C M P 6 4 3 D A T A B A S E S E C U R I T Y A N D D A T A P R O T E C T I O N

WEEK 1:

Instructor: Dr. Nigel Basta

2

OBJECTIVES

• When you complete this lesson, you will be able to:• Define security• Describe an information system and its

components• Define DBMS functionality• Define database security• List types of information assets and their values• Describe security models

3

WHAT IS SECURITY?

• Security is defined as the field of computer science concerned with the control of risks related to computer use.• The security controls to meet this objective

include:• Attempt to create a trusted and secure computing

platform, designed so that agents (users or programs) can only perform actions that have been allowed.

• This involves specifying and implementing a security policy.

• The actions in question can be reduced to operations of access, modification and deletion.

4

INFORMATION SYSTEMS

• What is an information system and what are the associated components?

• An information system is the backbone of day-to-day operations that incorporates data which is processed by hardware and software components working together to generate accurate information.

5

INFORMATION SYSTEM TYPES

• Transaction Processing Systems (TPSs)• Used by lower-level management

• Decision Support Systems (DSSs)• Used by middle-level management

• Expert Systems (ESs)• Used by upper-level management

6

INFORMATION SYSTEM COMPONENTS

• Data• Procedures• Hardware• Software• Network• People

7

INFORMATION SYSTEM CLIENT-SERVER ARCHITECTURE

• A Client-Server computer architecture, therefore, is a network in which clients use an interface from their PC or workstation to interact with a database, which is stored on a server. • A server is a computer or process dedicated to

managing disk drives, printers or network traffic.• A client is a PC or workstation on which

applications are run by users.

8

INFORMATION SYSTEM CLIENT-SERVER TWO-TIER

ARCHITECTURE• The diagram below illustrates a two-tier client-server

architecture. This means that user interface is stored on the clients and the database is stored on the server.

Database

9

INFORMATION SYSTEM -CLIENT-SERVER THREE-TIER

ARCHITECTURE

• The diagram to below, illustrates a three-tier client-server network because of the middle tier servers.

• The client still runs an interface on their PC, but the functional modules that actually process data are located on the application servers (middle tier).

• The database server stores all of the data that is manipulated by the application servers.

Database

10

DBMS FUNCTIONALITY

• What is DBMS?• A collection of programs that enables you to store, modify,

and extract information from a database. • Database Management Systems Common

functionality • Organize data in an orderly fashion• Store and retrieve data efficiently• Manipulate data• Enforce data referential integrity and consistency.• Enforce and implement data security policies and

procedures on all database levels.• Back up data in case of a failure and provide a mechanism

to recover and restore data.

11

DATABASE SECURITY CIA TRIANGLE

• CIA Triangle• Confidentiality• Integrity• Availability

Information Security

Integrity

12

DATABASE SECURITY INFORMATION SECURITY

ARCHITECTURE• ISA is a model for protecting logical and

physical assets. • This is an overall design of a company’s

implementation of the C.I.A. triangle.

Confidentiality Integrity Availability

Information Security Architecture

Logical and Physical Assets

13

DATABASE SECURITY

• What is Database Security? • Database security is defined as

implementing and maintaining appropriate security and privacy mechanisms to ensure the confidentiality, integrity, and availability of the data stored in database and ensuring that all access points to the data are properly protected.

14

DATABASE SECURITYDATABASE SECURITY METHODOLOGY

• Database Security Methodology• Security and privacy of a database must be incorporated

at the very beginning.• Security and privacy has been a part of the engineering

solution, not an after thought.• Incorporate security and privacy requirements early into the

design process.

15

INFORMATION ASSETS

• Information Assets • Physical Assets – tangible assets• Logical Assets – logical aspects of an information system• Intangible Assets – business reputation, quality, and public

confidence.• Human Assets – human skills, knowledge, and expertise.

16

INFORMATION ASSETS AND THEIR VALUES

• Information Assets • Physical Assets – tangible assets• Logical Assets – logical aspects of an information system• Intangible Assets – business reputation, quality, and public

confidence.• Human Assets – human skills, knowledge, and expertise.

17

SECURITY METHODS

• Security Methods• People• Applications• Network• Operating System• Database management System• Data Files• Data

18

SUMMARY

• Security• Information System• DBMS Functionality• Database Security• Information Assets• Security Methods