

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Databases, Database Introduction, Importance of Databases, Enterprise Resource Planning, Problems with ERP, Database Security Breaches, Privacy Rights Clearinghouse, Data Access Risks, Computer Crime, Security Survey are some important points from lecture handout of Resource Management.
Typology: Study notes
1 / 3
This page cannot be seen from the preview
Don't miss anything!


Database Introduction
Centralized and Structured collection of data stored in a computer system
An electronic filing system
Easy access to information
Importance of Databases
Provide a convenient means of storing large amounts of data.
Quick access to information allowing for sorting, searching, viewing and manipulating.
Efficiency.
Enterprise Resource Planning
Enterprise Resource Planning - ERP is an application system that integrates a company’s business processes and financial data in one platform.
Massive Database that encompasses the entire business operations.
Problems with ERP
There is a shortage of staff members trained in ERP security.
Implementers pay inadequate attention to ERP security during deployment.
ERP tools for security audit are inadequate.
The customization of ERP systems to firms inhibits the development of standardized security solutions.
Database Security Breaches
Data loss can cost a company significant losses in revenue, integrity, and bring on unwanted litigation.
As noted in a 2007 survey, 85 percent of businesses have experienced a data security breach.
The estimated breaches have cost US $182 per compromised record.
Data breaches remain the leading cause of financial losses.
A survey conducted in 2007 revealed that 40 percent of companies are not monitoring their databases for suspicious activity.
Privacy Rights Clearinghouse. www.privacyrights.org
Data Access Risks
External
◦ Gaining access from outside the company.
Internal
◦ Employee who should not have access, gains access
◦ Employee abuses their access privileges.
2007 Computer Crime and Security Survey:
◦ Insider abuse of net access- 59 percent
◦ Unauthorized access to information- 25 percent
◦ Theft of customer or employee data- 17 percent
Data Access Controls
Perimeter Controls
◦ Keep people on the outside from gaining access.
User identity and access management
◦ Who is allowed to do what.
◦ Ensure things are as they are supposed to be.
Application systems
◦ Independent audit software tools.
Privileged Users
◦ Physical and logical controls within and outside their sphere of operational control are needed to provide evidence of their actions.
Auditing Databases – Preliminary Steps
Review prior report if there is one.
Obtain important information from database environment
Talk to database administrators
Identify significant risks and key controls that mitigate these risks.