Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security.

Published byMaud Daniels Modified over 6 years ago

Similar presentations

Presentation on theme: "Security."— Presentation transcript:

1 Security

2 Issues Regarding Database Security
Legal and ethical issues regarding the right to access certain information. For instance some information is private and can't be legally accessed by unauthorized persons. Policy issues at the governmental, institutional, and corporate levels. Some information is kept secret even when not required by law. System-related issues: Where should security be enforced (and the physical level, OS level, DBMS level, or higher)? The need for multiple security levels, where different persons have the ability to access different data, but data should not be transferable across security levels.

3 Threats Loss of integrity: Modification of the data within a database must be protected from accidental or malicious changes. If the data's integrity (truthiness) is broken, you can't use your data anymore. Loss of availability: If your database is inaccessible, it ceases to be useful. It is important that the database is protected from attacks that threaten its ability to function. Loss of confidentiality: The data needs to be protected from people who don't have the right to access it. Unauthorized disclosure of information can lead to violations of the Data Privacy Act, loss of corporate secrets to the jeopardization of national security.

4 Control Measures There are 4 main mechanisms (control measures) to provide security for databases: Access Control: Only allowing authorized users to access specific parts of the database Inference Control: Ensuring that individual privacy is not violated when revealing aggregate data Flow Control: Ensuring that information isn't transmitted via covert channels across security levels Encryption: Ensuring that data at rest and in transit is not viewable (nor modifiable) by unauthorized parties.

5 Do all databases require security measures?
1. No, only databases containing sensitive information. 2. No, the data can be secured through other means (controlling access to the database itself) 3. Yes, all data should be secured, especially from modification. 4. Yes, L33T h4x0r's want to pwn me

6 Sensitive Data Sensitivity of data is a measure of the importance assigned to the data by its owner for the purpose of denoting its need for protection. If a database doesn't contain sensitive information, its security doesn't matter. If a database contains only sensitive information, it needs to be secured. The tricky case is when a database contains both sensitive and not sensitive data. In this circumstance, access control is needed to allow for different users to have different capabilities.

7 Factors making data sensitive
Inherently sensitive: the value of the data itself may be so revealing/confidential that it needs to be protected (e.g. a person's salary or who has an STD). From a sensitive source: The source of the data may indicate a need for secret (e.g. a police informant / tattle-tale). Declared sensitive: The owner may explicitly declare it sensitive (e.g. secret Coke recipe). A sensitive attribute / record: A particular column / row of a table may be made sensitive (e.g. reviewer identity or classes of crimes) Sensitive in relation to previously disclosed data: Some data may not be sensitive by itself, but when combined with other data, reveals sensitive information. My anarchist pseudonym and the posts under it aren't sensitive, but the connection between my real identity and my pseudonym is.

Download ppt "Security."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Operating System Security

Operating System Security
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Security and Integrity

Security and Integrity
Database Management System

Database Management System
Database Security - Farkas 1 Database Security and Privacy.

Database Security - Farkas 1 Database Security and Privacy.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.

View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.
Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.
SE571 Security in Computing

SE571 Security in Computing
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.

IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.
SEC835 Practical aspects of security implementation Part 1.

SEC835 Practical aspects of security implementation Part 1.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

Similar presentations

Ads by Google