Data Security Challenges

Question 1

[Myth or Fact?]

Hackers cause most security breaches.

Answer 1

myth

Question 2

[Myth or Fact?]

Encryption is only one approach to securing data. Security also requires access control, data integrity, system availability and auditing.

Answer 2

Fact

Question 3

[Myth or Fact?]

Firewalls make your data secure.

Answer 3

Myth

Question 3

Your computers must be physically inaccessible to unauthorized
users. This means that you must keep them in a secure physical
Environment.

Answer 3

Physical

Question 4

The people responsible for system administration and data security at your site must be reliable. You may need to perform background checks on DBAs before making hiring decisions.

Answer 4

Personnel

Question 5

The procedures used in the operation of your system must assure reliable data.
One person might be responsible for
database backups. His/ her role is to be sure the database is up
and running.

Answer 5

Procedural

Question 6

Storage, access, manipulation, and transmission of data must be
safeguarded by technology that enforces your particular
information control policies

Answer 6

Technical

Question 7

Basic Security Standards (ung laging tatlo)

Answer 7

• Confidentiality
• Integrity
• Availability

Question 8

A secure system ensures the
confidentiality of data.
This means that it
allows individuals to see only the data which they are supposed to see.

Answer 8

Confidentiality

Question 9

Aspects of Confidentiality (4)

Answer 9

1. Privacy of Communication
   2, Secure Storage of Sensitive Data
2. Authenticated Users
3. Granular Access Control

Question 10

is the process by which a user’s identity is checked.

Answer 10

Authentication

Question 11

is the process by which the user’s privileges are ascertained.

Answer 11

Authorization

Question 12

is the process by which the user’s access to physical data in the application is limited, based on his privileges.

Answer 12

Access control

Question 13

A secure system ensures that the data it contains is valid.

Answer 13

Integrity

Question 14

means that data is protected from deletion and corruption, both while it resides within the database, and while it is being transmitted over the network.

Answer 14

Data integrity

Question 15

is the ability to maintain valid relationships between values in the database, according to rules that have been defined.

Answer 15

Referential integrity

Question 16

A secure system makes data available to authorized users, without delay.

Answer 16

Availability

Question 17

System Availability Aspects (4)

Answer 17

1. Resistance
2. Scalability
3. flexibility
4. ease of use

Question 18

Secure system must be designed to fend off situations, or deliberate attacks, which might put it out of commision.

Answer 18

Resistance

Question 19

System performance must remain adequate regardless of the number of users or processes demanding service.

Answer 19

Scalability

Question 20

Administrators must have adequate means of managing the user population.

Answer 20

Flexibility

Question 21

The security implementation itself must not diminish the ability of valid users to get their work done.

Answer 21

Ease of use

Question 22

The integrity and privacy of data are at risk from unauthorized users, external sources listening in on the network, and internal users giving away the store.

Answer 22

Availability

Question 23

Potential attacks (7)

Answer 23

1. Data Tampering
2. Eavesdropping and Data Theft
3. Falsifying User Identities
4. Password-Related Threats
5. Unauthorized Access to Tables and Columns
6. Unauthorized Access to Data Rows
7. Lack of Accountability