Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Architecture

Published byCandace Williamson Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Architecture"— Presentation transcript:

1 Security Architecture
Database Security Security Architecture

2 Objectives Define security
Describe an information system and its components Define database management system functionalities Outline the concept of information security

3 Objectives (continued)
Identify the major components of information security architecture Define database security List types of information assets and their values Describe security methods

4 Security Database security: degree to which data is fully protected from tampering or unauthorized acts Comprises information system and information security concepts

5 Information Systems Wise decisions require:
Accurate and timely information Information integrity Information system: comprised of components working together to produce and generate accurate information Categorized based on usage

6 Information Systems (continued)

7 Information Systems (continued)

8 Information Systems (continued)

9 Information Systems (continued)
Information system components include: Data Procedures Hardware Software Network People

10 Information Systems (continued)

11 Information Systems (continued)
Client/server architecture: Based on the business model Can be implemented as one-tier; two-tier; n-tier Composed of three layers Tier: physical or logical platform Database management system (DBMS): collection of programs that manage database

12 Information Systems (continued)

13 Database Management Essential to success of information system
DBMS functionalities: Organize data Store and retrieve data efficiently Manipulate data (update and delete) Enforce referential integrity and consistency Enforce and implement data security policies and procedures Back up, recover, and restore data

14 Database Management (continued)
DBMS components include: Data Hardware Software Networks Procedures Database servers

15 Database Management (continued)

16 Information Security Information is one of an organization’s most valuable assets Information security: consists of procedures and measures taken to protect information systems components C.I.A. triangle: confidentiality, integrity, availability Security policies must be balanced according to the C.I.A. triangle

17 Information Security (continued)

18 Confidentiality Addresses two aspects of security:
Prevention of unauthorized access Information disclosure based on classification Classify company information into levels: Each level has its own security measures Usually based on degree of confidentiality necessary to protect information

19 Confidentiality (continued)

20 Integrity Consistent and valid data, processed correctly, yields accurate information Information has integrity if: It is accurate It has not been tampered with Read consistency: each user sees only his changes and those committed by other users

21 Integrity (continued)

22 Integrity (continued)

23 Availability Systems must be always available to authorized users
Systems determines what a user can do with the information

24 Availability (continued)
Reasons for a system to become unavailable: External attacks and lack of system protection System failure with no disaster recovery strategy Overly stringent and obscure security policies Bad implementation of authentication processes

25 Information Security Architecture
Protects data and information produced from the data Model for protecting logical and physical assets Is the overall design of a company’s implementation of C.I.A. triangle

26 Information Security Architecture (continued)

27 Information Security Architecture (continued)
Components include: Policies and procedures Security personnel and administrators Detection equipments Security programs Monitoring equipment Monitoring applications Auditing procedures and tools

28 Database Security Enforce security at all database levels
Security access point: place where database security must be protected and applied Data requires highest level of protection; data access point must be small

29 Database Security (continued)

30 Database Security (continued)
Reducing access point size reduces security risks Security gaps: points at which security is missing Vulnerabilities: kinks in the system that can become threats Threat: security risk that can become a system breach

31 Database Security (continued)

32 Database Security (continued)

33 Database Security Levels
Relational database: collection of related data files Data file: collection of related tables Table: collection of related rows (records) Row: collection of related columns (fields)

34 Database Security Levels (continued)

35 Menaces to Databases Security vulnerability: a weakness in any information system component

36 Menaces to Databases (continued)

37 Menaces to Databases (continued)
Security threat: a security violation or attack that can happen any time because of a security vulnerability

38 Menaces to Databases (continued)

39 Menaces to Databases (continued)
Security risk: a known security gap intentionally left open

40 Menaces to Databases (continued)

41 Menaces to Databases (continued)

42 Asset Types and Their Value
Security measures are based on the value of each asset Types of assets include: Physical Logical Intangible Human

43 Security Methods

44 Security Methods (continued)

45 Database Security Methodology

46 Summary Security: level and degree of being free from danger and threats Database security: degree to which data is fully protected from unauthorized tampering Information systems: backbone of day-to-day company operations

47 Summary (continued) DBMS: programs to manage a database
C.I.A triangle: Confidentiality Integrity Availability Secure access points Security vulnerabilities, threats and risks

48 Summary (continued) Information security architecture
Model for protecting logical and physical assets Company’s implementation of a C.I.A. triangle Enforce security at all levels of the database

Download ppt "Security Architecture"

Similar presentations

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
Data Modeling and Database Design Chapter 1: Database Systems: Architecture and Components.

Data Modeling and Database Design Chapter 1: Database Systems: Architecture and Components.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Chapter 1 Security Architecture

Chapter 1 Security Architecture
Auditing Computer Systems

Auditing Computer Systems
Security Controls – What Works

Security Controls – What Works
Chapter 1 – Introduction

Chapter 1 – Introduction
Data - Information - Knowledge

Data - Information - Knowledge
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Systems Analysis and Design in a Changing World, 6th Edition

Systems Analysis and Design in a Changing World, 6th Edition
1 Chapter 2 Database Environment Transparencies © Pearson Education Limited 1995, 2005.

1 Chapter 2 Database Environment Transparencies © Pearson Education Limited 1995, 2005.
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.

Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
Data Management I DBMS Relational Systems. Overview u Introduction u DBMS –components –types u Relational Model –characteristics –implementation u Physical.

Data Management I DBMS Relational Systems. Overview u Introduction u DBMS –components –types u Relational Model –characteristics –implementation u Physical.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
Chapter 2 Database Environment Pearson Education © 2014.

Chapter 2 Database Environment Pearson Education © 2014.

Similar presentations

Ads by Google