•  
  •  
 

Errol A. Blake

Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

Database security has evolved; data security professionals have developed numerous techniques and approaches to assure data confidentiality, integrity, and availability. This paper will show that the Traditional Database Security, which has focused primarily on creating user accounts and managing user privileges to database objects are not enough to protect data confidentiality, integrity, and availability. This paper is a compilation of different journals, articles and classroom discussions will focus on unifying the process of securing data or information whether it is in use, in storage or being transmitted. Promoting a change in Database Curriculum Development trends may also play a role in helping secure databases. This paper will take the approach that if one make a conscientious effort to unifying the Database Security process, which includes Database Management System (DBMS) selection process, following regulatory compliances, analyzing and learning from the mistakes of others, Implementing Networking Security Technologies, and Securing the Database, may prevent database breach.

References

Federal Trade Commission (FTC). (2004). National and State Trends in Fraud & Identity Theft January -December 2003. Retrieved March 28, 2007 from http://www.consumer.gov/idtheft/pdf/clearinghouse_2003.pdf

E-government in New Zealand. (2007). Appendix E - Glossary of Terms: Chapter15.html - SQL Injection. http://www.e.govt.nz/ retrieved April 4, 2007 from http://www.e.govt.nz/services/authentication/library/docs/authenticationbpf/chapter15.html/view?searchterm=SQL%20injection

MSDN Library. (2007). SQL Server 2005 Books Online: Strong Passwords. Retrieved March 30, 2007 from http://msdn2.microsoft.com/enus/library/ms161962.aspx

Netproject. (2007). G. Glossary. Proxy Server. Retrieved April 5, 2007 from http://www.netproject.com/docs/migoss/v1.0/glossary.html

PCI Security Standards Council. (2007). About The PCI Data Security Standard (PCI DSS). https://www.pcisecuritystandards.org/tech/

Solix, (2007). About Us. Retrieved March 30, 2007 from http://www.solix.com/company_overview.htm

Technical Corner. (2007). Stored Procedure Security. Retrieved April 4, 2007 from http://www.oracle.com/technology/products/rdb/pdf/stored_procedure_sec urity.pdf

Wikipedia, (2007). Database security. Retrieved from Wikipedia, the free encyclopedia. http://en.wikipedia.org/wiki/Database_security from

VeriSign. (2007). About VeriSign. Retrieved March 30, 2007 from http://www.verisign.com/verisign-inc/index.html

Andress, M. (2006). NetIQ suite tops test of security compliance wares. Retrieved March 30, 2007 from Network World Magazine. http://findarticles.com/p/articles/mi_qa3649/is_200606/ai_n17171660

Bertino, E. Sandu, R. (2005). Database Security-Concepts, Approaches, and Challenges. IEEE Transactions on Dependable and Secure Computing. Washington: Jan-Mar 2005. Vol. 2, Iss. 1; p. 2. Retrieved March 28, 2007 from ProQuest® Smart Search. http://proxy.kennesaw.edu:2057/pqdweb

Bishop, J.F, T. Warren, J. (2005). Identity Theft: The Next Corporate Liability Wave? The Corporate Counselor March 30, 2005. Retrieved, March 29, 2007, from Corporate Counsel Magazine, http://www.law.com/jsp/cc/pubarticleCC.jsp?id=1112090711870

Brodkin, J. (2007) TJX breach: Rethinking corp. security. Retrieved April 5, 2007 from Network World magazine, April 2, 2007. Vol24, Num13. www.networkworld.com.

Connor, D. (2006). Solix adds security features: Archiving software guards data via masking or encryption. Retrieved March 29, 2007 from Network World magazine, 08/14/06 http://www.networkworld.com/news/2006/081406-solix-archiving.html

Dubie, D. (2006). CA offers free database mgmt. tool. Retrieved March 28, 2007 from NetworkWorld magazine, April 24, 2006. Vol23, Num16. www.networkwold.com. http://www.networkworld.com/news/2006/042406-ca databasemanagement.html

Dubie, D. (2006). Managing risk: new reality for IT security executives. Retrieved March 28, 2007 from NetworkWorld, September 11, 2006. Vol23, Num16. ww.networkwold.com.

Guimaraes, M. (2006). New Challenges in Teaching Database Security. Retrieved March 30, 2007 from The ACM Digital Library. http://proxy.kennesaw.edu:2230/10.1145/1240000/1231060/p64- Guimaraes.pdf?key1=1231060&key2=4419225711&coll=ACM&dl=ACM &CFID=18658173&CFTOKEN=67659094

Messmer, E. (2007). UPDATE--TJX data theft called largest ever: 45.7M credit card numbers Security breach detailed in financial filing. Retrieved March 30, 2007 from NetworkWorld, September 11, 2006. Vol23, Num35. www.networkworld.com. http://www.networkworld.com/news/2007/032907-tjx-data-theftlargest.html?page=1

Messmer, E. (2006). VeriSign security service expanded for apps, databases. Retrieved March 28, 2007 from NetworkWorld, September 11, 2006. Vol23, Num35. www.networkworld.com.http://www.networkworld.com/news/2006/090706-verisign securityservice.htm

Mbuthia, S. (2007). Selecting a DBMS. Retrieve March 28, 2007 From http://csmoodle.kennesaw.edu/mod/forum/discuss.php?=1639

Ogbuji, U. (2001). Choosing a database management system. Retrieved March 28, 2007 from http://www- 128.ibm.com/developerworks/webservices/library/ws-dbpick.html

Polstra III, M. Robert. (2005). A case study on how to manage the theft of information. Proceedings of the 2nd annual conference on Information security curriculum development InfoSec CD '05. ACM Press. 139-141. Retrieved, March 29, 2007, from http://proxy.kennesaw.edu:2230/10.1145/1110000/1107653/p135- polstra.pdf?key1=1107653&key2=9181415711&coll=ACM&dl=ACM&C FID=18548384&CFTOKEN=44816403

Price, J. (2007). DBMS selection—James Price. Retrieved March 28, 2007 from http://csmoodle.kennesaw.edu/mod/forum/discuss.php?d=16 78

Schultz, B. (2007). New ways to protect data from insider attacks: The toughest security problem is the insider attack. These emerging tools promise to eliminate the threat Retrieved March 25, 2007 from Network World, 03/19/07 http://www.networkworld.com/supp/2007/ndc2/031907- data-leakage-protection.html

Silverthorn, A. (2007). Solix extends archiving software Retrieved March 29, 2007 from infostor magazine March 19, 2007. http://www.infostor.com/display_article/287507/23/ARTCL/Display/none/ Solix-extends-archiving-software/

Snyder, J. (2006). The pros and cons of NAC: Bottom Line. Retrieved March 29, 2007 from Network World 06/12/06, http://www.networkworld.com/columnists/2006/061206snyder.html

Whitman, M.E., & Mattord H. J. (2004). Management of Information Security.

Whitman, M.E., & Mattord H. J. (2004). Readings and Cases in the Management of Information Security

Woon, I. and Kankanhalli , A. Trust, Controls, and Information Security, Readings and Cases in the Management of Information Security, M.E. Whitman & H.J. Mattord (Eds.), Course Technology, Thomson Learning, 2006.

Bi, C. Vrbsky, S, V. Jukic, N. (1999). A security paradigm for Web databases. The ACM Digital Library, Article No. 46. Retrieved from ACM Southeast Regional Conference archive Proceedings of the 37th annual southeast regional conference (CD-ROM).

Kerber, R. (2007). Cost of data breach at TJX soars to $256m. Suits, computer fix add to expenses. The Boston Globe. http://www.boston.com/business/articles/2007/08/15/cost_of_data_breach_ at_tjx_soars_to_256m/

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.