Abstract
As organizations increase their reliance on, possibly distributed, information systems for daily business, they become more vulnerable to security breaches even as they gain productivity and efficiency advantages. Though a number of techniques, such as encryption and electronic signatures, are currently available to protect data when transmitted across sites, a truly comprehensive approach for data protection must also include mechanisms for enforcing access control policies based on data contents, subject qualifications and characteristics, and other relevant contextual information, such as time. It is well understood today that the semantics of data must be taken into account in order to specify effective access control
…show more content…
Security breaches are typically categorized by three main aspects which are Confidentiality, Integrity, and Availability. Confidentiality is protecting the database from unauthorized users. Ensures that users are allowed to do the things they are trying to do. Integrity is protecting the database from unauthorized users and ensures that what authorized users are trying to do is correct. Availability authorized users should be able to access data for legal purposes as necessary. A threat can be defined as a hostile agent that causes issues, either casually or by using specialized technique to modify or delete the information managed by a DBMS. These threats can be non-fraudulent threat which are usually caused by natural or accidental disasters or errors or bugs in hardware or software or human errors. Fraudulent threats are caused by authorized users those who abuse their privileges and authority. These improper or hostile users (outsider or insiders) attack the software and/or hardware system, or read or write data in a database.
Major Functions as a Database Administrator
Keeping up with the vastly growing technologies in the both hardware and software fields while following the current technologies and predicting how those changes will impact the organization and managing the data security and privacy.
As a database administrator need to be expert in some of the
Confidentiality is the protection of information from unauthorized access. This is the assurance that information provided has not been made known to unauthorized persons, processes or devices. The application of this security service suggests information labeling and need-to-know imperatives are core aspects of the system security policy. Information, in today’s world, has value and everyone has information they wish to keep secret. Information such as credit card details, trade secrets, personal information, government documents, and many more. It was stated (Securitas Operandi™, 2008) that, we are bound to keep many secrets – corporate, staff, and personal secrets. We must keep this confidential information under wraps and earn the trust of employers, colleagues, and regulators every day. Mechanisms to enforce this include cryptography, which is, encrypting and decrypting data, access controls such as
A threat is defined as a potential cause of an incident that may cause harm of systems and organisation, or data. A potential and obvious threat is someone physically stealing hardware, or data. Physical threats are any incident that could result in the loss or physical damage to a computer system, there are threats that are pretty much unpreventable such as fire, floods, lightening, and earthquakes, and these are all physical threats that are uncontrollable. The humidity in rooms which computers are in does to an extent need to be controlled, if the room is too hot or cold if could have a negative effect on a computer system. There are also human threats such as; vandalism, theft, disruption, accidental or intentional errors.
Threat: An action or event that might compromise security. A threat is a potential violation of security.
Company must also develop a clear structure for granting employees access to sensitive information. Not all employees need such data in order to fulfill their everyday job responsibilities. For those who need admission to sensitive information, a strong authentication mechanism must be developed, which cannot be bypassed. This will ensure that only authorized users are accessing compromising data.
The framework of security policy is defined to construct a structure by the help of which policy gaps can be identified in an easy manner. A system specific policy would assist to ensure that all employees and management comply with the policies. This is also used to maintain the confidentiality for user authentication would assist in the confidentiality aspect of security, maintain integrity (There are several limiting rules or constraints which are distinct in the relational data model and whose work is to maintain the data’s accuracy and maintain its integrity.), availability and authenticity of the system. Access controls are a collection of mechanisms that work together to create security architecture to protect the assets of an information system. One of the goals of access control is personal accountability, which is the mechanism that proves someone performed a computer activity at a specific point in time. So, the framework acts as the guideline
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.
Whitman, M. E., & Mattord, H. J. (2010). Management of information security (3rd ed.). Boston, MA: Course Technology/Cengage Learning.
The top ten most common database attacks are excessive privilege, privilege abuse, unauthorized privilege elevation, platform vulnerabilities, SQL injection, weak audit, denial of service, database protocol vulnerabilities, weak authentication, and exposure of backup data. (Schulman, 2012) The majority of these attacks can be mitigated by firewalls, password protection, and appropriate permissions.
Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of IDI which must be managed with care. All information has a value to IDI. However, not all of this information has an equal value or requires the same level of protection. Access controls are put in place to protect information by controlling who has the rights to use different information resources and by guarding against unauthorised use. Formal procedures must control how access to information is granted and how such access is changed. This policy also mandates a standard for the creation of strong passwords, their protection and frequency of change.
“The practice of keeping data protected from corruption and unauthorized access” is known as data security (SpamLaw, 2011). The focal point of data security is the protection of
business data can be compromised due to unauthorized access or use which can lead to damage to reputation, brand and company’s physical assets
As an information security professional my goal is to ease fears of the unknown and provide assurance that confidentiality, integrity, and availability lessens risks that counter continuity. With insight and confidence I will serve as a guide for the speediest acceptable recovery from disasters when they occur. This is my purpose for pursuing the Master of Science in Information Assurance at Davenport University. As is evident with the College of Technology Faculty, my mission is one of achieving expertise and continually questing for knowledge in the complex and evolving world that is informatics security.
In today’s vastly technological world, when it comes to internet and computer security, people are either scared or unaware of the dangers present. Everything we use in our daily lives, from devices such as phones, tablets, and computers, to cars, gas stations, and electrical plants, is run by computers. This puts millions and billions of people at risk with impending security attacks just a keystroke away. The threat of an attack or breach in a system puts information security at a premium for many organizations and individuals. Therefore the onus is on businesses and organizations to ensure the confidentiality of information in their possession. Securing information prevents breaches and cyberattacks, protects the privacy of
Data, software, networks and procedure are the most directly affected by the study of information security. Data and software are the most associated with the study of security.
With advances in technology constantly happening, it can be hard to keep up with all of the latest trends. If organizations cannot keep up with the latest trends, it can lead to flaws in their security. Any flaws in security can have a detrimental effect on an organization’s database. Almost every organization has some sort of database, whether it is for maintaining customers, inventory, or vital information.