Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

15.5 Consider the risk to “confidentiality of personnel information in a copy of

ID: 3765587 • Letter: 1

Question

15.5 Consider the risk to “confidentiality of personnel information in a copy of a database stored unencrypted on the laptop” from “theft of personal information, and its subsequent use in identity theft caused by the theft of the laptop,” as discussed in Problem 14.6. From the list shown in Table 15.3, select some suitable specific controls that could reduce this risk. Indicate which you believe would be most cost effective.

Textbook:

Computer Security
Principles and Practice
Third Edition
William Stallings
Lawrie Brown

Explanation / Answer

Answer :

Operating System File Permissions and Settings:

To ensure security is in place, OS file permissions and settings must be consistent with the organization’s overall database security policies.vulnerabilities in underlying operating systems have the potential to lead to unauthorized data access and corruption. If a company has locked down its database user passwords and access controls, but unintentionally grants read and write privileges on the database files in the OS.

Database Access and Privileges Controls :

On leveraging the query-level access controls available in native database security programs user access can be restricted. Unfortunately, the manual effort required to implement these controls can be daunting. However, tools are available to can make this a streamlined deployment via customized policies.

Best practices of security dictate that company grant the minimum privileges necessary for individuals to perform their required job functions. When users are granted database privileges that exceed these requirements, privileges may be used to gain access to confidential information.

Monitoring and Auditing Database Access :

Database management systems provide some level of native database auditing capabilities. However, due to performance degradation, native auditing is often disabled.Audit policies and technology represent risks in terms of compliance, detection,and recovery. If you do not audit the database, it is impossible to investigate changes or unauthorized activity, making it essential to enable some form of auditing.DBMS are vulnerable to privilege-related attacks from developers, who have the authority to disable native auditing. Companies should consider adding a third-party solution to augment native auditing capabilities.   These solutions can provide more speckle auditing capabilities with near-zero performance impact.

Systematic Installation of Marks

Proactive organizations must be aware of new patches, service packs and hot-fixes that contain bug fixes and security updates. Timely implementation of patches, bug fixes and vulnerability protection, especially on an organization’s most critical databases is essential to maintaining secure database systems.service packs and hot-fixes can significantly reduce risk. Best practices dictate that these patches should be tested prior to deployment and deployed at the first available opportunity.

Elimination of Password Vulnerabilities :

This is most prevalent security vulnerabilities is the presence of weak, default, or easily-guessed passwords.This risk is common, but fortunately, it can be quickly identified, and can be immediately corrected. Eliminating this commonly exploited risk can dramatically improve the security of your databases.For example

A poorly chosen password, or vendor default password that has not been changed, is one of the greatest security risks to a database.

After weak and default passwords have been changed, it remains important to monitor for attempts to crack the system.scripts and third-party tools are readily available to assist in the identification of potentially risky passwords and recommend changes. Repeated attempts, failed log-in attempts are often a precursor to an attack. Monitoring and alerting on such activity can aid in efforts to identify and stop an attack before data is compromised.

DbProtect provides a cost effective solution for providing database security process control through its powerful, scalable, and flexible software modules.

Related Questions

15.00 points Perfect Pet Collar Company makes custom leather pet collars. The co
Question #2546130
15.00 points Problem 6-7 Consider the following table: Stock Fund Bond Fund Prob
Question #3174755
15.00 points Verizox Company uses a job order cost system with manufacturing ove
Question #2609062
15.0g NH4Cl (ammonium chloride) salt is dissolved in 500.mL pure water. a) will
Question #731031
15.1 Assuing that only CaCO3 is produced, calculate the daily production rate (i
Question #1862600
15.1 Case in Point: Newell Rubbermaid Leverages Cost Controls to Grow Newell Com
Question #331315
15.1 a.Why is risk analysis so important to the capital budgeting process? b. De
Question #2779746
15.1.53 Question Help When a company advertises on the Internet, the company pay
Question #3056923
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
15.48 g of nickel sulfate (MM 154.75 g/mol) was dissolved in 100.00 mL of water.
Next
15.5 Exercis 317 3,3.2)(0,0,0)(4,4,0 FIGURE 15.6 Selten\'s honse, exercise 15.6

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.