Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.

Published byBonnie McDowell Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and."— Presentation transcript:

1 Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and privacy laws

2 Integrity Definition –Consistent with constraints Types –Entity –Referential or existence –Domain –Enterprise

3 Security Threats –Theft & fraud –Loss of confidentiality –Loss of privacy –Loss of integrity –Loss of availability

4 Countermeasures Computer-based controls Non-computer-based controls

5 Computer-based Controls - 1 Authorization & authentication –Password –Account number –Relations, users & right (CRUD) table Subschema –Create views

6 Computer-based Controls - 2 Logs –Transaction logs –Violation logs (time, terminal, violation) Check points Backup (redundant array of independent disks - RAID) & recovery Audit

7 Computer-based Controls - 3 Encryption or cryptosystem –Encryption key –Encryption algorithm –Decryption key –Decryption algorithm –Symmetric encryption (Data Encryption Standard (DES) –Asymmetric encryption (RSA)

8 Example of Encryption - I Divide text into groups of 8 characters. Pad with blank at end as necessary Select an 8-characters key Rearrange text by interchanging adjacent characters Translate each character into an ordinal number with blank as 0, A as 1, B as 2… Add the ordinal number of the key to the results Divide the total by 27 and retain the remainder Translate the remainder back into a character to yield the cipher text

9 Example of Encryption - II Message: DATA COM Key: PROTOCOL A D A T C M O 01 04 01 20 03 00 13 15 (adatc mo) 01 04 01 20 03 00 13 15 16 18 15 20 15 03 15 12 (protocol) 17 22 16 40 18 03 28 27 (sum) 17 22 16 13 18 03 01 00 remainder Q V P M R C A SPACE

10 Example of Decryption - I Divide cipher text into groups of eight characters. Pad with blanks at end as necessary Translate each cipher text alphabetic character and the encryption key into an ordinal number For each group, subtract the ordinal number of the key value from the ordinal number of the cipher text Add 27 to any negative number Translate the number back to alphabetic equivalents Rearrange the text by interchanging adjacent characters

11 Example of Decryption - II Q V P M R C A SPACE 17 22 16 13 18 03 01 00 (qvpmrca ) 17 22 16 13 18 03 01 00 16 18 15 20 15 03 15 12 (protocol) 01 04 01 -7 03 00 -14 -12 (substract) plus 27 27 27 27 01 04 01 20 03 00 13 15 A D A T C M O D A T A C O M

12 Non-Computer-based Controls Security policy Contingency plan –Person, phone no., procedures –Site (cold, warm, or hot) Personnel control –Reference –Termination –Training –Balance of duty Escrow & maintenance agreements Physical

13 PC Security Policy & procedure Physical Logical Virus

14 DBMS and Web Security Proxy server: performance & filtering Firewall: packet filter, application gateway, circuit level gateway, & proxy server Digital signatures & Certificate Authority (CA) Message digest algorithms and digital signature Kerberos: centralized security server (certificate server Secure Sockets Layer (SSL) for data & Secure HTTP for individual message Secure Electronic Transaction (SET) for credit card & Secure Transaction Technology (STT ) for bank payment

15 Risk Analysis Assets Threats and risks Countermeasures Cost/benefit analysis Testing

16 Data Protection & Privacy Law

17 Assignment Review chapters 5-6, 11-13, and 18 Read chapter 19 Exam 3 –Date: 12/9/04 Project –Normalization and Corrected EER diagram due date: 12/2/04 –SQL, corrected normalization, and EER diagram due date: 12/15/04 (MIS Department Office)

Download ppt "Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Database Security Issues Reading: CB, Ch 20. Dept. of Computing Science, University of Aberdeen2 In this lecture you will learn The value of maintaining.

Database Security Issues Reading: CB, Ch 20. Dept. of Computing Science, University of Aberdeen2 In this lecture you will learn The value of maintaining.
Cryptography and Network Security

Cryptography and Network Security
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Securing the Borderless Network March 21, 2000 Ted Barlow.

Securing the Borderless Network March 21, 2000 Ted Barlow.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Implementing Security for Electronic Commerce

Implementing Security for Electronic Commerce
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.

Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Implementing Security for Electronic Commerce

Implementing Security for Electronic Commerce
ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &

ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Chapter 8 Web Security.

Chapter 8 Web Security.
Chapter 19 Security.

Chapter 19 Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
Web services security I

Web services security I
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

Similar presentations

Ads by Google