We should use technology to ensure a secure computing environment for the organization. Although it is not possible to find a technological solution for all problems, most of the security issues could be resolved using appropriate technology.
Confidentiality
A secure system ensures the confidentiality of data. This means that it allows individuals to see only the data that they are supposed to see.
Privacy of Communications
The DBMS should be capable of controlling the spread of confidential personal Information such as health, employment, and credit records. It should also keep the corporate data such as trade secrets, proprietary information about products and processes, competitive analyses, as well as marketing and sales plans secure and away from the unauthorized people.
Secure Storage of Sensitive Data
Once confidential data has been entered, its integrity and privacy must be protected on the databases and servers wherein it resides.
Authenticated Users
Authentication is a way of implementing decisions about whom to trust. Authentication methods seek to guarantee the identity of system users: that a person is who he says he is, and not an impostor.
Granular Access Control
How much data should a particular user see? Access control is the ability to hide portions of the database, so that access to the data does not become an all-or-nothing proposition. A clerk in the HR department might need some access to the EMPLOYEE table-but he should not be permitted to access salary information for the entire company! The granularity of access control is the degree to which data access can be differentiated for particular tables, views, rows, and columns of a database.
Note the distinction between authentication, authorization, and access control. Authentication is the process by which a user's identity is checked. When a user is authenticated, he is verified as an authorized user of an application. Authorization is the process by which the user's privileges are ascertained. Access control is the process by which the user's access to physical data in the application is limited, based on his privileges.
Integrity
A secure system ensures that the data it contains is valid. Data integrity means that data is protected from deletion and corruption, both while it resides within the database, and while it is being transmitted over the network.
Availability
A secure system makes data available to authorized users, without delay. Denial-of-service attacks are attempts to block authorized users' ability to access and use the system when needed.
No comments:
Post a Comment