Database Security Plan and Requirements Definition for a University Department
The database security plan and requirements definition were developed. The plan included, at the outset, the inclusion of major stakeholder at the University and described their roles in initiating, implementing, and maintaining the plan. Individuals responsible for daily and other periodic tasks were developed. A major consideration in planning the security was the policy that governs granting of access. The need-to-know, combined with the users' roles provided the guiding principles. Physical security, backing up of data and the periodic exercise of restoring data were not overlooked in the plan. Plans were set in place to ensure that attention was paid to the dynamic nature of the document since the security environment must continually change in order to discourage system attackers and to keep pace with the rapidly changing technology.
The Business Environment
We are an entrepreneurial business department in the faculty of engineering of a large accredited university. The entrepreneurial nature of this department derives from the newly established Internet-based Master's degree program that we were granted permission to launch. The staffing for this program includes four 'program directors', one 'assistant director', four 'full-time professors', one 'full time database administrator', one 'administrative assistant', and 'one clerical assistant' who handles admissions to the program. In addition, part-time instructors, part-time teaching assistants, part-time assistant data-base administrators are employed on a term-by term basis as the student-load dictates. Students must access printed and audio data, prepared by the instructors via the Internet and the specific website designed to accommodate their courses.
Objectives
The objectives of this security plan are (1) to conform as much as possible to the sound recommendations by Marlene Theriault and William Heney (1998) in their description of the development of an Oracle Database security plan, in Chapter seven, (2) to provide confidentiality, integrity and accessibility for the students' data in the database, for the instructors' lecture and examination documents also. The definitions of these terms are as outlined as follows (Ferrari, 2010)
Data secrecy or confidentiality prevents improper or unauthorized 'read' operations on the managed data. When data are related to personal information, the term privacy is used. However, it is important to note that protecting privacy requires some additional countermeasures with respect to those employed to ensure data confidentiality. Data integrity signifies protecting data from unauthorized or improper modifications or deletions.
Data availability signifies prevention and recovery from hardware and software errors due to malicious data can make the data or some of their portions unavailable to unauthorized users. These causes will be eliminated.
Network and Systems
The systems in use in the department are as follows:
1. Desktop computers and laptop computers are available for all professors and administrative staff.
2. Printers available for personal use by all staff in their individual offices.
3. A printer-fax combination for general use
4. A server, type Microsoft Windows linked by Ethernet cables
5. Database, Oracle 11g Enterprise Edition.
Part 1
1. The database security management will be the responsibility of a team led by the database administrator. Other members of the team include the program director, a senior database administrator form the Information Systems Department of the university, one instructor, and me as the chief security officer. The team approach in developing the security plan is recommended by Bond, Yeung-Kuen, Wong Chan (2007).
The team will meet weekly to discuss how to improve the security plan and to assess risk levels. The team will review the plan quarterly and make revisions as necessary in the light of new technology and changes in any regulations at the university or government level. The database security management will be the responsibility of the database administrator.
2. When a security breach is discovered, the administrator will make all attempts to trace the source of the breach using the 'Database Auditing and Intrusion Detection System'. The breach should be reported to the head of the Information Systems Department of the University. If individuals internal to the University are the cause of the breach, then a review of the Circumstance will be made and appropriate reprimands, or more severe punishment will be dealt according to the findings (Bond, Yeung-Kuen, Wong Chan, 2007).
3. The database administrator will be responsible for daily administration of the security policies, including the creation of access according to principle of "need-to-know" or sometimes referred as Separation of Duty. The separation of duty as a requirement such that "each set of user be assigned a specific set of responsibilities and only be permitted to execute transactions...
Database Security The focus of this study is that of database security. Databases and database technology are such that play critical roles in the use of computers whether it be in business, electronic commerce, engineering, medicine, genetics, law, education or other such entities requiring the use of computer technology. A database is quite simply a collection of data that is related such as a database containing customer information, supplier information, employee
Design criteria exist at the levels of the technical, system integration aspects of the database to other systems through XML. This integration is critically important to ensure that the applications created can be effectively used over time and not have any scalability issues. There is also the need for designing the databases at the presentation layer to provide for scalability and flexibility of being able to create applications relatively quickly
They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and
The management control area of authorize processing including certification and accreditation has been defined within Coyote Systems through the use of roles-based logins and access privileges and the use of certification of role-based access to ensure security. The company has found that through the use of role-based security authentication and the defining of rights by role, the certification and accreditation audits are far more efficient in being completed, and provide
SECURITY and PRIVACY - the following security and privacy requirements apply: The Office does not accept responsibility for the privacy, confidentiality or security of data or information not generated by this office or transmitted from external sources into the system. The Office does not accept responsibility for loss, corruption, misdirection or delays in transmission of personal data through the system. Users are responsible for the integrity of all data and
Even though there is always some form of a risk involved in the coding technique together with the deployment methods of a website, some technologies such as PHP and MySQL form some of the worst aggravators of online website security. The loopholes that exists in the use of these technologies results in some of the worst hack attacks and security breaches ever experienced in the field of web design. The
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now