SlideShare a Scribd company logo

Database Security Management

Download as PPTX, PDF
A
Ahsin Yousaf

Overview To Database Security. What is Database Security Why need of database security. Concepts of Database Security. Security Problems Security Controls In today’s world, we need everything secured whether it is your mobile phone , computer , vehicle or almost anything. What is database security? Database It is a collection of information stored in a computer. Security: It is being free from danger. Database Security: It is the mechanisms that protect the database against intentional or accidental threats. Database Security is defined as the process by which “Confidentiality, Integrity and Availability” of the database can be protected Why need of database security?If there is no security to database what happens??? Data will be easily corrupted It is important to restrict access to the database from authorized users to protect sensitive data. Concepts of Database SecurityThree are 3 main aspects Secrecy or Confidentiality Integrity Availability SECRECY /It is protecting the database from unauthorized users. Ensures that users are allowed to do the things they are trying to do. Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able to read the data. INTEGRITYProtecting the database from authorized users. Ensures that what users are trying to do is correct. For examples, An employee should be able to modify his or her own information. AVAILABILITYDatabase must have not unplanned downtime. To ensure this ,following steps should be taken Restrict the amount of the storage space given to each user in the database. Limit the number of concurrent sessions made available to each database user. Back up the data at periodic intervals to ensure data recovery in case of application users.

Technology
1 of 23
Presentation to: Mam Hina Akram 1
Group Members • Ahsin Yousaf • Adnan Hussain • Usman Jamil • Ayesha Afzal • L1F17MSCT0047 • L1F17MSCT0051 • L1F17MSCT00 • L1F17MSCT00
OUTLINE  Overview ToDatabase Security.  What is Database Security  Why need of database security.  Concepts of Database Security.  Security Problems  Security Controls 2
Mobile Computer Vehicles OVERVIEW Intoday’s world, we need everything secured whetherit is your mobile phone ,computer ,vehicle or almost anything. 3
What is database security? 5 Database: It is a collection of information stored in a computer. Security: It is being free from danger. Database Security: It is the mechanisms that protect the database against intentional or accidental threats.
Database Security is defined as the process by which “Confidentiality, Integrity and Availability” of the database can be protected Definition of Database Security 6
If there is no security to database what happens??? Data will be easily corrupted 7 It is important to restrict access to the database from authorized users to protect sensitivedata. Why need of database security?
Three are 3 main aspects 1. Secrecy or Confidentiality 2. Integrity 3. Availability 8 Concepts of Database Security
SECRECY/  It is protecting the database from unauthorized users.  Ensures that users are allowed to do the things theyare trying to do.  Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able to read the data. 9
INTEGRITY 1 0  Protecting the database from authorized users.  Ensures that what users are trying to do is correct. For examples,  An employee should be able to modify his or herown information.
AVAILABILITY 10 Database must have not unplanned downtime. Toensure this ,following steps should be taken Restrict the amount of the storage space given to each user in the database. Limit the number of concurrent sessionsmade available to each database user. Back up the data at periodic intervals to ensure data recovery in case of application users.
SECURITY PROBLEMS 12
Any circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. There are two kinds of threat. Non-fraudulent Threat fraudulent Threat 13
1. Non-fraudulent Threat 14  Natural or accidental disasters.  Errors or bugs in hardware or software.  Humanerrors. 2. fraudulentThreat  Authorized users  Those who abuse their privileges andauthority.  Hostile agents  Those improper users (outsider orinsiders).  who attack the software and/or hardware system, or read or write data in adatabase.
DATABASEPROTECTION REQUIREMENTS 15 1. Protection from ImproperAccess 2. Protection from Inference 3. Integrity of the Database 4. User Authentication 5. Multilevel Protection 6. Confinement 7. Management and Protection of SensitiveData
SECURITY CONTROLS 15
 Authorization - privileges, views.  Encryption - public key / private key,secure sockets.  Authentication –passwords.  Logical - firewalls, net proxies. 17
AFIREWALLis dedicated software on another computer which inspects network traffic passing through it and denies (or) permits passage based on set of rules. Basically it is a piece of softwarethat monitors all traffic that goes from your system to another via the Internet or network and ViceVersa Database Firewalls are a type of Web Application Firewalls that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored inthe databases. 18
19
 Data encryption enables to encrypt sensitive data, such as credit card numbers, stored in table columns.  Encrypted data is decrypted for a database user who has access to the data.  Data encryption helps protect data stored on media in the event that the storage media or data file gets stolen. 20
 As a security administrator, one can be sure that sensitive data is safe in case the storage media or data file gets stolen.  You do not need to create triggers or views to decrypt data. Data from tables is decrypted for the database user.  Database users need not be aware of the fact that the data they are accessing is stored in encrypted form. Data is transparently decrypted for the database users and does not require any action on their part.  Applications need not be modified to handle encrypted data. Data encryption/decryption is managed by the database. 21
 Read authorization - allows reading, but not modification of data  Insert authorization - allows insertion of new data, but not modification of existing data.  Update authorization - allows modification, but not deletion of data.  Delete authorization - allows deletion of data 22
23

Recommended

Database security
Database securityDatabase security
Database securityBirju Tank
 
Security of the database
Security of the databaseSecurity of the database
Security of the databasePratik Tamgadge
 
Database security
Database securityDatabase security
Database securityArpana shree
 
DB security
DB security DB security
DB securityERSHUBHAM TIWARI
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 
Database security
Database securityDatabase security
Database securityMurchana Borah
 
Database security
Database securityDatabase security
Database securityafzaalkhalid1
 

Recommended

Database security
Database securityDatabase security
Database securityBirju Tank
 
Security of the database
Security of the databaseSecurity of the database
Security of the databasePratik Tamgadge
 
Database security
Database securityDatabase security
Database securityArpana shree
 
DB security
DB security DB security
DB securityERSHUBHAM TIWARI
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 
Database security
Database securityDatabase security
Database securityMurchana Borah
 
Database security
Database securityDatabase security
Database securityafzaalkhalid1
 
Database Security
Database SecurityDatabase Security
Database SecurityShingalaKrupa
 
Database Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxDatabase Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxSaqibAhmedKhan4
 
Database security
Database securityDatabase security
Database securityCAS
 
Database security issues
Database security issuesDatabase security issues
Database security issuesn|u - The Open Security Community
 
Database Security & Encryption
Database Security & EncryptionDatabase Security & Encryption
Database Security & EncryptionTech Sanhita
 
DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITYWasim Raza
 
Data security
Data securityData security
Data securityAbdulBasit938
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Securityamiable_indian
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Database security
Database securityDatabase security
Database securitykeerthusandeepreddy
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrityPooja Dixit
 
Information security
Information security Information security
Information security AishaIshaq4
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Information security
Information security Information security
Information securityJin Castor
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Database security
Database security Database security
Database security Shivnandan Singh
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
uu (2).pdf
uu (2).pdfuu (2).pdf
uu (2).pdfuzairAsif268
 
Database security
Database securityDatabase security
Database securitySoftware Engineering
 

More Related Content

What's hot

Database Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxDatabase Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxSaqibAhmedKhan4
 
Database security
Database securityDatabase security
Database securityCAS
 
Database Security & Encryption
Database Security & EncryptionDatabase Security & Encryption
Database Security & EncryptionTech Sanhita
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Securityamiable_indian
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrityPooja Dixit
 
Information security
Information security Information security
Information security AishaIshaq4
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Information security
Information security Information security
Information securityJin Castor
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 

What's hot (20)

Database Security
Database SecurityDatabase Security
Database Security
 
Database Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxDatabase Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptx
 
Database security
Database securityDatabase security
Database security
 
Database security issues
Database security issuesDatabase security issues
Database security issues
 
Database Security & Encryption
Database Security & EncryptionDatabase Security & Encryption
Database Security & Encryption
 
DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITY
 
Data security
Data securityData security
Data security
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Security
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Database security
Database securityDatabase security
Database security
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrity
 
Information security
Information security Information security
Information security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information security
Information securityInformation security
Information security
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Information security
Information security Information security
Information security
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Database security
Database security Database security
Database security
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 

Similar to Database Security Management

databasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdfdatabasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdfAnSHiKa187943
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptxFarhanaMariyam1
 
Database Security Presentation Why database Security is important
Database Security Presentation Why database Security is importantDatabase Security Presentation Why database Security is important
Database Security Presentation Why database Security is importantKamruzzamansohel2
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptxmissionsk81
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security FrameworkMaria Perkins
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKijcsit
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptshahadd2021
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10Irsandi Hasan
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityFredReynolds2
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and securitySomesh Kumar
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 

Similar to Database Security Management (20)

uu (2).pdf
uu (2).pdfuu (2).pdf
uu (2).pdf
 
Database security
Database securityDatabase security
Database security
 
databasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdfdatabasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdf
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptx
 
203135 Muhammad Usama.pptx
203135 Muhammad Usama.pptx203135 Muhammad Usama.pptx
203135 Muhammad Usama.pptx
 
Database Security Presentation Why database Security is important
Database Security Presentation Why database Security is importantDatabase Security Presentation Why database Security is important
Database Security Presentation Why database Security is important
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
 
Dstca
DstcaDstca
Dstca
 
Computer security
Computer securityComputer security
Computer security
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security Framework
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORK
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database Security
 
Comparative Analysis of Windows and Linux System.pptx
Comparative Analysis of Windows and Linux System.pptxComparative Analysis of Windows and Linux System.pptx
Comparative Analysis of Windows and Linux System.pptx
 
Importance of DBMS.pptx
Importance of DBMS.pptxImportance of DBMS.pptx
Importance of DBMS.pptx
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and security
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
 

More from Ahsin Yousaf

Corporate law in pakistan
Corporate law in pakistanCorporate law in pakistan
Corporate law in pakistanAhsin Yousaf
 
Register Dld project
Register Dld projectRegister Dld project
Register Dld projectAhsin Yousaf
 
Three step writing process bovee by ahsin yousaf
Three step writing process bovee by ahsin yousafThree step writing process bovee by ahsin yousaf
Three step writing process bovee by ahsin yousafAhsin Yousaf
 
Financial Accounting presentation
Financial Accounting presentationFinancial Accounting presentation
Financial Accounting presentationAhsin Yousaf
 
Global market place
Global market placeGlobal market place
Global market placeAhsin Yousaf
 
Physical access control
Physical access controlPhysical access control
Physical access controlAhsin Yousaf
 

More from Ahsin Yousaf (7)

Corporate law in pakistan
Corporate law in pakistanCorporate law in pakistan
Corporate law in pakistan
 
Register Dld project
Register Dld projectRegister Dld project
Register Dld project
 
Three step writing process bovee by ahsin yousaf
Three step writing process bovee by ahsin yousafThree step writing process bovee by ahsin yousaf
Three step writing process bovee by ahsin yousaf
 
Financial Accounting presentation
Financial Accounting presentationFinancial Accounting presentation
Financial Accounting presentation
 
Bcrw
BcrwBcrw
Bcrw
 
Global market place
Global market placeGlobal market place
Global market place
 
Physical access control
Physical access controlPhysical access control
Physical access control
 

Recently uploaded

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Database Security Management

  • 2. Group Members • Ahsin Yousaf • Adnan Hussain • Usman Jamil • Ayesha Afzal • L1F17MSCT0047 • L1F17MSCT0051 • L1F17MSCT00 • L1F17MSCT00
  • 3. OUTLINE  Overview ToDatabase Security.  What is Database Security  Why need of database security.  Concepts of Database Security.  Security Problems  Security Controls 2
  • 4. Mobile Computer Vehicles OVERVIEW Intoday’s world, we need everything secured whetherit is your mobile phone ,computer ,vehicle or almost anything. 3
  • 5. What is database security? 5 Database: It is a collection of information stored in a computer. Security: It is being free from danger. Database Security: It is the mechanisms that protect the database against intentional or accidental threats.
  • 6. Database Security is defined as the process by which “Confidentiality, Integrity and Availability” of the database can be protected Definition of Database Security 6
  • 7. If there is no security to database what happens??? Data will be easily corrupted 7 It is important to restrict access to the database from authorized users to protect sensitivedata. Why need of database security?
  • 8. Three are 3 main aspects 1. Secrecy or Confidentiality 2. Integrity 3. Availability 8 Concepts of Database Security
  • 9. SECRECY/  It is protecting the database from unauthorized users.  Ensures that users are allowed to do the things theyare trying to do.  Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able to read the data. 9
  • 10. INTEGRITY 1 0  Protecting the database from authorized users.  Ensures that what users are trying to do is correct. For examples,  An employee should be able to modify his or herown information.
  • 11. AVAILABILITY 10 Database must have not unplanned downtime. Toensure this ,following steps should be taken Restrict the amount of the storage space given to each user in the database. Limit the number of concurrent sessionsmade available to each database user. Back up the data at periodic intervals to ensure data recovery in case of application users.
  • 13. Any circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. There are two kinds of threat. Non-fraudulent Threat fraudulent Threat 13
  • 14. 1. Non-fraudulent Threat 14  Natural or accidental disasters.  Errors or bugs in hardware or software.  Humanerrors. 2. fraudulentThreat  Authorized users  Those who abuse their privileges andauthority.  Hostile agents  Those improper users (outsider orinsiders).  who attack the software and/or hardware system, or read or write data in adatabase.
  • 15. DATABASEPROTECTION REQUIREMENTS 15 1. Protection from ImproperAccess 2. Protection from Inference 3. Integrity of the Database 4. User Authentication 5. Multilevel Protection 6. Confinement 7. Management and Protection of SensitiveData
  • 17.  Authorization - privileges, views.  Encryption - public key / private key,secure sockets.  Authentication –passwords.  Logical - firewalls, net proxies. 17
  • 18. AFIREWALLis dedicated software on another computer which inspects network traffic passing through it and denies (or) permits passage based on set of rules. Basically it is a piece of softwarethat monitors all traffic that goes from your system to another via the Internet or network and ViceVersa Database Firewalls are a type of Web Application Firewalls that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored inthe databases. 18
  • 19. 19
  • 20.  Data encryption enables to encrypt sensitive data, such as credit card numbers, stored in table columns.  Encrypted data is decrypted for a database user who has access to the data.  Data encryption helps protect data stored on media in the event that the storage media or data file gets stolen. 20
  • 21.  As a security administrator, one can be sure that sensitive data is safe in case the storage media or data file gets stolen.  You do not need to create triggers or views to decrypt data. Data from tables is decrypted for the database user.  Database users need not be aware of the fact that the data they are accessing is stored in encrypted form. Data is transparently decrypted for the database users and does not require any action on their part.  Applications need not be modified to handle encrypted data. Data encryption/decryption is managed by the database. 21
  • 22.  Read authorization - allows reading, but not modification of data  Insert authorization - allows insertion of new data, but not modification of existing data.  Update authorization - allows modification, but not deletion of data.  Delete authorization - allows deletion of data 22
  • 23. 23