Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Slides:



Advertisements
Similar presentations
IT Security Policy Framework
Advertisements

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Chapter 1 Security Architecture
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Security Controls – What Works
Information Security Policies and Standards
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models
Information Security Information Technology and Computing Services Information Technology and Computing Services
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Data and Database Administration
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Security Architecture
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.
SEC835 Practical aspects of security implementation Part 1.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 - Databases, Controls, and Security.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Security in ERP Systems By Jason Rhodewalt & Marcel Gibson.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
Module 6: Designing Security for Network Hosts
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.
Chapter 2 Securing Network Server and User Workstations.
Small Business Security Keith Slagle April 24, 2007.
Module 11: Designing Security for Network Perimeters.
Introduction to Information Security
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Computer Security By Duncan Hall.
Chapter 8 Auditing in an E-commerce Environment
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
THE NEED FOR NETWORK SECURITY Hunar & Nawzad & Kovan & Abdulla & Aram.
Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group
INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.
E-Commerce & Bank Security By: Mark Reed COSC 480.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Information Management System Ali Saeed Khan 29 th April, 2016.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Security on Peer-to-Peer Networks.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.
Information Security and Privacy in HRIS
Clouding with Microsoft Azure
Design for Security Pepper.
Secure Software Confidentiality Integrity Data Security Authentication
Chapter 17 Risks, Security and Disaster Recovery
Introduction to the Federal Defense Acquisition Regulation
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master of Science Faculty Advisor/Mentor: Prof. Barbara Nicolai PURDUE UNIVERSITY CALUMET SCHOOL OF TECHNOLOGY

Abstract Databases - important part of modern organizations Malicious attacks are targeted toward sensitive information Information security and government regulations Data encryption - a way of protecting information, while meeting certain regulations SQL Server 2008 provides built-in data encryption and key management

Background DMCS, as a system that ties all necessary institutions for a disaster response. The DMCS: – can work as a regular government agency or it can be moved to a disaster site – is wireless and self sustainable (UPS) – uses Global Information System (GIS) to display geographic conditions

Background cont. The system is internet based and completely paperless, replacing file cabinets with a repository The software of the system has a SQL Server database and a user interface in ASP.NET The system is planned to be distributed to the Indiana township

Introduction Database as a foundation of companies functionality and as a target of malicious attacks Databases need to be properly secured and available to users Consequences of database attacks Government regulations about database security Databases need to be periodically audited and security needs to be updated

Statement of the Problem DMCSs database is remotely accessed and stores confidential and sensitive information. In order for the database to be protected while available to users it needs to be properly secured Database security needs to: – address internal and external threats – meet the requirements of the government (HIPAA, SOX, Privacy Act of 1974)

Purpose of the Project The purpose of this project is to conduct a research on data exploitation, threats, and defense; and determine best practices for protecting vulnerable information in SQL Server 2008 The result of the project is the Database Security Policy and Procedure Manual which provides detailed instructions and recommendations for securing the DMCS

Project Objective Determine: – Number of information security threats. – Information security best practices applicable to the DMCS Prepare the Database Security Policy and Procedure Manual Install the SQL Server 2008 software

Data Number of new viruses Panda Security, Nov 24, 2010

Procedures Research and manual preparation Verify physical security of the server Update Windows operating system – Patches and service packs Install SQL Server 2008 Maintenance of the server and software

Procedures cont. Classification of data User administration Password policy DB application security Auditing

Information Security Pillars Information security Confidentiality Availability Integrity - Data and information is classifies into different levels of confidentiality to ensure that only authorized users access the information. - System is available at all times only for authorized users and authenticated persons. - System is protected from being shut down due to external or internal threats or attacks. - Data and information is accurate and protected from tampering by unauthorized persons. - Data and information is consistent and validated. C.I.A. Triangle

Database Security Access Points SA, developers, data entry employees, clients, suppliers, volunteers ( People) Data collection and reporting screens ( Applications) Method of connection to the reporting screens ( Network) Microsoft Windows Server 2003 ( Operating System) SQL Server 2008 ( DBMS) Files storing information about clients, transactions, products, orders, disaster specifics ( Data Files) Information processes and/or stored in the system ( Data) Database Security

Conclusion Applied security is efficient for the moment Compliance with regulations Protect sensitive information

Future Work Continuous update and maintenance for the existing system Regular audits Security updates

Acknowledgements Barbara Nicolai Chair Committee Member Chuck Winer Committee Member Keyuan Jiang Committee Member Purdue University Calumet – Faculty – Fellow Students

QUESTIONS THANK YOU!