Premium Essay

Database Security Plan

In: Computers and Technology

Submitted By techjnky
Words 8566
Pages 35
CSS330-1404B-01: Database Security
Phase 5 IP: Auditing Policies
Database Security Project Plan
Reginald “Reggie” Lee
Colorado Technical University Online
Professor Anita Arceneaux
December 22, 2014

Figure 1: (Microsoft.com, 2014)

Table of Contents
Database Security Architecture 3 Differences between a database and a DBMS 3 Types of database designs 4 Network Infrastructure for Database Security 5 Common Security Threats for Database Servers: 6 Additional Security Mechanisms for Protecting Database Server 9
User Account Security 11 1. New Schema for HR Database 11 2. Corporate Directory & Manager Information Views: 12 3. Created Users: 14 4. Created Roles: 15 5. Implemented the Following Access Control List using SQL: 15 6. Implementation and Utilization of Roles: 16 7. HR Database SQL 16
Database Vulnerabilities 29
Auditing Techniques 47 Example database Trigger 50 Creating and Implementing a Database Audit 50 Access Reports 61 Logon Activity History 63 Complete Audit Trail 65 DML History 67
Auditing Policies 69
SQL Server 2014 Audit Report Generation 78

Database Security Architecture
Differences between a database and a DBMS
When discussing the database management systems (DBMS) and databases, the lines can become blurred between the two. Many people consider a DBMS and a database to be one in the same. However, nothing could be further from the truth as they are two separate distinct entities that server specific purposes. To further expound on this premise, a database management system or DBMS, and sometimes called a database manager, is a software application that is used for creating one or more databases. It allows for the user access and manages request from database users or from other programs. This frees the users or other programs from having to keep up with where the data is

Similar Documents

Premium Essay

Database

...IST 792 paper 2 Database security is a growing concern evidenced by an increase in the number of reported incidencets of loss of unauthorized exposure to sensitive data. As the amount of data collected, retained, and shared electronically expands, so does the need to understand database security. (Murray, 2010) Database security concerns the use of a broad range of information security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links) against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security,information security and risk management. Security risks to database systems include, for example: * Unauthorized or unintended activity or misuse by authorized database users, database administrators, or network/systems managers, or by unauthorized users or hackers (e.g. inappropriate access to sensitive data, metadata or functions within databases, or inappropriate changes to the database programs, structures or security configurations); * Malware infections causing incidents such as unauthorized access, leakage or disclosure of personal or proprietary data, deletion of or damage to the data or programs, interruption or denial of...

Words: 524 - Pages: 3

Free Essay

Database Migration Project

...Human Resources Data Migration Project Implementation Plan Human Resources Data Migration Project Implementation Plan Project Group 1: Information Technology Group March 4, 2013 Project Group 1: Information Technology Group March 4, 2013 VERSION HISTORY Version # | ImplementedBy | RevisionDate | RequestedBy | ApprovedBy | Description of Change | 1.0 | student | 03-04-2013 | | | Preliminary draft | | | | | | | | | | | | | | | | | | | Table of Contents 1.1 Purpose 4 1.2 System Overview 4 1.2.1 System Description 4 1.2.2 Assumptions and Constraints 4 1.2.3 System Organization 5 2 Management Overview 5 2.1 Problem Statement 5 2.2 Description of Implementation 6 2.3 Points-of-Contact 6 2.4 Major Tasks 7 2.4.1 Project Tasks 7 2.4.2 MS Access to Oracle Tasks 7 2.4.3 Oracle to Mongo Tasks 7 2.5 Implementation Schedule 8 2.6 Security and Privacy 8 2.6.1 System Security Features 8 2.6.2 Security Set Up During Implementation 8 3 Implementation Support 8 3.1 Hardware, Software, Facilities, and Materials 9 3.1.1 Hardware 9 3.1.2 Software 9 3.1.3 Facility 9 3.1.4 Materials 9 3.2 Documentation 9 3.3 Personnel 9 3.3.1 Staffing Requirements 9 3.3.2 Training of Implementation staff 9 3.4 Outstanding Issues 10 3.5 Implementation Impact 10 3.6 Communications Plan 10 3.7 Change Management 12 4 Implementation Risks and Contingencies 13 4.1 Technical Risks and Contingencies 13 5 Acceptance Criteria 14 ...

Words: 4932 - Pages: 20

Premium Essay

Enterprise Security Plan Cmgt/430

...Enterprise Security Plan CMGT/430 Enterprise Security Plan This Enterprise Security Plan (ESP) for Riordan Manufacturing employees the levels of security required to protect the network and resources utilized to communicate. It is intended purpose is to formulate a means to counterattack against security risk from potential threat. The ESP servers as a way to identify risks and to ensure a contingency plan is in place to protect the availability, integrity, and confidentiality of the Riordan organization's information technology (IT) system. The ESP benefits all employees however it is most beneficial to information resource managers, computer security officials, and administrators as it is a good tool to use for establishing computer security policies. The ESP in its basic form is a systematic approach to addressing the company’s network, its capability, the threats it is susceptible to and a mitigation strategy that addresses those threats if and should they occur. In addition to addressing the threats the ESP will also make provisions for establishing contingency plans in case of a disaster. The information covered by this plan includes all information systems, IT resources, and networks throughout the Riordan global organization owned or operated by employees in the performance of their job duties, whether written, oral, or electronic. Further it establishes an effective set of security policies and controls required to identify and mitigate vulnerabilities that...

Words: 2085 - Pages: 9

Premium Essay

Its410 Portfolio

...As Director of Technology for RUNVUS it has come to my attention that a new company wide database system needs to be implemented. We are currently running a Microsoft Access database system in each department however these databases are not able to communicate with each other and the IT department has no solution in place for database maintenance and backup. It is my recommendation that the company move to a more secure, robust, centralized database server company wide. The database system recommended is Microsoft SQL Server 2005 for its ability to be a central database to handle, customer information, widget inventory, company payroll, and other sensitive data. Our current process requires users to open separate databases to retrieve information or call other users to obtain information out of another database. This current setup is not only inefficient it is also not secure and provides not backup for disaster recovery. I have created a comprehensive plan that will outline all of the requirements for upgrading our systems to Microsoft SQL Server 2005. The following will be addressed: * Installation requirements for SQL Server 2005 * Databases being used * Data types needed * Database Objects * Mail * Security * Database Protection * Availability * Maintenance and monitoring The first step in transitioning over to a Microsoft SQL Server 2005 system will be to prepare our server systems and make sure they meet the minimum requirements...

Words: 4256 - Pages: 18

Premium Essay

Security Policy & Standard, Task 2

...Health Body Wellness Center Information Security Management System (ISMS) File:FYT2_Task2 Health Body Wellness Center (HBWC) promotes medical research, evaluation, and sharing of information between health care professionals. The HBWC’s Office of Grants Giveaway (OGG) provides for the distribution of federally supported medical grants. OGG uses a Microsoft Access database program called Small Hospital Tracking System (SHGTS) to manage the medical grant distribution process. A risk assessment of SHGTS was conducted to evaluate vulnerabilities and establish a baseline of potential threats. This document will outline an ISMS plan for HBWC and provide recommendation of additional steps needed to implement and maintain this plan. Use of the ISO 27000 series certification process will provide a framework for the ISMS. The Plan-Do-Check-Act (PDCA) model provides a step-by-step process for planning, implementing, and management of the ISMS plan. The ISMS outline, network drawing, and additional recommended steps will be discussed below. A1. Business Objectives The first step of any ISMS is the identification of the business objects that need to be included in the planning and maintenance of an organization. Listed below are HBWC’s major objects to be considered when developing ISMS. (Arnason, S, & Willett, K.D, 2008) Staff: Basic users, RAS users, Administrators, Executives, and Database Administrators roles, access levels, and responsibility should be defined. Facilities: ...

Words: 1741 - Pages: 7

Premium Essay

Benefit Election System

...insurance options for non-represented employees. Huffman Trucking has decided to move to a flex plan with several options the employees can select (K Colbert, Memo, March 22, 2004). To make this a smooth transition to the new benefit plan, Colbert is directing the development and installation of a benefit election system to support the tracking and reporting of employee (union and non-union) benefits (Apollo Group Inc., 2011). With the new benefit system coming online brings new security requirements and possible risks that must be addressed. This document will list some of those security requirements and risks of the Benefits Election System of the company. Paper Risks and Security Requirements Huffman Trucking is a national transportation company with 1,400 employees working in logistical hubs across the United States. The human resources department currently maintains several tracking mechanisms for its employee information. The company has an HRIS system that was developed in-house that maintains a database of personal information. One of the company’s managers also maintains an Excel spreadsheet for individual compensation decisions and surveys. With the recommendation to convert the Excel spreadsheet to a database system, it is a wise choice to integrate the paper data into the already made HRIS system database. In either case, there is a need to provide planning and security for the system. To address the one possibility of integrating the Excel spreadsheet into...

Words: 1290 - Pages: 6

Free Essay

Riordan Web Based Plan

...Riordan Manufacturing has asked our firm, LTB and Associates, to develop a web-based plan to be used as a Business-to-Business web site in order to purchase materials from their vendors. We have examined Riordan’s products and business systems, interviewed Riordan’s employees, and have determined the best course of action to implement the plan. Riordan Manufacturing is a plastics manufacturer based in several locations across the world. With three plants based in the continental US, which are located in Albany, Georgia; Pontiac Michigan; and in San Jose, California, which is the company headquarters. A fourth plant is located in Hangzhou, China will not be part of the plan as they purchase materials locally. This where we explain how the database will be set up. Refer to the ERD, Sequence diagram, Use Case diagram, and Class Diagram that followThe following paragraphs will describe the considerations that Riordan Manufacturing will need to make in implementing the database plan. Where ever it is possible to for our firm to do so, LTB and Associates will make a recommendation on the choice to make. In order to implement the database properly, these recommendations should be implemented in order to offer the tightest amount of security that will be possible. Type of Online ProcessingRiordan Manufacturing will need to decide between real-time asynchronous processing and batch processing. Real-time asynchronous processing is applicable when the processing must be performed...

Words: 2477 - Pages: 10

Premium Essay

Lab 24 Science

...and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting...

Words: 426 - Pages: 2

Premium Essay

Health Body Wellness Center

...Body Wellness Center Information Security Management System (ISMS) File:FYT2_Task2 By Thomas A. Groshong Sr Page   Health Body Wellness Center (HBWC) promotes medical research, evaluation, and sharing of information between health care professionals . The HBWC’s Office of Grants Giveaway (OGG)  provides for the distribution of federally supported medical grants. OGG uses a Microsoft Access database program called Small Hospital Tracking System (SHGTS) to manage the medical grant distribution process. A risk assessment of SHGTS was conducted to evaluate vulnerabilities and establish a baseline of potential threats. This document will outline an ISMS plan for HBWC and provide recommendation of additional steps needed to implement and maintain this plan. Use of the ISO 27000 series certification process will provide a framework for the ISMS. The Plan-Do-Check-Act (PDCA) model provides a step-by-step process for planning, implementing, and management of the ISMS plan. The ISMS outline, network drawing, and additional recommended steps will be discussed below. A1. Business Objectives The first step of any ISMS is the identification of the business objects that need to be included in the planning and maintenance of an organization. Listed below are HBWC’s major objects to be considered when developing ISMS. ( Arnason, S, & Willett, K.D, 2008)      Staff:  Basic users, RAS users, Administrators, Executives, and Database Administrators roles, access levels...

Words: 1760 - Pages: 8

Premium Essay

Software Implementation Plan

...Implementation Plan OVERVIEW The Implementation Plan describes how the information system will be deployed, installed and transitioned into an operational system. The plan contains an overview of the system, a brief description of the major tasks involved in the implementation, the overall resources needed to support the implementation effort (such as hardware, software. facilities, materials, and personnel), and any site-specific implementation requirements. The plan is developed during the Design Phase and is updated during the Development Phase; the final version is provided in the Integration and Test Phase and is used for guidance during the Implementation Phase. The outline shows the structure of the Implementation Plan. INTRODUCTION This section provides an overview of the information system and includes any additional information that may be appropriate. 1 Purpose This section describes tile purpose of the Implementation Plan. Reference the system name and identify information about the system to be implemented. 2 System Overview This section provides a brief overview of the system to be implemented, including a description of the system and its organization. 1 System Description This section provides an overview of the processes the system is intended to support. If the system is a database or an information system, provide a general discussion of the description of the type of data maintained and the operational sources and uses of...

Words: 2228 - Pages: 9

Premium Essay

Securing Sql Server

...Recovery is one of the most prioritized tasks a data base team may face. Given that the creating a data base is in itself the major goal, protecting that data base should a disaster befall it is as important. There are numerous ways to do this. This paper deals with the best practices of how to accomplish this. The first thing should be to make a backup plan. This should: 1. A computer where the backup will be stored 2. What programs that will be used to back up the database 3, The computers to be backed up 4. A schedule of when to backup new data to the data base 5. The offsite location where the data base recovery data will be stored The second practice is to document all the changes that are made to the database. These include service packs, hot fixes and QFEs that have been applied. This is crucial for getting a data base restored to its original state should a disaster occur. These steps should be implemented to help prevent or minimize the effects of a disaster: * Have software and firmware make updates readily available * Have copied of all software on disks readily available and securely kept * Make a plan to monitor all the servers used actively. This is very important because a failure on the primary host may not be recovered for up to 10 minutes from the backup server * Maintain hardware records and...

Words: 1274 - Pages: 6

Premium Essay

Dbm 502 Expert Tutor/ Indigohelp

...DBM 502 Entire Course For more classes visit www.indigohelp.com DBM 502 Individual Assignment: Implementing an Enterprise DBMS DBM 502 Individual Assignment: Comparing Database Software PART 2 OF 2 DBM 502 Individual Assignment: Comparing Database Software PART 1 OF 2 DBM 502 Individual Assignment: Data Dictionary DBM 502 Individual Assignment: Database Security DBM 502 Learning Team Assignment: DBMS Implementation Plan ………………………………………………… DBM 502 Individual Assignment Comparing Database Software PART 1 OF 2 For more classes visit www.indigohelp.com Individual Assignment: Comparing Database Software Create a list of criteria that can be used to compare database software. Create a table that uses the list of criteria to compare and contrast Microsoft® Access, SQL, DB2, and Oracle®. Write a 2- to 3-page paper that discusses Refer to “Standards for Written Work” and “Standards•your results. for Presentations” in your Program Handbook, which can be accessed through the student Web site. ………………………………………………… DBM 502 Individual Assignment Comparing Database Software PART 2 OF 2 For more classes visit www.indigohelp.com Individual Assignment: Comparing Database Software Create a list of criteria that can be used to compare database software. Create a table that uses the list of criteria to compare and contrast Microsoft® Access, SQL, DB2, and Oracle®. Write a 2- to 3-page paper that discusses your results. Refer to “Standards for Written Work...

Words: 537 - Pages: 3

Premium Essay

Impl

...Implementation Plan OVERVIEW The Implementation Plan describes how the information system will be deployed, installed and transitioned into an operational system. The plan contains an overview of the system, a brief description of the major tasks involved in the implementation, the overall resources needed to support the implementation effort (such as hardware, software. facilities, materials, and personnel), and any site-specific implementation requirements. The plan is developed during the Design Phase and is updated during the Development Phase; the final version is provided in the Integration and Test Phase and is used for guidance during the Implementation Phase. The outline shows the structure of the Implementation Plan. INTRODUCTION This section provides an overview of the information system and includes any additional information that may be appropriate. 1 Purpose This section describes tile purpose of the Implementation Plan. Reference the system name and identify information about the system to be implemented. 2 System Overview This section provides a brief overview of the system to be implemented, including a description of the system and its organization. 1 System Description This section provides an overview of the processes the system is intended to support. If the system is a database or an information system, provide a general discussion of the description of the type of data maintained and the operational sources...

Words: 2227 - Pages: 9

Premium Essay

Dbm 502 Learning Consultant / Tutorialrank.Com

...www.tutorialrank.com DBM 502 Individual Assignment: Implementing an Enterprise DBMS DBM 502 Individual Assignment: Comparing Database Software PART 2 OF 2 DBM 502 Individual Assignment: Comparing Database Software PART 1 OF 2 DBM 502 Individual Assignment: Data Dictionary DBM 502 Individual Assignment: Database Security DBM 502 Learning Team Assignment: DBMS Implementation Plan ---------------------------------------------------------------------------- DBM 502 Individual Assignment: Comparing Database Software PART 1 OF 2 (UOP) For more course tutorials visit www.tutorialrank.com Individual Assignment: Comparing Database Software Create a list of criteria that can be used to compare database software. Create a table that uses the list of criteria to compare and contrast Microsoft® Access, SQL, DB2, and Oracle®. Write a 2- to 3-page paper that discusses Refer to “Standards for Written Work” and “Standards•your results. for Presentations” in your Program Handbook, which can be accessed through the student Web site. ------------------------------------------------------------------- DBM 502 Individual Assignment: Comparing Database Software PART 2 OF 2 (UOP) For more course tutorials visit www.tutorialrank.com Individual Assignment: Comparing Database Software Create a list of criteria that can be used to compare database software. Create a table that uses the list of criteria to compare and contrast Microsoft® Access, SQL, DB2, and Oracle®. Write...

Words: 548 - Pages: 3

Premium Essay

Nt1330 Unit 1 Assignment 1

...United States 38 2. Figure 2 Shows the average salary for different DBMS jobs 39 Introduction Since decades, database management has had a prominent position in the field of IT. It mainly deals with the maintenance and operation of the databases of business services. Currently I have enrolled in master’s program in information assurance which is the combination of business assurance and information technology. It covers the core topics like networking, database management and security of systems for business organizations. I am strongly determined to work as a database administrator for an organization. A database is...

Words: 1799 - Pages: 8