Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Database Security Issues Reading: CB, Ch 20. Dept. of Computing Science, University of Aberdeen2 In this lecture you will learn The value of maintaining.
Cryptography and Network Security
Database Administration and Security Transparencies 1.
Securing the Borderless Network March 21, 2000 Ted Barlow.
Principles of Information Security, 2nd edition1 Cryptography.
Implementing Security for Electronic Commerce
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
Risks, Controls and Security Measures
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Implementing Security for Electronic Commerce
ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Chapter 8 Web Security.
Chapter 19 Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
Web services security I
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
Chapter 14 & 15 Conceptual & Logical Database Design Methodology
Supporting Technologies III: Security 11/16 Lecture Notes.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
Security CPSC 356 Database Ellen Walker Hiram College (Includes figures from Database Systems by Connolly & Begg, © Addison Wesley 2002)
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.
Chapter 7 Data Coding. Agenda Coding Code efficiency and conversion Compression/compaction Code encryption/decryption.
Chapters 17 & 18 Physical Database Design Methodology.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security.
Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
11/4/2012ISC239 Isabelle Bichindaritz1 Database Security.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
CSC271 Database Systems Lecture # 31. Summary: Previous Lecture  Remaining steps/activities in  Physical database design methodology  Monitoring and.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
IAD 2263: System Analysis and Design Chapter 7: Designing System Databases, Interfaces and Security.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.
UNIT 7 SEMINAR Unit 7 Chapter 9, plus Lab 13 Course Name – IT482 Network Design Instructor – David Roberts – Office Hours: Tuesday.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Security and Administration Transparencies
Controlling Computer-Based Information Systems, Part II
Chapter 17 Risks, Security and Disaster Recovery
برنامج أمن أنظمة الحاسب
Electronic Payment Security Technologies
Presentation transcript:

Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and privacy laws

Integrity Definition –Consistent with constraints Types –Entity –Referential or existence –Domain –Enterprise

Security Threats –Theft & fraud –Loss of confidentiality –Loss of privacy –Loss of integrity –Loss of availability

Countermeasures Computer-based controls Non-computer-based controls

Computer-based Controls - 1 Authorization & authentication –Password –Account number –Relations, users & right (CRUD) table Subschema –Create views

Computer-based Controls - 2 Logs –Transaction logs –Violation logs (time, terminal, violation) Check points Backup (redundant array of independent disks - RAID) & recovery Audit

Computer-based Controls - 3 Encryption or cryptosystem –Encryption key –Encryption algorithm –Decryption key –Decryption algorithm –Symmetric encryption (Data Encryption Standard (DES) –Asymmetric encryption (RSA)

Example of Encryption - I Divide text into groups of 8 characters. Pad with blank at end as necessary Select an 8-characters key Rearrange text by interchanging adjacent characters Translate each character into an ordinal number with blank as 0, A as 1, B as 2… Add the ordinal number of the key to the results Divide the total by 27 and retain the remainder Translate the remainder back into a character to yield the cipher text

Example of Encryption - II Message: DATA COM Key: PROTOCOL A D A T C M O (adatc mo) (protocol) (sum) remainder Q V P M R C A SPACE

Example of Decryption - I Divide cipher text into groups of eight characters. Pad with blanks at end as necessary Translate each cipher text alphabetic character and the encryption key into an ordinal number For each group, subtract the ordinal number of the key value from the ordinal number of the cipher text Add 27 to any negative number Translate the number back to alphabetic equivalents Rearrange the text by interchanging adjacent characters

Example of Decryption - II Q V P M R C A SPACE (qvpmrca ) (protocol) (substract) plus A D A T C M O D A T A C O M

Non-Computer-based Controls Security policy Contingency plan –Person, phone no., procedures –Site (cold, warm, or hot) Personnel control –Reference –Termination –Training –Balance of duty Escrow & maintenance agreements Physical

PC Security Policy & procedure Physical Logical Virus

DBMS and Web Security Proxy server: performance & filtering Firewall: packet filter, application gateway, circuit level gateway, & proxy server Digital signatures & Certificate Authority (CA) Message digest algorithms and digital signature Kerberos: centralized security server (certificate server Secure Sockets Layer (SSL) for data & Secure HTTP for individual message Secure Electronic Transaction (SET) for credit card & Secure Transaction Technology (STT ) for bank payment

Risk Analysis Assets Threats and risks Countermeasures Cost/benefit analysis Testing

Data Protection & Privacy Law

Assignment Review chapters 5-6, 11-13, and 18 Read chapter 19 Exam 3 –Date: 12/9/04 Project –Normalization and Corrected EER diagram due date: 12/2/04 –SQL, corrected normalization, and EER diagram due date: 12/15/04 (MIS Department Office)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.