Part 1_Operational Issues (Use) (1)

8/6/2019 Part 1_Operational Issues (Use) (1)

1/14

Operational Issues(Part 1)

Security Issues

Security FeaturesDBA Actions


2/14

Database integrity

Database integrity refers to acorrect processing of adatabase such as applying

the appropriate business ruleswhen performing a databaseoperation.

This ensures that thedatabases are notcompromised.


3/14

Database security

Database security on the otherhand refers to the vulnerabilityof the database to accidental

and/or intentional threats orerrors.

It is primarily concerned withaccess to a database:

who can access and what they

can access, and when they can access, and

from where.


4/14


5/14

1) Accidental losses, including human

error, software, and hardware-causedbreaches Establishing operating producers as

user authorization uniform softwareinstallation procedure and hardware

maintenance schedules are examplesof actions that may be taken toaddress threats from accidental losses.

As in any effort that involves humanbeings, some losses are inevitable, butwell thought our policies andprocedures should reduce the amountand severity of losses.

Of potentially more seriousconsequence are threats that are notaccidental.


6/14

2) Theft and fraud

These activities are going to perpetrate bypeople, quite possibly through electronicmeans, and may or may not alter data.

For example, control physical security, sothat unauthorized personnel are not ableto gain access to the machine room,should be established.

Data access policies that restrict alteringdata immediately prior to a payroll run willhelp to secure the data.

Establishment of a firewall to protectunauthorized access to inappropriate partsof database through outsidecommunication links is another example ofa security procedure that will hamperpeople who are intent of theft or fraud.


7/14

3) Loss of privacy or confidentiality Loss of privacy is usually taken to mean loss

of protection of data about individuals,while loss of confidentiality is usually takento mean loss of protection of criticalorganizational data, which may havestrategic value to the organization.

Failure to control privacy of informationmay lead to blackmail, bribery, publicembarrassment, or stealing of userpasswords.

Failure to control confidentiality may leadto loss of competitiveness.

State and federal laws now exist to requiresome types of organizations to create andcommunicate policies to ensure privacy ofcustomer and client data.

Security mechanisms must enforce thesepolicies, and failure to do so can meansignificant financial and reputation loss.


8/14

4) Loss of data integrity

When data is compromised,data will be invalid orcorrupted.

Unless data integrity is restoredthrough established backupand recovery procedures, anorganization may suffer serious

losses or make incorrect and

expensive decisions based onthe invalid data.


9/14

5) Loss of availability

Sabotage of hardware,networks, or applicationsmay cause the data to

become unavailable tousers, which again maylead to severe operationaldifficulties.


10/14

The most important security features of

data management software follow: Authorization Rules

Authorization or access control rules are rulesincorporated within a databasemanagement system (DBMS) to restrictaccess to data and operations (e.g., read,

write) on the data. The access rules specify who can access

and what data and what kind of tasks theycan perform.

The access control matrix is an attribute ofan organizations data, so it can be viewed

as a metadata. So, like the other metadata(e.g., table relationships, fields and theirtypes, validation rules), it should be storedand maintained in the DBMS repository. TheDBMS must protect not only the businessdata, but also the access control matrixwhich it uses to grant access to users.


11/14

Encryption Procedures Encryption techniques are used to protect highly

confidential or sensitive data (e.g., financialdata, police records), especially when they aretransmitted over communication or transmissionlines.

Encryption means coding or scrambling data toan unintelligible form so that those who read thedata cannot make any sense from it.

To read the data, the data must be decrypted,

i.e., decoded or unscrambled. That means a system that provides encryption

must also provide complementary decryptionroutines.

Both the encryption and decryption routinesmust also be protected from unauthorizedaccess.

Some DBMS provides routines that willautomatically encrypt the data when it is storedon a disk or transmitted over a communicationline.

Others allow users to write their ownencryption/decryption routines.


12/14

User-defined Procedures

Users can write their own proceduresto protect the data.

For example, they can writeprocedures to ensure that onlyauthorized personnel have access to

the data.

Usually this is accomplished by usingpasswords.

Users can also write procedures to

check the identity of the person(e.g., by using his or her identity card

or social security number, date ofbirth).


13/14

Authentication Schemes Passwords provide only limited security. They

may be stolen or guessed by trial and error. To overcome these weaknesses,

organizations may use biometric devices.

These devices are used to detect uniquepersonal characteristics such as voice,retina scan and fingerprints.

One way to implement this technique is byusing smart cards.

These cards can store the uniquecharacteristics of a user such as his/hervoice or fingerprint.

The users biometric data are thencompared with the previously stored value.If the data match, the user is grantedaccess to the system, and if they dont, theuser is denied access.


14/14

DBA privileged commands include commands forgranting and revoking privileges to individual

accounts, users, or user groups and performing thefollowing types of actions:

Account creation: This action creates anew account and password for a user or agroup of users to enable them to access

the DBMS. Privilege granting: This action permits the

DBA to grant certain privileges to certainaccounts.

Privilege revocation: This action permits theDBA to revoke (cancel) certain privilegesthat were previously given to certainaccounts.

Security level assignment: this actionconsists of assigning user accounts to theappropriate security classification level.

Documents

Part 1_Operational Issues (Use) (1)