Database Security Carl J. Hoppe 20 November 2013.

Slides:



Advertisements
Similar presentations
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Advertisements

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Protection of personal mobile computer devices Information Security Isaac Fernandes, mci12009 Sofia Nunes, mci12014.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Security Controls – What Works
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.
1 8 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 8 Database Administration.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Factors to be taken into account when designing ICT Security Policies
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Ch15QQ 1. Hardware theft includes the theft of portable computers as well as desktop computers. 2. A surge suppressor can be used to protect a computer.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Storage Security and Management: Security Framework
Information Security Update CTC 18 March 2015 Julianne Tolson.
1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Chapter 6 of the Executive Guide manual Technology.
Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.
SECURITY ENGINEERING 2 April 2013 William W. McMillan.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.
Chapter 2 Securing Network Server and User Workstations.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Importance of Physical Security Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative.
How to Mitigate Stay Safe. Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
PRESENTED BY Raju. What is information security?  Information security is the process of protecting information. It protects its availability, privacy.
Developing a Network Security Policy By: Chris Catalano.
Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1.
Importance of IT security ->protects data ->ensures authentication and confidentiality ->preevents data theft.
Design for Security Pepper.
Secure Software Confidentiality Integrity Data Security Authentication
NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Chapter 17 Risks, Security and Disaster Recovery
LAND RECORDS INFORMATION SYSTEMS DIVISION
CompTIA Security+ Study Guide (SY0-401)
Business Risks of Insecure Networks
Managing the IT Function
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
CYB 110 Competitive Success/snaptutorial.com
CYB 110 Education Begins / Snaptutorial.com. CYB 110 All Assignments For more classes visit CYB 110 Week 1 Individual Protecting.
CYB 110 Education Begins / tutorialrank.com. CYB 110 All Assignments For more course tutorials visit CYB 110 Week 1 Individual Protecting.
CYB 110 Teaching Effectively-- snaptutorial.com
CYB 110 Education for Service-- tutorialrank.com
I have many checklists: how do I get started with cyber security?
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Chapter 8 Data Base Security
Understanding Security Layers
IS4680 Security Auditing for Compliance
Contact Center Security Strategies
Database Security &Threats
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Security week 1 Introductions Class website Syllabus review
PLANNING A SECURE BASELINE INSTALLATION
Web Information Systems Engineering (WISE)
Designing IIS Security (IIS – Internet Information Service)
Session 1 – Introduction to Information Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Database Security Carl J. Hoppe 20 November 2013

Outline What is Database Security? The Key Points of Database Security. Steps to Protect a Database. Threats to a Database. My Experiences with Database Security.

What is Database Security? The use of a broad range of information security controls to protect databases against compromises of their confidentiality, integrity and availability. Database security is a specialist topic within the broader realms of computer security, information security and risk management.

Key Points of Database Security Database security is based upon many types of Information Security. Access Control Auditing Authentication Encryption Backups Integrity Controls Application Security

Steps to Protect a Database

Steps to Protect a Database(cont.) Plan Establish standards and policies to guide the rest of the process. Discover and Assess Enumerate the databases, determine what applications use them, what data they contain, and who owns the system and data.

Steps to Protect a Database(cont.) Secure Based on the results of the assessments, update and secure the databases. Lock down access channels and look for any entitlement issues. Monitor Database activity monitoring and database auditing Database Management Systems (DBMS)

Steps to Protect a Database(cont.) Protect Apply preventative controls to protect the data as users and systems interact with it. Manage Management of ongoing systems and application management; configuration management, patch management, and change management. Database Management Systems (DBMS)

Threats to a Database Data corruption Design flaws and programming bugs Performance constraints and capacity issues Malware Unauthorized access

My Experiences with Database Security Data Center Building Access Key card requirements Database Management Systems (DBMS) Managing the capacity Managing the sensors

Conclusion What is Database Security? The Key Points of Database Security. Steps to Protect a Database. Threats to a Database. My Experiences with Database Security.

References security-process-framework/