5.1 Database Security Flashcards
What is Database Security?
A set of established standards, procedures, policies and tools used to protect the contents of our database from theft, intrusions misuse & attacks
What are the Database Security Objectives?
Confidentiality
Availability
Integrity
What types of data can be stolen from databases (theft of information)?
Personal data - who lives where
Bank account data
Business data
What needs to be considered in a risk assessment?
Risk assessments applies to database as well as other system areas but specifically look at:
What are the assets that need protection?
What costs would the threats occur?
Is the whole database vulnerable or a specific part?
What are the threats involved?
System crashes, resulting in loss of main memory
Media failures, resulting in loss of parts of secondary storage
Application software errors
Natural physical disasters
Carelessness or unintentional destruction of data or facilities
What needs to be considered in a threat assessment?
Threat impact may depend on a number of factors:
Whether or not alternative hardware & software can be used
When the last backups were taken
Time needed to restore the system
Whether or not the lost data can be recovered or recaptured
What should be considered with security levels?
Security needs should be identified & appropriate countermeasures taken
Balance between cost-effectiveness & usability & the need for secure environment
What is middleware?
Monitors external requests sent asking for access to the database & database environment’s response to these requests
What questions need to be considered for database users?
Who are they?
What do they need from the system?
What level of access are we going to give them?
How should Database Security Design be considered?
Design in security from the start:
Design the Security Protocols
Design the Security Procedures