...IST 792 paper 2 Database security is a growing concern evidenced by an increase in the number of reported incidencets of loss of unauthorized exposure to sensitive data. As the amount of data collected, retained, and shared electronically expands, so does the need to understand database security. (Murray, 2010) Database security concerns the use of a broad range of information security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links) against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security,information security and risk management. Security risks to database systems include, for example: * Unauthorized or unintended activity or misuse by authorized database users, database administrators, or network/systems managers, or by unauthorized users or hackers (e.g. inappropriate access to sensitive data, metadata or functions within databases, or inappropriate changes to the database programs, structures or security configurations); * Malware infections causing incidents such as unauthorized access, leakage or disclosure of personal or proprietary data, deletion of or damage to the data or programs, interruption or denial of...
Words: 524 - Pages: 3
...Database Design DBM502 – Database Management March 24th, 2014 University of Phoenix Professor: Sam Haidar EzStream This paper will provide an overview of the database to be utilized for the startup company EzStream Inc. The core business of EzStream is to provide a complete solution to stream media content via online or WIFI. Customers will have the choice to rent, buy, or pay a monthly subscription to watch media content. Several components will break down the development of the database and provide details to the database infrastructure. Conceptual Design The conceptual design of EzStream’s DB will consist of Movies, Suppliers, and Customers. Customers will either rent or purchase movies, and have the option of paying a monthly subscription rate to watch movies via digital streaming. Data Analysis and Requirements * Tasks during Research and Analysis: * Identify essential "real world" information (e.g. interviews) * Remove redundant, unimportant details * Clarify unclear natural language statements * Fill remaining gaps in discussions * Distinguish data and operations Requirement Analysis First step: filter essential information vs unimportant details * Essentials * There are customers, suppliers, and media content * Identify age of audience for rentals * Customers have a customer identification number * Four weeks maximal rental time. * Unimportant details * "...Rentals since a few...
Words: 1876 - Pages: 8
...and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting...
Words: 426 - Pages: 2
...implementation is through access control lists. Discretionary access control is required for the Orange Book “C” Level. Mandatory (MAC) Much more structured. Is based on security labels and classifications. Access decisions are based on clearance level of the data and clearance level of the user, and, classification of the object. Rules are made by management, configured by the administrators and enforced by the operating system. Mandatory access control is required for the Orange Book “B” Level. Role-Based (RBAC) Continually administered set of controls by role within organization. Access rights assigned to roles – not directly to users. Roles are tighter controlled than groups - a user can only have one role. Can use different types of RBAC Role-based Role within organization. Task-based Specific task assigned to the user. Lattice-based Upper and Lower bounds Access Control Techniques and Technologies Once a company decides on the access control model to use, the technologies and techniques to implement that model need to be determined Role-based Can be used with MAC – Labels assigned to roles. Or with non-discretionary controls such as NT Groups. Rule-based Example - Router or firewall rules – user cannot change. • Restricted interfaces Menus and shells –ATM machine Database views Physically constrained interfaces. • Access Control Matrix Table of subjects and objects indicating access. • Capability Tables Specifies the access a...
Words: 1719 - Pages: 7
...of a benefit election system to support the tracking and reporting of employee (union and non-union) benefits (Apollo Group Inc., 2011). With the new benefit system coming online brings new security requirements and possible risks that must be addressed. This document will list some of those security requirements and risks of the Benefits Election System of the company. Paper Risks and Security Requirements Huffman Trucking is a national transportation company with 1,400 employees working in logistical hubs across the United States. The human resources department currently maintains several tracking mechanisms for its employee information. The company has an HRIS system that was developed in-house that maintains a database of personal information. One of the company’s managers also maintains an Excel spreadsheet for individual compensation decisions and surveys. With the recommendation to convert the Excel spreadsheet to a database system, it is a wise choice to integrate the paper data into the already made HRIS system database. In either case, there is a need to provide planning and security for the system. To address the one possibility of integrating the Excel spreadsheet into the benefit election system, there are a few risks associated with paper-based systems and security baselines that must be met. Maintaining paper presents risks such as environmental risks. This can include fire, water, and weather....
Words: 1290 - Pages: 6
...Database Normalization and Logical Process Concept paper This short paper will explain with a simple example the process and the need of normalization in the most of the business databases. Complete proposal break down (Timeline phases, Financial phases) will be submitted per management request. Overview At first any database should be designed with the end user in mind. Logical database design, also referred to as the logical model, is the process of arranging data into logical, organized groups of objects that can easily be maintained. The logical design of a database should reduce data repetition or go so far as to completely eliminate it. The needs of the end user should be one of the top considerations when designing a database. We should remember trough all design process that the end user is the person who ultimately uses the database. There should be ease of use through the user's front-end tool (a client program that allows a user access to a database), but this, along with optimal performance, cannot be achieved if the user's needs are not taken into consideration. Some user-related research and design considerations in any business database include the following: What data should be stored in the database? How will the user access the database? What privileges does the user require? How should the data be grouped in the database? What data is the most commonly accessed? How is all data related in the database? What measures should be taken to ensure accurate data...
Words: 1393 - Pages: 6
...Research Paper Introduction Database-management system (DBMS) is a collection of interrelated data and a set of programs to access those data. The collection of data, usually referred to as the database, contains information relevant to an enterprise. The primary goal of a DBMS is to provide a way to store and retrieve database information that is both convenient and efficient. Database systems are designed to manage large bodies of information. Management of data involves both defining structures for storage of information and providing mechanisms for the manipulation of information. In addition, the database system must ensure the safety of the information stored, despite system crashes or attempts at unauthorized access. If data are to be shared among several users, the system must avoid possible anomalous results. Because information is so important in most organizations, computer scientists have developed a large body of concepts and techniques for managing data. These concepts and technique form the focus of this book. This chapter briefly introduces the principles of database systems. Literature Survey 1. Redundancies and inconsistencies can be reduced 2. Better service to the Users 3. Flexibility of the system is improved 4. Cost of developing and maintaining systems is lower 5. Standards can be enforced 6. Security can be improved 7. Integrity can be improved 8. Enterprise requirements can be identified 9. Data...
Words: 1323 - Pages: 6
...LESSON 8: DATABASE SECURITY 8.0 LEARNING OBJECTIVES AND OUTCOMES Following are the security-related tasks which you as database administrator should be familiar with: • Ensuring secure database installation and configuration. • Managing the security aspects of user accounts: creating and assigning roles, developing secure password policies, restricting data access to only the appropriate users, and so on • Ensuring secure network connections • Encrypting and decrypting sensitive data • Ensuring the database has no security vulnerabilities and protection against intruders • Deciding what database components to audit and how granular you want this auditing to be • Downloading and installing security patches you might be able to perform these...
Words: 1968 - Pages: 8
...Database management system (DBMS) A database management system (DBMS) is a program, or a collection of programs, through which users interact with a database. The actual manipulation of the underlying database is handled by the DBMS. In some cases, users may interact with the DBMS directly. In other cases, users may interact with programs such as those created with Visual Basic, Java, Perl, PHP, or C++; these programs, in turn, interact with the DBMS, as shown in Figure 1-9. In either case, only the DBMS actually accesses the database. It typically supports query languages, which are in fact high-level programming languages, dedicated database languages that considerably simplify writing database application programs. Database languages also simplify the database organization as well as retrieving and presenting information from it. A DBMS provides facilities for controlling data access, enforcing data integrity, managing concurrency control, recovering the database after failures and restoring it from backup files, as well as maintaining database security. Entity An entity is a person, place, object, event, or idea for which you want to store and process data. The entities of interest to Premiere Products, for example, are sales reps, customers, orders, and parts. Attribute, Column, Field An attribute is a characteristic or property of an entity. The term is used in this text exactly as it is used in everyday English. An attribute is also called a field or column in...
Words: 858 - Pages: 4
...1. What are the main differences between a file-processing system and a database management system? Ans: A database management system coordinates both the physical and the logical access to the data, whereas a file-processing system coordinates only the physical access. 2. What are the major advantages of a database system? What are the major Disadvantages of a database system? Ans:- Advantages a) Controlling Data redundancy b) Data Consistency c) Data Sharing d)Data security Disadvantages:- a) Cost of hardware and software b) Cost of data sharing c) Database Failures d) Complexity 3. Identify some informal queries and update operations that you would expect to apply to the database shown in Figure 1.2.? Ans: The database has shown the student information for smith and brown. It also represents the course details. Then it shows the intake of the subject and instructor. In grade report section its display the grade result of smith and brown. Also it illustrates the prerequisite for the major subject. From this Database we can get the information of student, course details, course instructor, prerequisite for the major subject and grade report of the student. 4. Discuss the capabilities that should be provided by a DBMS? Ans:- i) Restricting Unauthorised access ii) Providing multiple user interface iii) Controlling redundancy iv) Providing backup and recovery v) Providing persistence storage for programs object and vi)...
Words: 521 - Pages: 3
...Comparison of Traditional File-Based Approach and Database Approach At the beginning, you should understand the rationale of replacing the traditional file-based system with the database system. File-based System File-based systems were an early attempt to computerize the manual filing system. File-based system is a collection of application programs that perform services for the end-users. Each program defines and manages its data. However, five types of problem are occurred in using the file-based approach: Separation and isolation of data When data is isolated in separate files, it is more difficult for us to access data that should be available. The application programmer is required to synchronize the processing of two or more files to ensure the correct data is extracted. Duplication of data When employing the decentralized file-based approach, the uncontrolled duplication of data is occurred. Uncontrolled duplication of data is undesirable because: i. Duplication is wasteful ii. Duplication can lead to loss of data integrity Data dependence Using file-based system, the physical structure and storage of the data files and records are defined in the application program code. This characteristic is known as program-data dependence. Making changes to an existing structure are rather difficult and will lead to a modification of program. Such maintenance activities are time-consuming and subject to error. Incompatible file formats ...
Words: 1079 - Pages: 5
...et al., 2012) With the sheer volume of the data that exists and speed at which new data is generated the ability of organizational IT Staffs to meet the security and privacy requirements is being pushed to the limits. With the capability of data mining algorithms to gather and correlate such large volumes of data at such speeds there exists the potential for extreme privacy and ethical concerns; as companies become experts at slicing and dicing data to reveal details as personal as mortgage defaults and heart attack risks, the threat of egregious privacy violations grows(Waxer, 2013). The requirements to maintain the privacy and security of these vast amounts of data are both ethically and legally mandated. What are the available tool sets that are accessible to an organizations IT Staff to secure databases from intrusion and exploitation? This is of extreme importance when dealing with the volume of data that exists and the personal and private nature of so much information. There are concerns over Personally Identifiable Information (PII) as well as Personal Health Information (PHI); unauthorized access to these could lead to identity theft through the access to PII or misuse of information to deny services due to PHI. What are the best practices that the IT staff and users should be implementing to ensure security of their data base information? The IT Staff and users of an organization both have a stake in ensuring that their equipment is secure from threats such as...
Words: 827 - Pages: 4
...A relational database is a collection of relations or tables. The rows of a table in a relational database are known as tuples and each column of a table is called an attribute. By definition, a relation becomes a set of tuples having the same attributes. Operations, which can be performed on the relations are select, project and join. The join operation combines the relations. The select queries are used for data retrieval, and the project operation identifies attributes. The information of the organization can be captured, manipulated, managed, and shared using relational database. The value database brings to the organization will be immense. To name few advantages of a relational database it can contribute in a huge manner to sound logical design: it is easy to understand and program, and it is amenable to change as business requirements change. The main earlier systems include file-based systems and Codasyl databases. Both systems are currently used in our company. File-based systems are complex and tended to be inherently restrictive and quickly reached the point where a complete rewrite becomes necessary if business requirements change. It is also very time consuming compare to using database. Codasyl databases are a vast improvement on the old file-based systems, but it requires high level of expertise to design properly, and just like file-based system it will be unable to support changes to business requirements. A properly designed relational database reflects business...
Words: 535 - Pages: 3
...HR Database Systems Question 1 The two commercial HR database systems that I would recommend for my organization are the Oracle Human resources Management systems and the HR Quik HR database system. Using the HR Quik HR database system provides an advantage in that its reports are very simple to run with all its data being generated in Excel. It can track the costs and benefit plans of employees and all the data within the systems can easily be merged with an employee’s documents (Lee, Tan & Wuwongse, 2006). This database also generates forms automatically with regards to the newly hired employees and those who have been terminated; it saves the documents which have been scanned and offers sample forms for guiding users in their generation and use (Kavanagh, Thite & Johnson, 2011). However, the database also has several disadvantages manifested in its inability of creating security profiles, facilitating the effective performance of audit trails due to its concurrent access anomalies and it only offers cloud-hosting features as an optional tool only in some of those models found in the market (Singh, 2009). On the other hand, the Oracle Human Resource Management System also offers several advantages to its users that include the creation and definition of user and security profiles, enabling the effective performance of audit trails and enables the HR to make payroll payments as it has the capability of handling multiple assignments. The Oracle Human Resource Management System...
Words: 1036 - Pages: 5
...Databases are powerful tools that can provide businesses with an edge over the competition. Databases can help keep track of, inventory, billing, payroll, phone numbers, and much more. Databases are essential for almost every company in today's business world. The company that I used to work for custom built their database in-house to suit their business needs. The company uses Oracle, SQL, and Microsoft Access. The company asked me to develop a helpdesk database using SQL and Microsoft Access. The server-based database that the company uses is the Structured Query Language (SQL) Server to run security. One of the draw backs of the server is that it has many security problems that constantly need to be patched. These patches are important to keep integrity of the data and security and should be scheduled to be applied on regular bases. Microsoft Access is a relational database management system which, allows users to create, edit, and maintain sophisticated databases. When developing the helpdesk database I found the wizard to be easy to use and helpful when creating the tables, data entry screens, display screens, and generating reports. The visual capabilities are user friendly and the user does not need to have programming experience. The wizard is an excellent internal tool to help the user with creating data entry forms and display screens. Microsoft Access also has its security problems. Microsoft Access is restricted to how much data can be stored before needing to...
Words: 706 - Pages: 3
