Scribd Logo
Upload

Welcome to Scribd!

  • Week 1A

    Uploaded by

    Kanna Rajasekhar
    28 views18 pages
    WEEK

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    WEEK

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    28 views18 pages

    Week 1A

    Uploaded by

    Kanna Rajasekhar
    WEEK

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 18

    WEEK 1:

    CMP 643 DATABASE SECURITY AND DATA


    PROTECTION

    Instructor: Dr. Nigel Basta

    OBJECTIVES
    When you complete this lesson, you will
    be able to:
    Define security
    Describe an information system and its
    components
    Define DBMS functionality
    Define database security
    List types of information assets and their values
    Describe security models

    WHAT IS SECURITY?
    Security is defined as the field of computer
    science concerned with the control of risks
    related to computer use.
    The security controls to meet this objective
    include:
    Attempt to create a trusted and secure computing
    platform, designed so that agents (users or programs) can
    only perform actions that have been allowed.
    This involves specifying and implementing a security
    policy.
    The actions in question can be reduced to operations of
    access, modification and deletion.

    INFORMATION SYSTEMS
    What is an information system and what are
    the associated components?
    An information system is the backbone of
    day-to-day operations that incorporates
    data which is processed by hardware and
    software components working together to
    generate accurate information.

    INFORMATION SYSTEM TYPES


    Transaction Processing Systems (TPSs)
    Used by lower-level management
    Decision Support Systems (DSSs)
    Used by middle-level management
    Expert Systems (ESs)
    Used by upper-level management

    INFORMATION SYSTEM
    COMPONENTS

    Data
    Procedures
    Hardware
    Software
    Network
    People

    INFORMATION SYSTEM
    CLIENT-SERVER ARCHITECTURE
    A Client-Server computer architecture, therefore, is
    a network in which clients use an interface from
    their PC or workstation to interact with a database,
    which is stored on a server.
    A server is a computer or process dedicated to
    managing disk drives, printers or network traffic.
    A client is a PC or workstation on which
    applications are run by users.

    INFORMATION SYSTEM
    CLIENT-SERVER TWO-TIER
    ARCHITECTURE
    The diagram below illustrates a two-tier client-server
    architecture. This means that user interface is stored
    on the clients and the database is stored on the
    server.
    Database

    INFORMATION SYSTEM -

    CLIENT-SERVER THREE-TIER
    ARCHITECTURE
    The diagram to below, illustrates a three-tier client-server network
    because of the middle tier servers.
    The client still runs an interface on their PC, but the functional
    modules that actually process data are located on the application
    servers (middle tier).
    The database server stores all of the data that is manipulated by the
    application servers.

    Database

    DBMS FUNCTIONALITY
    What is DBMS?
    A collection of programs that enables you to store, modify,
    and extract information from a database.

    Database Management Systems Common


    functionality
    Organize data in an orderly fashion
    Store and retrieve data efficiently
    Manipulate data
    Enforce data referential integrity and consistency.
    Enforce and implement data security policies and
    procedures on all database levels.
    Back up data in case of a failure and provide a mechanism
    to recover and restore data.

    10

    DATABASE SECURITY
    CIA TRIANGLE
    CIA Triangle
    Confidentiality
    Integrity
    Availability

    Information
    Security
    Integrity

    11

    DATABASE SECURITY
    INFORMATION SECURITY
    ARCHITECTURE
    ISA is a model for protecting logical and
    physical assets.
    This is an overall design of a companys
    implementation of the C.I.A. triangle.
    Confidentiality Integrity Availability

    Information Security Architecture

    Logical and Physical Assets

    12

    DATABASE SECURITY
    What is Database Security?
    Database security is defined as
    implementing and maintaining appropriate
    security and privacy mechanisms to ensure
    the confidentiality, integrity, and availability
    of the data stored in database and ensuring
    that all access points to the data are
    properly protected.

    13

    DATABASE SECURITY
    DATABASE SECURITY METHODOLOGY
    Database Security Methodology
    Security and privacy of a database must be incorporated
    at the very beginning.
    Security and privacy has been a part of the engineering
    solution, not an after thought.
    Incorporate security and privacy requirements early into the
    design process.

    14

    INFORMATION ASSETS
    Information Assets
    Physical Assets tangible assets
    Logical Assets logical aspects of an information system
    Intangible Assets business reputation, quality, and public
    confidence.
    Human Assets human skills, knowledge, and expertise.

    15

    INFORMATION ASSETS AND


    THEIR VALUES
    Information Assets
    Physical Assets tangible assets
    Logical Assets logical aspects of an information system
    Intangible Assets business reputation, quality, and public
    confidence.
    Human Assets human skills, knowledge, and expertise.

    16

    SECURITY METHODS
    Security Methods

    People
    Applications
    Network
    Operating System
    Database management System
    Data Files
    Data

    17

    SUMMARY

    Security
    Information System
    DBMS Functionality
    Database Security
    Information Assets
    Security Methods

    18

    You might also like