Chapter Name September 98 Security by Adrienne Watt

Security The protection of data against unauthorized disclosure, alteration, or destruction. GENERAL CONSIDERATIONS: - Legal, social, and ethical aspects - Physical controls - Company policies - Operational concerns - Hardware controls - Operating system security - Data ownership

DATA SECURITY Threat: Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization. Theft and fraud Unauthorized amendment of data Program alteration Wire tapping Illegal entry by hacker Loss of confidentiality (secrecy) Blackmail Illegal Entry by hacker Inadequate or ill-thought out procedures that allow confidential output to be mixed with normal output. Staff shortage or strikes Inadequate staff training

DATA SECURITY Loss of privacy Inadequate staff training Viewing unauthorized data and disclosing it Loss of integrity Electronic interference and radiation Fire (electrical fault/lightning strike) Loss of availability Flood

DATA SECURITY Hardware failure resulting in a corrupt disk. The extent of loss depends upon factors such as the impact of the threat balanced against countermeasures and contingency plans.  e.g. Hardware failure resulting in a corrupt disk. Does alternative hardware exist that can be used? Is this alternative hardware secure? Can we legally run our software on this hardware? If no alternative hardware exists, how quickly can problem be fixed? When were the last backups taken of the database and log files? Are the backups in a fireproof safe or offsite? If the most current database needs to be recreated by restoring the backup with the log files, how long will it take? Will there by any immediate effects on our clients? If we restore the system, will the same or similar breach of security occur again unless we do something to prevent it from happening? Could our contingency planning be improved?

COMPUTER BASED CONTROLS The security of a DBMS is only as good as that of the operating system. Authorization: The granting of a right or privilege which enables a subject to legitimately have access to a system or object. Authentication: A mechanism by which a subject is determined to be the genuine subject that they claim to be. Logon Passwords

COMPUTER BASED CONTROLS The types of privileges that an authorized subject may be given include: Use of specific named databases Selection or retrieval of data Creation of tables and other objects Update of data (may be restricted to certain columns) Deletion of data (may be restricted to certain columns) Insertion of data (may be restricted to certain columns) Unlimited result set from a query (that is, a user is not restricted to a specified number of rows) Execution of specific procedures and utility programs Creation of databases Creation (and modification)of DBMS user identifiers and other types of authorized identifiers Membership of a group of users, and consequent inheritance of the group’s privileges

Ownership and Privileges Different ownership for different objects Ownership of objects gives the owner all appropriate privileges on the objects owned. Newly created objects are automatically owned by their creator who gains the appropriate privileges for the object. Privileges can be passed on to other authorized users. DBMS maintains different types of authorization identifiers. (users and groups)

DBMS SUPPORT The above policy decisions are enforced by the dbms DISCRETIONARY CONTROL   - privileges or authorities on different objects - policy decisions - flexible   Examples:   GRANT SELECT ON S TO CHARLEY   GRANT SELECT, UPDATE (STATUS, CITY) ON S TO JUDY   GRANT ALL PRIVILEGES ON S TO TED   GRANT SELECT ON P TO PUBLIC   GRANT DBA TO PHIL   REVOKE SELECT ON S FROM CHARLEY   REVOKE UPDATE ON S FROM JUDY The above policy decisions are enforced by the dbms The systems catalog contains:  - Sysuserlist  - Sysauthlist

DBMS SUPPORT MANDATORY CONTROL - each object has a classification level (top secret, confidential, etc.) - each user has a clearance level - not supported by any current DBMS - very rigid

DBMS SUPPORT Views: Can be used to represent only the data which is relevant to a user, by effectively hiding other fields.   Backing-up: The process of periodically taking a copy of the database and journal (and possibly programs) onto offline storage media. Various depending on size of data Journaling: The process of keeping and maintaining a journal or log of all changes made to the database to enable recovery to be undertaken effectively in the event of a failure. must be enabled copies of journal on other disks record all security violations

DBMS SUPPORT Checkpointing: The point of synchronization between the database and the transaction log file. All buffers are force-written to secondary storage.   Encryption: The encoding of the data by special algorithm that renders the data unreadable by any program without the decryption key. encrypt/decrypt degradation of performance

Associated Procedures To ensure controls are effective:  Authorization and Authentication: Password lengths Password duration   Backup:  Determine procedures Frequency Recovery: Determine procedures

Audit Check that all proper controls are in place. Ensuring accuracy of input data Ensuring accuracy of data processing Prevention and detection of errors during program execution Properly testing and documenting program development and maintenance Avoiding unauthorized program alteration Granting and monitoring access to data Ensuring documentation is up to date

Non-Computer Based Controls Establishment of a Security Policy: The area of the business it covers Responsibilities and obligations of employees Procedures that must be followed Establishment of a Contingency Plan: Who the key personnel are and how they can be contacted If key personnel are unavailable, a list of alternative personnel and how they can be contacted. Who decides that a contingency exists and how that is decided The technical requirements of transferring operations elsewhere Additional equipment needed Will communication lines need to be installed Operational requirements of transferring operations elsewhere Staff needed to work away from home Staff needed to work unusual hours Staff will need to be compensated Any outside contacts who may be help, for example: Equipment manufacturers Whether any insurance exists to cover the situation

Non-Computer Based Controls Secure Positioning of Equipment   Restrict access to printers especially if used for sensitive information Locate computer terminals sensibly if likely to display sensitive information Site cabling to avoid damage Secure Data and Software Ensure a secure storage area is available on-site Have an off-site secure storage area Index all the material

Non-Computer Based Controls Physical Access Controls:   Internal Controls: Govern access to areas within a building   External Controls: Govern Access to the site   Emergency Arrangement  Cold Site Warm Site Hot Site PC Security Viruses

Statistical Databases A collection of confidential information on individuals  Preventing queries from operating on only a few database entries Randomly adding in additional entries to the original query result set, which produces a certain error but approximates to the true response   Using only a random sample of the database to answer the query Maintaining a history of the query results and rejecting queries that use a high number of records identical to those used in previous queries.

Risk Analysis Establish a Security Team Define the scope of the analysis and obtain system details   Identify all existing countermeasures Identify and evaluate all assets Identify and assess all threats and risks Select countermeasures, undertake a cost/benefit analysis and compare with existing countermeasures Make recommendations Test security system

Data Protection and Privacy Laws Privacy: Concerns the right of an individual not have personal information collected, stored and disclosed either willfully or indiscriminately.   Data Protection: The protection of personal data from unlawful acquisition, storage and disclosure, and the provision of the necessary safeguards to avoid the destruction or corruption of the legitimate data held. Since the 1970s different countries have instituted various laws that deal with these issues.