Data Classification Threats and risks
Security
- Database security: degree to which data is fully protected from tampering or unauthorized acts
- Comprises information system and information security concepts
Information Systems
- Wise decisions require:
–Accurate and timely information
–Information integrity
- Information system: comprised of components working together to produce and generate accurate information
- Categorized based on usage
Components of information system are:
–Data
–Procedures
–Hardware
–Software
–Network
–People
Client/server architecture:
–Based on the business model
–Can be implemented as one-tier; two-tier; n-tier–
It Composed of three layers
Tier: physical or logical platform
Database management system (DBMS): collection of programs that manage database
Database Management
Success of information system essential are
DBMS functionalities:
– Organize data
– Store and retrieve data efficiently
–Manipulate data (update and delete)
–Enforce referential integrity and consistency
–Enforce and implement data security policies and procedures
–Back up, recover, and restore data
DBMS components are:
–Data
–Hardware
–Software
–Networks
–Procedures
–Database servers
Information Security
- one of an organization’s most valuable assets is information
- Information security: consists of procedures and measures taken to protect information systems components.
- C.I.A. triangle: confidentiality, integrity, availability
- Security policies must be balanced according to the C.I.A. triangle
Confidentiality
Addresses two aspects of security:
–Prevention of unauthorized access
–Information disclosure based on classification
Classify company information into levels:
–Each level has its own security measures
–Usually based on degree of confidentiality necessary to protect information
Integrity
Consistent and valid data, processed correctly, yields accurate information
Information has integrity if:
–It is accurate
–It has not been tampered with
Read consistency: each user sees only his changes and those committed by other users
Availability
Systems should be always available to authorized users
Systems determines what a user can do with the information
Reasons for a system to become unavailable:
- External attacks and lack of system protection
- System failure with no disaster recovery strategy
- Overly stringent and obscure security policies
- Bad implementation of authentication process