Data Classification Threats and risks

Security

  • Database security: degree to which data is fully protected from tampering or unauthorized acts
  • Comprises information system and information security concepts

Information Systems

  • Wise decisions require:

–Accurate and timely information

–Information integrity

  • Information system: comprised of components working together to produce and generate accurate information
  • Categorized based on usage

Components of information system are:

–Data

–Procedures

–Hardware

–Software

–Network

–People

Client/server architecture:

–Based on the business model

–Can be implemented as one-tier; two-tier; n-tier–

It Composed of three layers

Tier: physical or logical platform

Database management system (DBMS): collection of programs that manage database

Database Management

Success of information system essential are

DBMS functionalities:

– Organize data

– Store and retrieve data efficiently

–Manipulate data (update and delete)

–Enforce referential integrity and consistency

–Enforce and implement data security policies and procedures

–Back up, recover, and restore data

DBMS components are:

–Data

–Hardware

–Software

–Networks

–Procedures

–Database servers

Information Security

  1. one of an organization’s most valuable assets is information
  2. Information security: consists of procedures and measures taken to protect information systems components.
  3. C.I.A. triangle: confidentiality, integrity, availability
  4. Security policies must be balanced according to the C.I.A. triangle

Confidentiality

Addresses two aspects of security:

–Prevention of unauthorized access

–Information disclosure based on classification

Classify company information into levels:

–Each level has its own security measures

–Usually based on degree of confidentiality necessary to protect information

Integrity

Consistent and valid data, processed correctly, yields accurate information

Information has integrity if:

–It is accurate

–It has not been tampered with

Read consistency: each user sees only his changes and those committed by other users

Availability

Systems should be always available to authorized users

Systems determines what a user can do with the information

Reasons for a system to become unavailable:

  • External attacks and lack of system protection
  • System failure with no disaster recovery strategy
  • Overly stringent and obscure security policies
  • Bad implementation of authentication process