Upload
carmella-mckinney
View
215
Download
1
Embed Size (px)
Citation preview
In Support of In Support of Security Security
StandardsStandardsRandy RobertsonRandy Robertson
Data SecurityData Security
Many companies use data for critical Many companies use data for critical functionsfunctions
Data often private or confidentialData often private or confidential Highest organizational priority is to Highest organizational priority is to
keep data from corruption or keep data from corruption or unauthorized accessunauthorized access
Most use Database Management Most use Database Management Systems to manage and secure dataSystems to manage and secure data
ProblemsProblems
Treatment of DataTreatment of Data Types of DataTypes of Data Different OrganizationsDifferent Organizations
Difficult to work with other Difficult to work with other companiescompanies
HIPAA legislation – just the HIPAA legislation – just the beginning?beginning?
ProblemsProblems
Many organizations have several Many organizations have several options when designing or updating options when designing or updating their database system.their database system. Each has different options and Each has different options and
configurationsconfigurations Difficult to select the right systemDifficult to select the right system
ResearchResearch
Iachello (2003)Iachello (2003) Argues for adding data protection Argues for adding data protection
standardsstandards EU more strict regarding data then U.S.EU more strict regarding data then U.S. Points raisedPoints raised
Regulations changing among different nationsRegulations changing among different nations Confusion regarding 3 areas of dataConfusion regarding 3 areas of data
LegislationLegislation TechnologyTechnology Process DesignProcess Design
ResearchResearch
Vieira (2005)Vieira (2005) Not all data is considered criticalNot all data is considered critical DBMS classificationDBMS classification
Security Class LevelSecurity Class Level Class 0 to Class 5Class 0 to Class 5
Security Requirements FulfillmentSecurity Requirements Fulfillment Percentage rating from 0 to 100Percentage rating from 0 to 100 Compares DBMS within the same class levelCompares DBMS within the same class level
SolutionSolution
Agree with both papersAgree with both papers Change in Vieira’s proposalChange in Vieira’s proposal
Add measure for past historyAdd measure for past history Flaws and VulnerabilitiesFlaws and Vulnerabilities
SolutionSolution
Standards BodyStandards Body Create a Security standardCreate a Security standard
Based on data levelsBased on data levels Create a DBMS rating systemCreate a DBMS rating system
Ability to merge with Security StandardAbility to merge with Security Standard
OrganizationOrganization Review Standards to classify data usedReview Standards to classify data used Select DBMS to meet the needsSelect DBMS to meet the needs
SolutionSolution
Security Standards BenefitsSecurity Standards Benefits Liability insurance could be easier and Liability insurance could be easier and
cheaper to purchase if standards are cheaper to purchase if standards are followedfollowed
Following standards may show due Following standards may show due diligence of the organization if they diligence of the organization if they have litigation due to a security breachhave litigation due to a security breach
SolutionSolution
DBMS Standards BenefitsDBMS Standards Benefits Allow organizations the ability to Allow organizations the ability to
identify and adapt security needs identify and adapt security needs quickly. quickly.
Can help companies do business in Can help companies do business in other countriesother countries
Can also satisfy requirements when Can also satisfy requirements when working with vendors or alliance working with vendors or alliance partners. partners.
SolutionSolution
Possible drawbacksPossible drawbacks Companies could be forced to update Companies could be forced to update
system and change DBMSsystem and change DBMS Costs incurred from upgradeCosts incurred from upgrade Possible attacks if not securePossible attacks if not secure
DBMS would probably not support DBMS would probably not support solutionsolution Highlight flaws and vulnerabilitiesHighlight flaws and vulnerabilities
Questions?Questions?