Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Security Carl J. Hoppe 20 November 2013.

Published byNoreen Powell Modified over 8 years ago

Similar presentations

Presentation on theme: "Database Security Carl J. Hoppe 20 November 2013."— Presentation transcript:

1 Database Security Carl J. Hoppe 20 November 2013

2 Outline What is Database Security? The Key Points of Database Security. Steps to Protect a Database. Threats to a Database. My Experiences with Database Security.

3 What is Database Security? The use of a broad range of information security controls to protect databases against compromises of their confidentiality, integrity and availability. Database security is a specialist topic within the broader realms of computer security, information security and risk management.

4 Key Points of Database Security Database security is based upon many types of Information Security. Access Control Auditing Authentication Encryption Backups Integrity Controls Application Security

5 Steps to Protect a Database

6 Steps to Protect a Database(cont.) Plan Establish standards and policies to guide the rest of the process. Discover and Assess Enumerate the databases, determine what applications use them, what data they contain, and who owns the system and data.

7 Steps to Protect a Database(cont.) Secure Based on the results of the assessments, update and secure the databases. Lock down access channels and look for any entitlement issues. Monitor Database activity monitoring and database auditing Database Management Systems (DBMS)

8 Steps to Protect a Database(cont.) Protect Apply preventative controls to protect the data as users and systems interact with it. Manage Management of ongoing systems and application management; configuration management, patch management, and change management. Database Management Systems (DBMS)

9 Threats to a Database Data corruption Design flaws and programming bugs Performance constraints and capacity issues Malware Unauthorized access

10 My Experiences with Database Security Data Center Building Access Key card requirements Database Management Systems (DBMS) Managing the capacity Managing the sensors

11 Conclusion What is Database Security? The Key Points of Database Security. Steps to Protect a Database. Threats to a Database. My Experiences with Database Security.

12 References https://securosis.com/projectquant/project-quant-database- security-process-framework/ http://en.wikipedia.org/wiki/Database_security

Download ppt "Database Security Carl J. Hoppe 20 November 2013."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Protection of personal mobile computer devices Information Security Isaac Fernandes, mci12009 Sofia Nunes, mci12014.

Protection of personal mobile computer devices Information Security Isaac Fernandes, mci12009 Sofia Nunes, mci12014.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Security Controls – What Works

Security Controls – What Works
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.

Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.

 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.
1 8 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 8 Database Administration.

1 8 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 8 Database Administration.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Ch15QQ 1. Hardware theft includes the theft of portable computers as well as desktop computers. 2. A surge suppressor can be used to protect a computer.

Ch15QQ 1. Hardware theft includes the theft of portable computers as well as desktop computers. 2. A surge suppressor can be used to protect a computer.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Information Security Update CTC 18 March 2015 Julianne Tolson.

Information Security Update CTC 18 March 2015 Julianne Tolson.
1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.

1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Chapter 6 of the Executive Guide manual Technology.

Chapter 6 of the Executive Guide manual Technology.

Similar presentations

Ads by Google