© 2015 Pearson Education Ltd. Chapter 9 Chapter 9.

Slides:



Advertisements
Similar presentations
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Advertisements

Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
File Management Chapter 3
Data Modeling and Database Design Chapter 1: Database Systems: Architecture and Components.
With Microsoft Access 2010© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Access.
By Mary Anne Poatsy, Keith Mulbery, Eric Cameron, Jason Davidson, Rebecca Lawson, Linda Lau, Jerri Williams Chapter 9 Fine-Tuning the Database 1 Copyright.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Database Management System
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
Database Management: Getting Data Together Chapter 14.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Information Technology in Organizations
Business Driven Technology Unit 2 Exploring Business Intelligence Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution.
Getting Started Chapter One DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 5 th Edition.
Chapter 4 Relational Databases Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 4-1.
David M. Kroenke and David J. Auer Database Processing—12 th Edition Fundamentals, Design, and Implementation Chapter One: Introduction KROENKE AND AUER.
Getting Started Chapter One DATABASE CONCEPTS, 7th Edition
BUSINESS DRIVEN TECHNOLOGY
Chapter 4 Relational Databases Copyright © 2012 Pearson Education 4-1.
Copyright ©2014 Pearson Education, Inc. Chapter 3 Requirements and Business Rules Chapter3.1.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
DAY 21: MICROSOFT ACCESS – CHAPTER 5 MICROSOFT ACCESS – CHAPTER 6 MICROSOFT ACCESS – CHAPTER 7 Akhila Kondai October 30, 2013.
Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Getting Started Chapter One DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 6 th Edition.
Session 5: Working with MySQL iNET Academy Open Source Web Development.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Database Technical Session By: Prof. Adarsh Patel.
1 INTRODUCTION TO DATABASE MANAGEMENT SYSTEM L E C T U R E
Chapter 9 Designing Databases Modern Systems Analysis and Design Sixth Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich.
CS 474 Database Design and Application Terminology Jan 11, 2000.
Chapter 7: Database Systems Succeeding with Technology: Second Edition.
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
Data and its manifestations. Storage and Retrieval techniques.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
Discovering Computers Fundamentals Fifth Edition Chapter 9 Database Management.
Triggers A Quick Reference and Summary BIT 275. Triggers SQL code permits you to access only one table for an INSERT, UPDATE, or DELETE statement. The.
Chapter 5 Database Processing. Neil uses software to query a database, but it has about 25 standard queries that don’t give him all he needs. He imports.
Storing Organizational Information - Databases
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
Systems Management Server 2.0: Backup and Recovery Overview SMS Recovery Web Site location: Updated.
6.1 © 2010 by Prentice Hall 6 Chapter Foundations of Business Intelligence: Databases and Information Management.
INFO1408 Database Design Concepts Week 15: Introduction to Database Management Systems.
1 Figure 9-10: Database and Instant Messaging Security Concerns Other Applications  There are many other applications  Each has its own security issues.
Security Technology Clients and Mail Servers
1 Figure 9-6: Security Technology  Clients and Mail Servers (Figure 9-7) Mail server software: Sendmail on UNIX, Microsoft Exchange,
Zhangxi Lin Texas Tech University ISQS 6347, Data & Text Mining 1 ISQS 6339 Data Management and Business Intelligence Database Review.
Visual Programing SQL Overview Section 1.
Getting Started Chapter One DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 4 th Edition.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
IT tools to communicate By Suleman Kalam. Podcast What is Podcasts? A podcasts is a downloadable media file which can be downloaded into many electronic.
Chapter 5 : Integrity And Security  Domain Constraints  Referential Integrity  Security  Triggers  Authorization  Authorization in SQL  Views 
Chapter 3 Requirements and Business Rules Copyright © 2012 Pearson Education, Inc. Publishing as Prentice HallChapter3.1.
Copyright (c) 2014 Pearson Education, Inc. Introduction to DBMS.
SQL Server 2012 Session: 1 Session: 12 Triggers Data Management Using Microsoft SQL Server.
David M. Kroenke and David J. Auer Database Processing: Fundamentals, Design, and Implementation Chapter One: Introduction.
Introduction to Core Database Concepts Getting started with Databases and Structure Query Language (SQL)
ISC321 Database Systems I Chapter 2: Overview of Database Languages and Architectures Fall 2015 Dr. Abdullah Almutairi.
( ) 1 Chapter # 8 How Data is stored DATABASE.
Fundamental of Database Systems
Chapter 6 - Database Implementation and Use
David M. Kroenke and David J
Introduction to Database Management System
Data Protection Chapter 9 Copyright Pearson Prentice Hall 2013.
Database Management Systems
Getting Started Chapter One DATABASE CONCEPTS, 5th Edition
Getting Started Chapter One DATABASE CONCEPTS, 4th Edition
6. Application Software Security
Presentation transcript:

© 2015 Pearson Education Ltd. Chapter 9 Chapter 9

© 2015 Pearson Education Ltd.  Explain the necessity for backup.  Describe backup scope and methods.  Describe the different RAID (redundant array of independent disks) levels.  Explain the need for data storage policies.  Explain database protections.  Explain the need for database access controls, auditing, and encryption.  Describe the difference between data leakage and data theft.  Explain data deletion, destruction, and disposal.  Explain digital rights management (DRM) and how it can prevent data loss. 9-2

© 2015 Pearson Education Ltd. 9-3

© 2015 Pearson Education Ltd.  In prior chapters we focused on ◦ Protecting data as it passed over networks (Chapter 3) ◦ Hardening hosts that store data (Chapter 7) ◦ Securing applications that process data (Chapter 8)  This chapter will emphasize the protection of stored data 9-4

© 2015 Pearson Education Ltd. 9.1 Introduction 9.2 Data Protection: Backup 9.3 Backup Media and RAID 9.4 Data Storage Policies 9.5 Database Security 9.6 Data Loss Prevention 9-5

© 2015 Pearson Education Ltd.  Data are the principal elements of any information system  Businesses gather enormous amounts of data ◦ Information is then extracted for decision making ◦ Data are valuable assets that are core components of a larger corporate strategy ◦ Source code, intellectual property, user data, etc. must all be protected 9-6

© 2015 Pearson Education Ltd.  This chapter will primarily focus on securing data while it is being stored  More specifically: ◦ How backup can prevent accidental data loss ◦ How to securely store data in a database ◦ How to prevent data from being taken out of the corporation ◦ How to securely dispose of data 9-7

© 2015 Pearson Education Ltd. 9.1 Introduction 9.2 Data Protection: Backup 9.3 Backup Media and RAID 9.4 Data Storage Policies 9.5 Database Security 9.6 Data Loss Prevention 9-8

© 2015 Pearson Education Ltd.  Image Backup ◦ Everything, including programs and settings ◦ Image backup is very slow ◦ Data files change the most rapidly, so doing several file/directory data backups for each image backup may be appropriate  Shadowing ◦ A backup copy of each file being worked on is written every few minutes to the hard drive, or to another location 9-9

© 2015 Pearson Education Ltd. 9-10

© 2015 Pearson Education Ltd.  Continuous Data Protection (CDP) ◦ Used when a firm has two server locations ◦ Each location backs up the other in real time ◦ Other site can take over very quickly in case of a disaster, with little data loss ◦ Requires expensive high–speed transmission link between the sites 9-11

© 2015 Pearson Education Ltd. PCs back up one another. Data is stored redundantly. Security issues must be addressed. PCs back up one another. Data is stored redundantly. Security issues must be addressed. 9-12

© 2015 Pearson Education Ltd. 9.1 Introduction 9.2 Data Protection: Backup 9.3 Backup Media and RAID 9.4 Data Storage Policies 9.5 Database Security 9.6 Data Loss Prevention 9-13

© 2015 Pearson Education Ltd.  Data Retention Policies ◦ There are strong legal requirements for how long certain types of data must be kept ◦ The legal department must get involved in retention policies  Auditing Policy Compliance ◦ All policies should be audited ◦ Includes tracing what happened in samples of data 9-14

© 2015 Pearson Education Ltd.  Benefits of Retention ◦ Major part of corporate memory ◦ Can retrieve old for current purposes  Dangers of Retention ◦ Legal discovery process ◦ Defendant must supply relevant s ◦ Potentially very damaging information ◦ Always expensive ◦ Even though very expensive to retrieve, firms must pay whatever is necessary to do so 9-15

© 2015 Pearson Education Ltd.  Accidental Retention ◦ Even if firms delete from mail servers, may be stored on backup tapes ◦ Users will often store copies on their own computers 9-16

© 2015 Pearson Education Ltd.  Message Authentication ◦ Spoofed messages can frame employees or the firm itself ◦ Need message authentication to prevent spoofed sender addresses  User Training ◦ Never put anything in a message that you would not want seen in court, printed in the newspaper, or read by your boss 9-17

© 2015 Pearson Education Ltd. 9.1 Introduction 9.2 Data Protection: Backup 9.3 Backup Media and RAID 9.4 Data Storage Policies 9.5 Database Security 9.6 Data Loss Prevention 9-18

© 2015 Pearson Education Ltd.  Databases ◦ Often used in mission-critical applications ◦ Require additional security precautions ◦ Relational databases: Tables (relations) with rows (records) and columns (attributes) ◦ As discussed earlier, avoid SQL injection attacks 9-19

© 2015 Pearson Education Ltd. 9-20

© 2015 Pearson Education Ltd.  Databases ◦ Restrict Access to Data  Restrict users to certain columns (attributes) in each row  For instance, deny access to salary column to most users  Limit access control to rows  For instance, only rows containing data about people in the user’s own department 9-21

© 2015 Pearson Education Ltd. 9-22

© 2015 Pearson Education Ltd.  Databases ◦ Restrict granularity (level of detail)  Prevent access to individual data  Allow trend analysts to deal only with sums and averages for aggregates, such as departments ◦ Restrict information about the structure of the database itself (data model)  Knowledge about the data model can make SQL injection much easier 9-23

© 2015 Pearson Education Ltd.  Database Access Control ◦ Restrict access to databases via database management systems (e.g., Microsoft SQL Server, MySQL, IBM DB2, Oracle, etc.) ◦ Rename administrator account, disable guest/public accounts, lowest possible permissions necessary  SQL Injection Attacks ◦ Data must be sanitized to remove unacceptable characters ◦ Stored procedures can be used to sanitize and validate incoming data 9-24

© 2015 Pearson Education Ltd. 1. Windows authentication 2. SQL Server authentication 3. Password policy options 9-25

© 2015 Pearson Education Ltd.  Database Auditing ◦ Collect information about users’ interactions with databases ◦ Policy driven, reflecting legal and regulatory obligations  What should be audited? ◦ Logins, changes to the database, warnings, exceptions, and special access 9-26

© 2015 Pearson Education Ltd.  Trigger - Code that is automatically run when changes are made to a database  Data Definition Language (DDL) trigger ◦ Used to produce automatic responses if the structure of the database has been altered (e.g., create new table, drop a table, alter properties of an existing table)  Data Manipulation Language (DML) trigger ◦ Used to produce automatic responses if the data has been altered (e.g., data are inserted, updated, or deleted) 9-27

© 2015 Pearson Education Ltd. CREATE TRIGGER EmployeeSalaryChange ON Employees FOR UPDATE AS varchar(1000) varchar(20) varchar(20) int int IF UPDATE (Salary) = = = Salary FROM deleted d = Salary FROM inserted = 'I just wanted to let you know ' ' changed their salary ' to EXEC = 'Somebody changed their GO 9-28

© 2015 Pearson Education Ltd. 9-29

© 2015 Pearson Education Ltd.  Key Escrow ◦ Loss of the key is disastrous  Not like losing a password that can be reset ◦ Key escrow stores a copy of the key in a safe place ◦ Bad if managed by user  May not do it  May not be able to find it  If fired, may refuse to give it back, locking up all data on the computer ◦ Central key escrow on a corporate server is better 9-30

© 2015 Pearson Education Ltd. 9.1 Introduction 9.2 Data Protection: Backup 9.3 Backup Media and RAID 9.4 Data Storage Policies 9.5 Database Security 9.6 Data Loss Prevention 9-31

© 2015 Pearson Education Ltd.  Spiders (crawlers) - Navigate the web gathering, organizing, and indexing web content  Web Scraper - Tool that extracts predefined data from specified webpages  Can aggregate extracted data from multiple websites  Mashup - Combining data from various sites or applications 9-32

© 2015 Pearson Education Ltd.  Data Destruction Is Necessary ◦ Backup media are not needed beyond their retention dates if…  a computer is to be discarded  the computer is to be sold or given to another user ◦ Drive-wiping software for hard drives  Reformatting the hard drive is not enough ◦ Shred CDs and DVDs 9-33

© 2015 Pearson Education Ltd. 9-34

© 2015 Pearson Education Ltd.    rity/current.asp rity/current.asp    

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without the prior written permission of the publisher. © 2015 Pearson Education Ltd.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.