has integrity if:
  • It is accurate
  • It has not been tampered with
  • Read consistency: Each user sees only their changes and others committed.

Availability

• Systems must be available: To authorized users.
• Systems determine: User access to information.
• Reasons for system unavailability:
  • External attacks and lack of protection
  • System failure (lack of disaster recovery)
  • Overly stringent/obscure security policies
  • Poorly implemented authentication

Information Security Architecture

• Protects: Data and information
• Overall design: Company's implementation of the C.I.A. triangle
• Components include: Policies, procedures, security staff, detection equipment, security programs, monitoring equipment, auditing procedures & tools.

Database Security

• Enforce security: At all database levels.
• Security access point: Location where database security must be protected and applied.
• Data needs highest protection: Data access points should be small.
• Reducing access point size: Reduces security risks.
• Security gaps, vulnerabilities, threats: Points of missing security, system flaws, and potential breaches, respectively.

Database Security Levels

• Relational database: A collection of related data files.
• Data file: A collection of related tables.
• Table: A collection of related rows (records).
• Row: A collection of related columns (fields).

Menaces (Threats) to Databases

• Security vulnerability: Weakness in any information system component.
• Categories of database security vulnerabilities:
  • User mistakes
  • Software issues
  • Design and implementation flaws
  • Installation and configuration errors
• Security threat: Security violation or attack due to a vulnerability.
• Categories of database security threats:
  • People issues
  • Technological disasters
  • Malicious code
  • Natural disasters
• Security risk: Known security gap intentionally left open.

Asset Types and Their Value

• Security measures based on asset value.
• Types of assets: Physical, Logical, Intangible, Human

Security Methods

• Methods to protect components: (Examples in Table 1-6)

Database Security Methodology

• Database security implementation methodology (Example in Figure 1-16)

Summary

• Security: Level and degree of being free from danger and threats.
• Database security: Degree to which data is protected from unauthorized tampering.
• Information systems: Backbone of daily company operations.
• DBMS: Programs to manage databases.
• C.I.A. triangle: Confidentiality, Integrity, Availability.
• Secure access points, vulnerabilities, threats & risks: Important components for overall security.
• Information security architecture: A model protecting logical and physical assets.