The Association of Digital Forensics, Security and Law (ADFSL)
Database security has evolved; data security professionals have developed numerous techniques and approaches to assure data confidentiality, integrity, and availability. This paper will show that the Traditional Database Security, which has focused primarily on creating user accounts and managing user privileges to database objects are not enough to protect data confidentiality, integrity, and availability. This paper is a compilation of different journals, articles and classroom discussions will focus on unifying the process of securing data or information whether it is in use, in storage or being transmitted. Promoting a change in Database Curriculum Development trends may also play a role in helping secure databases. This paper will take the approach that if one make a conscientious effort to unifying the Database Security process, which includes Database Management System (DBMS) selection process, following regulatory compliances, analyzing and learning from the mistakes of others, Implementing Networking Security Technologies, and Securing the Database, may prevent database breach.
Federal Trade Commission (FTC). (2004). National and State Trends in Fraud & Identity Theft January -December 2003. Retrieved March 28, 2007 from http://www.consumer.gov/idtheft/pdf/clearinghouse_2003.pdf
E-government in New Zealand. (2007). Appendix E - Glossary of Terms: Chapter15.html - SQL Injection. http://www.e.govt.nz/ retrieved April 4, 2007 from http://www.e.govt.nz/services/authentication/library/docs/authenticationbpf/chapter15.html/view?searchterm=SQL%20injection
MSDN Library. (2007). SQL Server 2005 Books Online: Strong Passwords. Retrieved March 30, 2007 from http://msdn2.microsoft.com/enus/library/ms161962.aspx
Netproject. (2007). G. Glossary. Proxy Server. Retrieved April 5, 2007 from http://www.netproject.com/docs/migoss/v1.0/glossary.html
PCI Security Standards Council. (2007). About The PCI Data Security Standard (PCI DSS). https://www.pcisecuritystandards.org/tech/
Solix, (2007). About Us. Retrieved March 30, 2007 from http://www.solix.com/company_overview.htm
Technical Corner. (2007). Stored Procedure Security. Retrieved April 4, 2007 from http://www.oracle.com/technology/products/rdb/pdf/stored_procedure_sec urity.pdf
Wikipedia, (2007). Database security. Retrieved from Wikipedia, the free encyclopedia. http://en.wikipedia.org/wiki/Database_security from
VeriSign. (2007). About VeriSign. Retrieved March 30, 2007 from http://www.verisign.com/verisign-inc/index.html
Andress, M. (2006). NetIQ suite tops test of security compliance wares. Retrieved March 30, 2007 from Network World Magazine. http://findarticles.com/p/articles/mi_qa3649/is_200606/ai_n17171660
Bertino, E. Sandu, R. (2005). Database Security-Concepts, Approaches, and Challenges. IEEE Transactions on Dependable and Secure Computing. Washington: Jan-Mar 2005. Vol. 2, Iss. 1; p. 2. Retrieved March 28, 2007 from ProQuest® Smart Search. http://proxy.kennesaw.edu:2057/pqdweb
Bishop, J.F, T. Warren, J. (2005). Identity Theft: The Next Corporate Liability Wave? The Corporate Counselor March 30, 2005. Retrieved, March 29, 2007, from Corporate Counsel Magazine, http://www.law.com/jsp/cc/pubarticleCC.jsp?id=1112090711870
Brodkin, J. (2007) TJX breach: Rethinking corp. security. Retrieved April 5, 2007 from Network World magazine, April 2, 2007. Vol24, Num13. www.networkworld.com.
Connor, D. (2006). Solix adds security features: Archiving software guards data via masking or encryption. Retrieved March 29, 2007 from Network World magazine, 08/14/06 http://www.networkworld.com/news/2006/081406-solix-archiving.html
Dubie, D. (2006). CA offers free database mgmt. tool. Retrieved March 28, 2007 from NetworkWorld magazine, April 24, 2006. Vol23, Num16. www.networkwold.com. http://www.networkworld.com/news/2006/042406-ca databasemanagement.html
Dubie, D. (2006). Managing risk: new reality for IT security executives. Retrieved March 28, 2007 from NetworkWorld, September 11, 2006. Vol23, Num16. ww.networkwold.com.
Guimaraes, M. (2006). New Challenges in Teaching Database Security. Retrieved March 30, 2007 from The ACM Digital Library. http://proxy.kennesaw.edu:2230/10.1145/1240000/1231060/p64- Guimaraes.pdf?key1=1231060&key2=4419225711&coll=ACM&dl=ACM &CFID=18658173&CFTOKEN=67659094
Messmer, E. (2007). UPDATE--TJX data theft called largest ever: 45.7M credit card numbers Security breach detailed in financial filing. Retrieved March 30, 2007 from NetworkWorld, September 11, 2006. Vol23, Num35. www.networkworld.com. http://www.networkworld.com/news/2007/032907-tjx-data-theftlargest.html?page=1
Messmer, E. (2006). VeriSign security service expanded for apps, databases. Retrieved March 28, 2007 from NetworkWorld, September 11, 2006. Vol23, Num35. www.networkworld.com.http://www.networkworld.com/news/2006/090706-verisign securityservice.htm
Mbuthia, S. (2007). Selecting a DBMS. Retrieve March 28, 2007 From http://csmoodle.kennesaw.edu/mod/forum/discuss.php?=1639
Ogbuji, U. (2001). Choosing a database management system. Retrieved March 28, 2007 from http://www- 128.ibm.com/developerworks/webservices/library/ws-dbpick.html
Polstra III, M. Robert. (2005). A case study on how to manage the theft of information. Proceedings of the 2nd annual conference on Information security curriculum development InfoSec CD '05. ACM Press. 139-141. Retrieved, March 29, 2007, from http://proxy.kennesaw.edu:2230/10.1145/1110000/1107653/p135- polstra.pdf?key1=1107653&key2=9181415711&coll=ACM&dl=ACM&C FID=18548384&CFTOKEN=44816403
Price, J. (2007). DBMS selection—James Price. Retrieved March 28, 2007 from http://csmoodle.kennesaw.edu/mod/forum/discuss.php?d=16 78
Schultz, B. (2007). New ways to protect data from insider attacks: The toughest security problem is the insider attack. These emerging tools promise to eliminate the threat Retrieved March 25, 2007 from Network World, 03/19/07 http://www.networkworld.com/supp/2007/ndc2/031907- data-leakage-protection.html
Silverthorn, A. (2007). Solix extends archiving software Retrieved March 29, 2007 from infostor magazine March 19, 2007. http://www.infostor.com/display_article/287507/23/ARTCL/Display/none/ Solix-extends-archiving-software/
Snyder, J. (2006). The pros and cons of NAC: Bottom Line. Retrieved March 29, 2007 from Network World 06/12/06, http://www.networkworld.com/columnists/2006/061206snyder.html
Whitman, M.E., & Mattord H. J. (2004). Management of Information Security.
Whitman, M.E., & Mattord H. J. (2004). Readings and Cases in the Management of Information Security
Woon, I. and Kankanhalli , A. Trust, Controls, and Information Security, Readings and Cases in the Management of Information Security, M.E. Whitman & H.J. Mattord (Eds.), Course Technology, Thomson Learning, 2006.
Bi, C. Vrbsky, S, V. Jukic, N. (1999). A security paradigm for Web databases. The ACM Digital Library, Article No. 46. Retrieved from ACM Southeast Regional Conference archive Proceedings of the 37th annual southeast regional conference (CD-ROM).
Kerber, R. (2007). Cost of data breach at TJX soars to $256m. Suits, computer fix add to expenses. The Boston Globe. http://www.boston.com/business/articles/2007/08/15/cost_of_data_breach_ at_tjx_soars_to_256m/
Blake, Errol A.
"Network and Database Security: Regulatory Compliance, Network, and Database Security - A Unified Process and Goal,"
Journal of Digital Forensics, Security and Law: Vol. 2
, Article 5.
Available at: http://commons.erau.edu/jdfsl/vol2/iss4/5