Security.

Slides:

Advertisements

Similar presentations

Network Security Chapter 1 - Introduction.

Advertisements

Operating System Security

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Security and Integrity

Database Management System

Database Security - Farkas 1 Database Security and Privacy.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

SE571 Security in Computing

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Information Security Technological Security Implementation and Privacy Protection.

IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.

Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

SEC835 Practical aspects of security implementation Part 1.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.

Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.

Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.

Prepared By Prepared By : VINAY ALEXANDER ( विनय अलेक्सजेंड़र ) PGT(CS),KV JHAGRAKHAND.

Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.

Chap1: Is there a Security Problem in Computing?.

Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Chapter 9 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

1/29/ Ask Matt - November 2011 – FERPA – Surveillance Video and Emergencies Matt Carver, J.D., Director of Legal Services tel fax.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

CSI-09 COMMUNICATION TECHNOLOGY SECURITY MECHANISMS IN A NETWORK AUTHOR - V. V. SUBRAHMANYAM.

E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.

Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.

Big Data Analytics Are we at risk? Dr. Csilla Farkas Director Center for Information Assurance Engineering (CIAE) Department of Computer Science and Engineering.

Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.

Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

PRESENTED BY Raju. What is information security?  Information security is the process of protecting information. It protects its availability, privacy.

Database Security Fundamentals of Database system, 5 th Edition, Ramez Elmasri and Shamkant B. Navathe.

Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.

IST 210 Security. IST 210 Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed to. E.g., A student can’t.

Chapter 5 : DataBase Security Lecture #1-Week 8 Dr.Khalid Dr. Mohannad Information Security CIT460 Information Security Dr.Khalid Dr. Mohannad 1.

CHAPTER 30 Database Security. CHAPTER 30 Database Security.

Database System Implementation CSE 507

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

Access Control Model SAM-5.

Information Security, Theory and Practice.

Outline Basic concepts in computer security

Sexually Transmitted Infections

Database Security and Authorization

Privacy & Confidentiality

Providing Access to Your Data: Handling sensitive data

Computer Data Security & Privacy

Security Shmuel Wimer prepared and instructed by

APP entities (organisations)

Resource Management Chapter 19 9/20/2018 Crowley OS Chap. 19.

Security Protection Goals

Inference and Flow Control

Internet law Business law.

Database Security &Threats

DATABASE SECURITY For CSCL (BIM).

Overview of Database Security

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

Access Control What’s New?

Security in Computing, Fifth Edition

Presentation transcript:

Security

Issues Regarding Database Security Legal and ethical issues regarding the right to access certain information. For instance some information is private and can't be legally accessed by unauthorized persons. Policy issues at the governmental, institutional, and corporate levels. Some information is kept secret even when not required by law. System-related issues: Where should security be enforced (and the physical level, OS level, DBMS level, or higher)? The need for multiple security levels, where different persons have the ability to access different data, but data should not be transferable across security levels.

Threats Loss of integrity: Modification of the data within a database must be protected from accidental or malicious changes. If the data's integrity (truthiness) is broken, you can't use your data anymore. Loss of availability: If your database is inaccessible, it ceases to be useful. It is important that the database is protected from attacks that threaten its ability to function. Loss of confidentiality: The data needs to be protected from people who don't have the right to access it. Unauthorized disclosure of information can lead to violations of the Data Privacy Act, loss of corporate secrets to the jeopardization of national security.

Control Measures There are 4 main mechanisms (control measures) to provide security for databases: Access Control: Only allowing authorized users to access specific parts of the database Inference Control: Ensuring that individual privacy is not violated when revealing aggregate data Flow Control: Ensuring that information isn't transmitted via covert channels across security levels Encryption: Ensuring that data at rest and in transit is not viewable (nor modifiable) by unauthorized parties.

Do all databases require security measures? 1. No, only databases containing sensitive information. 2. No, the data can be secured through other means (controlling access to the database itself) 3. Yes, all data should be secured, especially from modification. 4. Yes, L33T h4x0r's want to pwn me

Sensitive Data Sensitivity of data is a measure of the importance assigned to the data by its owner for the purpose of denoting its need for protection. If a database doesn't contain sensitive information, its security doesn't matter. If a database contains only sensitive information, it needs to be secured. The tricky case is when a database contains both sensitive and not sensitive data. In this circumstance, access control is needed to allow for different users to have different capabilities.

Factors making data sensitive Inherently sensitive: the value of the data itself may be so revealing/confidential that it needs to be protected (e.g. a person's salary or who has an STD). From a sensitive source: The source of the data may indicate a need for secret (e.g. a police informant / tattle-tale). Declared sensitive: The owner may explicitly declare it sensitive (e.g. secret Coke recipe). A sensitive attribute / record: A particular column / row of a table may be made sensitive (e.g. reviewer identity or classes of crimes) Sensitive in relation to previously disclosed data: Some data may not be sensitive by itself, but when combined with other data, reveals sensitive information. My anarchist pseudonym and the posts under it aren't sensitive, but the connection between my real identity and my pseudonym is.