Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Published byNya Basey Modified over 10 years ago

Similar presentations

Presentation on theme: "Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master."— Presentation transcript:

1 Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master of Science Faculty Advisor/Mentor: Prof. Barbara Nicolai PURDUE UNIVERSITY CALUMET SCHOOL OF TECHNOLOGY

2 Abstract Databases - important part of modern organizations Malicious attacks are targeted toward sensitive information Information security and government regulations Data encryption - a way of protecting information, while meeting certain regulations SQL Server 2008 provides built-in data encryption and key management

3 Background DMCS, as a system that ties all necessary institutions for a disaster response. The DMCS: – can work as a regular government agency or it can be moved to a disaster site – is wireless and self sustainable (UPS) – uses Global Information System (GIS) to display geographic conditions

4 Background cont. The system is internet based and completely paperless, replacing file cabinets with a repository The software of the system has a SQL Server database and a user interface in ASP.NET The system is planned to be distributed to the Indiana township

5 Introduction Database as a foundation of companies functionality and as a target of malicious attacks Databases need to be properly secured and available to users Consequences of database attacks Government regulations about database security Databases need to be periodically audited and security needs to be updated

6 Statement of the Problem DMCSs database is remotely accessed and stores confidential and sensitive information. In order for the database to be protected while available to users it needs to be properly secured Database security needs to: – address internal and external threats – meet the requirements of the government (HIPAA, SOX, Privacy Act of 1974)

7 Purpose of the Project The purpose of this project is to conduct a research on data exploitation, threats, and defense; and determine best practices for protecting vulnerable information in SQL Server 2008 The result of the project is the Database Security Policy and Procedure Manual which provides detailed instructions and recommendations for securing the DMCS

8 Project Objective Determine: – Number of information security threats. – Information security best practices applicable to the DMCS Prepare the Database Security Policy and Procedure Manual Install the SQL Server 2008 software

9 Data Number of new viruses Panda Security, Nov 24, 2010

10 Procedures Research and manual preparation Verify physical security of the server Update Windows operating system – Patches and service packs Install SQL Server 2008 Maintenance of the server and software

11 Procedures cont. Classification of data User administration Password policy DB application security Auditing

12 Information Security Pillars Information security Confidentiality Availability Integrity - Data and information is classifies into different levels of confidentiality to ensure that only authorized users access the information. - System is available at all times only for authorized users and authenticated persons. - System is protected from being shut down due to external or internal threats or attacks. - Data and information is accurate and protected from tampering by unauthorized persons. - Data and information is consistent and validated. C.I.A. Triangle

13 Database Security Access Points SA, developers, data entry employees, clients, suppliers, volunteers ( People) Data collection and reporting screens ( Applications) Method of connection to the reporting screens ( Network) Microsoft Windows Server 2003 ( Operating System) SQL Server 2008 ( DBMS) Files storing information about clients, transactions, products, orders, disaster specifics ( Data Files) Information processes and/or stored in the system ( Data) Database Security

14 Conclusion Applied security is efficient for the moment Compliance with regulations Protect sensitive information

15 Future Work Continuous update and maintenance for the existing system Regular audits Security updates

16 Acknowledgements Barbara Nicolai Chair Committee Member Chuck Winer Committee Member Keyuan Jiang Committee Member Purdue University Calumet – Faculty – Fellow Students

17 QUESTIONS THANK YOU!

Download ppt "Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Chapter 1 Security Architecture

Chapter 1 Security Architecture
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Data and Database Administration

Data and Database Administration

Similar presentations

Ads by Google