Database Security and Auditing: Protecting Data Integrity and Accessibility - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Database Security and Auditing: Protecting Data Integrity and Accessibility

Description:

Information security: consists of procedures and measures taken to protect ... Vulnerabilities: kinks in the system that can become threats ... – PowerPoint PPT presentation

Number of Views:131
Avg rating:3.0/5.0
Slides: 21
Provided by: rafa116
Category:

less

Transcript and Presenter's Notes

Title: Database Security and Auditing: Protecting Data Integrity and Accessibility


1
Database Security and Auditing Protecting Data
Integrity and Accessibility
  • Chapter 1
  • Overview of Security Architecture

2
Information Security
  • Information security consists of procedures and
    measures taken to protect information systems
    components
  • C.I.A. triangle confidentiality, integrity,
    availability form the heart of Info security
  • Security policies must be balanced according to
    the C.I.A. triangle

3
Information Security (continued)
4
Confidentiality
  • Addresses two aspects of security
  • Prevention of unauthorized access
  • Information disclosure is based on classification
  • Classify company information into levels
  • Each level has its own security measures
  • Usually based on degree of confidentiality
    necessary to protect information
  • And/or role based access controls

5
Confidentiality (continued)
6
Integrity
  • Consistent and valid data, processed correctly,
    yields accurate information
  • Information has integrity if
  • It is accurate
  • It has not been tampered with
  • Read consistency each user sees only his changes
    and those committed by other users

7
Integrity (continued)
8
Integrity (continued)
9
Availability
  • Systems must be always available to authorized
    users
  • Systems determine what a user can do with the
    information
  • Reasons for a system to become unavailable
  • External attacks and lack of system protection
  • System failure with no disaster recovery strategy
  • Overly stringent and obscure security policies
  • Bad implementation of authentication processes

10
Information Security Architecture
  • Protects data and information produced from the
    data
  • Model for protecting logical and physical assets
  • Is the overall design of a companys
    implementation of C.I.A. triangle

11
Information Security Architecture (continued)
12
Information Security Architecture (continued)
  • Components include
  • Policies and procedures
  • Security personnel and administrators
  • Detection equipment
  • Security programs
  • Monitoring equipment
  • Monitoring applications
  • Auditing procedures and tools

13
Database Security
  • Enforce security at all database levels
  • Security access point place where database
    security must be protected and applied
  • Data requires highest level of protection data
    access point must be small

14
Database Security (continued)
15
Database Security (continued)
  • Reducing access point size reduces security risks
  • Security gaps points at which security is
    missing
  • Vulnerabilities kinks in the system that can
    become threats
  • Threat security risk that can become a system
    breach

16
Database Security (continued)
Value of asset and its likelihood of being
attacked determine - amount of acceptable
security risk - amount the organization will
spend to reduce risk
17
Database Security Levels (continued)
Finest level of Op. Sys. Access Control
Level of Access Control Available With RDBMS
18
Security Methods
19
Security Methods (continued)
20
Database Security Methodology
Write a Comment
User Comments (0)
About PowerShow.com