User Account

All Pages

Develop a database security policy

Assignment Help Database Management System
Reference no: EM13803773

You are to develop a database security policy for a small organization that collects and analyzes evaluation data for a variety of non-governmental organizations. The collected data includes both anonymous data and personally identifiable information such as names, dates of birth and social security numbers. Each employee is assigned to a certain number of evaluations. Employees access the data through desktop applications and/or intranet web applications while clients have restricted access to their data through another web application accessible through the Internet.

Guidelines

• A security policy describes what it means for an organization to be secure.
• A security policy is an agreed upon document that executive management uses to communicate its security goals and objectives. Thus, the language should be appropriate for all employees.
• A security policy generally stems from an asset inventory phase, in which the organization's assets are identified and evaluated, followed by a risk assessment phase, in which threats targeting those assets are evaluated. The security policy describes what the organization needs to secure, specifies the level of security that is needed and elaborates a strategy on how the assets will be protected.
• The goal of such a policy is generally to protect valuable and/or confidential information from unauthorized access, but also to limit legal liability and prevent waste or inappropriate use of organization resources. Phrases such as "must", "should", or "will" are used to establish baseline expectations for behavior by employees and to authorize audits and monitoring.
• The security policy is composed from high-level statements that describe a secure state for the organization assets. A security policy does not include best practices or recommendations, so details about how to implement the policy are typically included into supporting documents (standards and procedures)

• A security policy typically includes:

o Scope (1 paragraph)

o Goals (1 paragraph)

o Information classification (1-2 paragraphs)

o Actual requirements: as an itemized list. Specifically, database policy statements could address:
- Roles and responsibilities: Roles at the organization level could include application developer, database user, database administrator, database owner, application owner etc. Responsibilities should be designated.

- Database access types

- Authentication and authorization - a password policy should be defined or referenced

- Use of encryption (files, data in transit, backup files), managing encryption keys

- Backups and recovery (weekend or weekdays, on-line or off-line, incremental or full, etc.)

- Audits (auditor, frequency of audits, what is audited)

- Use of multi level security

- Use virtual private databases

- Database servers hardening (firewall/intrusion detection system, secure configuration, patch management, vulnerability assessment)

- Change management (ensure privileged accounts are documented, administered, monitored, and reviewed)

Reference no: EM13803773

Questions Cloud

Describe the meaning of multiculturalism : Describe the meaning of multiculturalism
Investigate a new type of technology : Write a 700 word paper in which you investigate a new type of technology and describe how it currently affects the print media industry.
Examine some of the most serious challenges facing : Examine some of the most serious challenges facing the state in which you reside or a state which you are familiar with. Visit the Pew Center on the States' webpage titled Stateline Headlines.
Describe how you would initiate the project : Describe how you would initiate the project. Create a project plan for moving the data center, considering the budget and time constraints. Develop an inclusive plan that incorporates the five (5) process areas and nine (9) knowledge areas of the PMB..
Develop a database security policy : Develop a database security policy for a small organization that collects and analyzes evaluation data for a variety of non-governmental organizations - security policy describes what it means for an organization to be secure.
Human socialization process : Human Socialization Process
Determine how the roles and functions of police chiefs : Examine the contemporary nature of the police chiefs and sherriffs duties in middlesex county to determine what qualifications they possessed in order to attain their present positions
Explain what can the congress do to address the issue : What can the Congress do to address this issue. Do you think the government has done enough to date
Write a paper about essay how and why to stop multitasking : Write a review paper about the essay "How (and Why) to Stop Multitasking" by Peter Bregman and "In Defense of Multitasking" by David Silverman.

Reviews

Write a Review

Database Management System Questions & Answers

  Activity-based costing to assign overhead costs to products

How much overhead cost would be assigned to each of the two products using the company's activity-based costing system

  Which management used to evaluate oracle database offerings

What were the important business factors which management used to evaluate Oracle's database offerings

  1identify and discuss the serious data redundancy problems

1.identify and discuss the serious data redundancy problems exhibited by the file structure shown in figure.2.looking

  What qualitative conclusions would you draw about efficacy

Focus on quantitative data. Based on the statistical data gleaned from the readings what qualitative conclusions would you draw about the efficacy of the many aspects of differentiated parent support?

  Potential sales and department store transactions

Identify the potential sales and department store transactions that can be stored within the database and design a database solution and the potential business rules that could be used to house the sales transactions of the department store.

  What basic steps are required for analyzing data

What basic steps are required for analyzing data using Microsoft® Access®? How could these steps help you diagnose and troubleshoot Microsoft® Access® errors?

  Create a sequence and a communication diagram

Create a sequence and a communication diagram for each scenario of each use case identified in the functional model. Create a behavioral state machine for each of the complex classes in the class diagram

  Web server vulnerabilities

Describe at least three web server vulnerabilities and how they are typically exploited. Provide unique answers here, posting early will help.

  Implement the pays auditing model

You have decided to push the envelope and implement the pays auditing model. Provide a step-by-step summary for imple¬menting this model.

  Show the database development processes

Assume you were a newly hired IT Security Manager at a software development company that in the past hasn't paid much attention to security, especially in its database development processes.

  Brief summary of fortunes and misfortunes

Using a search engine of your own choosing, investigate Volkswagen's performance over the past two years. Write a brief summary of their fortunes and misfortunes.

  Execution of the SQL commands - Create Tables using SQL DDL

The appropriate SQL command which should be copied from your source code in MySQL and resultant tables, which must be screenshots to show the change due to the execution of the SQL commands

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd