Database Security and Auditing PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document provides an overview of database security and auditing, including information systems. It details the important components and concepts related to securing data and information systems, making wise decisions. This presentation also covers security methodologies.
Full Transcript
Database Security and Auditing Chapter 1 Security Architecture Objectives Define security Describe an information system and its components Define database management system functionalities Outline the concept of information security Database S...
Database Security and Auditing Chapter 1 Security Architecture Objectives Define security Describe an information system and its components Define database management system functionalities Outline the concept of information security Database Security and Auditing 2 Objectives (continued) Identify the major components of information security architecture Define database security List types of information assets and their values Describe security methods Database Security and Auditing 3 Security Database security: the degree to which data is fully protected from tampering or unauthorized acts Includes information system and information security concepts Database Security and Auditing 4 Information Systems Wise decisions require: – Accurate and timely information – Information integrity Information system: included of components working together to produce and generate accurate information Categorized based on usage Database Security and Auditing 5 Information Systems (continued) Database Security and Auditing 6 Information Systems (continued) Database Security and Auditing 7 Information Systems (continued) Database Security and Auditing 8 Information Systems (continued) Information system components include: – Data – Procedures – Hardware – Software – Network – People Database Security and Auditing 9 Information Systems (continued) Database Security and Auditing 10 Database Management Essential to the success of information system DBMS functionalities: – Organize data – Store and retrieve data efficiently – Manipulate data (update and delete) – Enforce referential integrity and consistency – Enforce and implement data security policies and procedures – Back up, recover, and restore data Database Security and Auditing 11 Database Management (continued) DBMS components include: – Data – Hardware – Software – Networks – Procedures – Database servers Database Security and Auditing 12 Database Management (continued) Database Security and Auditing 13 Information Security Information is one of an organization’s most valuable assets Information security: consists of procedures and measures taken to protect information systems components C.I.A. triangle: confidentiality, integrity, availability Security policies must be balanced according to the C.I.A. triangle Database Security and Auditing 14 Information Security (continued) Database Security and Auditing 15 Confidentiality Addresses two aspects of security: – Prevention of unauthorized access – Information disclosure based on classification Classify company information into levels: – Each level has its own security measures – Usually based on the degree of confidentiality necessary to protect information Database Security and Auditing 16 Confidentiality (continued) Database Security and Auditing 17 Integrity Consistent and valid data, processed correctly, yields accurate information Information has integrity if: – It is accurate – It has not been tampered with Read consistency: each user sees only his changes and those committed by other users Database Security and Auditing 18 Integrity (continued) Database Security and Auditing 19 Integrity (continued) Database Security and Auditing 20 Availability Systems must be always available to authorized users Systems determine what a user can do with the information Database Security and Auditing 21 Availability (continued) Reasons for a system to become unavailable: – External attacks and lack of system protection – System failure with no disaster recovery strategy – Overly stringent and obscure security policies – Bad implementation of authentication processes Database Security and Auditing 22 Information Security Architecture Protects data and information produced from the data Is the overall design of a company’s implementation of C.I.A. triangle Database Security and Auditing 23 Information Security Architecture (continued) Components include: – Policies and procedures – Security staff and administrators – Detection equipment – Security programs – Monitoring equipment – Monitoring applications – Auditing procedures and tools Database Security and Auditing 24 Database Security Enforce security at all database levels Security access point: the place where database security must be protected and applied. Data requires the highest level of protection; data access points must be small. Database Security and Auditing 25 Database Security (continued) Database Security and Auditing 26 Database Security (continued) Reducing access point size reduces security risks Security gaps: points at which security is missing Vulnerabilities: kinks in the system that can become threats Threat: security risk that can become a system breach Database Security and Auditing 27 Database Security (continued) Database Security and Auditing 28 Database Security (continued) Database Security and Auditing 29 Database Security Levels Relational database: a collection of related data files Data file: a collection of related tables Table: a collection of related rows (records) Row: a collection of related columns (fields) Database Security and Auditing 30 Database Security Levels (continued) Database Security and Auditing 31 Menaces (Threats ) to Databases Security vulnerability: a weakness in any information system component Database Security and Auditing 32 Menaces to Databases (continued) Security threat: a security violation or attack that can happen at any time because of a security vulnerability Database Security and Auditing 33 Menaces to Databases (continued) Database Security and Auditing 34 Menaces to Databases (continued) Security risk: a known security gap intentionally left open Database Security and Auditing 35 Menaces to Databases (continued) Database Security and Auditing 36 Menaces to Databases (continued) Database Security and Auditing 37 Asset Types and Their Value Security measures are based on the value of each asset Types of assets include: – Physical – Logical – Intangible – Human Database Security and Auditing 38 Security Methods Database Security and Auditing 39 Security Methods (continued) Database Security and Auditing 40 Database Security Methodology Database Security and Auditing 41 Summary Security: level and degree of being free from danger and threats Database security: degree to which data is fully protected from unauthorized tampering Information systems: backbone of day-to-day company operations Database Security and Auditing 42 Summary (continued) DBMS: programs to manage a database C.I.A triangle: – Confidentiality – Integrity – Availability Secure access points Security vulnerabilities, threats and risks Database Security and Auditing 43 Summary (continued) Information security architecture – Model for protecting logical and physical assets – Company’s implementation of a C.I.A. triangle Enforce security at all levels of the database Database Security and Auditing 44