L1 Security and Administration: selected database issues, Study notes of Computer Security

Outline<br />Scope of Database Security<br />Countermeasures Computer­Based Controls<br />Security measures <br />Data Administration and Database Administration<br />Legal and Ethical issues

Typology: Study notes

2011/2012

Uploaded on 04/03/2012

nguyenhuonghhtb
nguyenhuonghhtb 🇻🇳

1 document

1 / 26

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Based on text of (Connolly and Begg) and Dr. Ala Al-
Zobaidie’s slides
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a

Partial preview of the text

Download L1 Security and Administration: selected database issues and more Study notes Computer Security in PDF only on Docsity!

Based on text of (Connolly and Begg) and Dr. Ala Al-

Zobaidie’s slides

Outline

Scope of Database Security

Countermeasures Computer-Based Controls

Security measures

Data Administration and Database Administration

Legal and Ethical issues

Intellectual Property

Database Design and

Situation

Theft and fraud

Loss of confidentiality

Loss of privacy

Loss of integrity

Loss of availability

Database Design and

Threats

Caused by situation or event: a person, action

or circumstance

Harm to an organization:

Tangible:

 (^) Loss of hardware, software or data

Intangible:

 (^) Loss of credibility  (^) Client confidence Database Design and

Potential threats to computer systems Database Design and Implementation FPT Greenwich 7  (^) Hardware  (^) Fire/flood/bombs…

 DDBMSs and

Application Software

 Failure of security

mechanism…

 (^) Communication Networks  (^) Wire tapping…  (^) Database  (^) Theft of data … Users Using another person’s means of access … Programmers/ Operators Creating trapdoors … Data/Database Administrator Inadequate security policies and

Countermeasures-Computer-Based Controls Representation of a typical multi- user computer environment Database Design and

Encryption

Insecure

external

network

(e.g., Internet)

Encryption

Firewall

DBMS Server

Authorization

and

access

control

Secure internal

network

(intranet)

Local client

Remote client

Security in MS Office Access DBMS Splitting the DB; Setting a password for DB; Trusting (enabling) the disabled content in DB; Packing, signing, and deploying the DB; Database Design and

Security in Oracle DBMS

Privileges

System privileges

Object privileges

Roles

Database Design and

DBMSs and Web Security

Proxy Server

Improve performance;

Filter requests;

Firewall

Packet filter;

Application gateway;

Circuit-level gateway;

Proxy server;

Database Design and

DBMSs and Web Security

Message Digest Algorithms and Digital

Signatures

Digital Certificates

Kerberos

Secure Sockets Layer (SSL) and Secure HTTP

Secure Electronic Transactions (SET) and

Secure Transaction Technology (STT)

Java Security

ActiveX Security

Database Design and

Data Administrator (DA)

Database Design and

Database planning

Development

Maintenance of standards

Policies and procedures

Conceptual and logical database design

Database Administrator

(DBA)

Database Design and

Physical database design

Implementation

Setting security and integrity controls

Monitoring system performance

Reorganizing the database

Comparison of DA and

DBA

DA

Database Design and

DBA

Develops conceptual and

logical database design

Develops and maintains

corporate data model

Coordinates system

development

Managerial orientation

DBMS-independent

Develops logical and

physical database

design

Implements physical

database design

Monitors and controls

database

Technical orientation

DBMS-dependent

Professional, Legal, and Ethical Issues in Data Management Ethical and Legal issues in IT Intellectual Property (IP) Database Design and