SlideShare a Scribd company logo

Database Security Management

Download as PPTX, PDF
A
Ahsin Yousaf

Overview To Database Security. What is Database Security Why need of database security. Concepts of Database Security. Security Problems Security Controls In today’s world, we need everything secured whether it is your mobile phone , computer , vehicle or almost anything. What is database security? Database It is a collection of information stored in a computer. Security: It is being free from danger. Database Security: It is the mechanisms that protect the database against intentional or accidental threats. Database Security is defined as the process by which “Confidentiality, Integrity and Availability” of the database can be protected Why need of database security?If there is no security to database what happens??? Data will be easily corrupted It is important to restrict access to the database from authorized users to protect sensitive data. Concepts of Database SecurityThree are 3 main aspects Secrecy or Confidentiality Integrity Availability SECRECY /It is protecting the database from unauthorized users. Ensures that users are allowed to do the things they are trying to do. Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able to read the data. INTEGRITYProtecting the database from authorized users. Ensures that what users are trying to do is correct. For examples, An employee should be able to modify his or her own information. AVAILABILITYDatabase must have not unplanned downtime. To ensure this ,following steps should be taken Restrict the amount of the storage space given to each user in the database. Limit the number of concurrent sessions made available to each database user. Back up the data at periodic intervals to ensure data recovery in case of application users.

1 of 23
Presentation to: Mam Hina Akram 1
Group Members • Ahsin Yousaf • Adnan Hussain • Usman Jamil • Ayesha Afzal • L1F17MSCT0047 • L1F17MSCT0051 • L1F17MSCT00 • L1F17MSCT00
OUTLINE  Overview ToDatabase Security.  What is Database Security  Why need of database security.  Concepts of Database Security.  Security Problems  Security Controls 2
Mobile Computer Vehicles OVERVIEW Intoday’s world, we need everything secured whetherit is your mobile phone ,computer ,vehicle or almost anything. 3
What is database security? 5 Database: It is a collection of information stored in a computer. Security: It is being free from danger. Database Security: It is the mechanisms that protect the database against intentional or accidental threats.
Database Security is defined as the process by which “Confidentiality, Integrity and Availability” of the database can be protected Definition of Database Security 6
If there is no security to database what happens??? Data will be easily corrupted 7 It is important to restrict access to the database from authorized users to protect sensitivedata. Why need of database security?
Three are 3 main aspects 1. Secrecy or Confidentiality 2. Integrity 3. Availability 8 Concepts of Database Security
SECRECY/  It is protecting the database from unauthorized users.  Ensures that users are allowed to do the things theyare trying to do.  Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able to read the data. 9
INTEGRITY 1 0  Protecting the database from authorized users.  Ensures that what users are trying to do is correct. For examples,  An employee should be able to modify his or herown information.
AVAILABILITY 10 Database must have not unplanned downtime. Toensure this ,following steps should be taken Restrict the amount of the storage space given to each user in the database. Limit the number of concurrent sessionsmade available to each database user. Back up the data at periodic intervals to ensure data recovery in case of application users.
SECURITY PROBLEMS 12
Any circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. There are two kinds of threat. Non-fraudulent Threat fraudulent Threat 13
1. Non-fraudulent Threat 14  Natural or accidental disasters.  Errors or bugs in hardware or software.  Humanerrors. 2. fraudulentThreat  Authorized users  Those who abuse their privileges andauthority.  Hostile agents  Those improper users (outsider orinsiders).  who attack the software and/or hardware system, or read or write data in adatabase.
DATABASEPROTECTION REQUIREMENTS 15 1. Protection from ImproperAccess 2. Protection from Inference 3. Integrity of the Database 4. User Authentication 5. Multilevel Protection 6. Confinement 7. Management and Protection of SensitiveData
SECURITY CONTROLS 15
 Authorization - privileges, views.  Encryption - public key / private key,secure sockets.  Authentication –passwords.  Logical - firewalls, net proxies. 17
AFIREWALLis dedicated software on another computer which inspects network traffic passing through it and denies (or) permits passage based on set of rules. Basically it is a piece of softwarethat monitors all traffic that goes from your system to another via the Internet or network and ViceVersa Database Firewalls are a type of Web Application Firewalls that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored inthe databases. 18
19
 Data encryption enables to encrypt sensitive data, such as credit card numbers, stored in table columns.  Encrypted data is decrypted for a database user who has access to the data.  Data encryption helps protect data stored on media in the event that the storage media or data file gets stolen. 20
 As a security administrator, one can be sure that sensitive data is safe in case the storage media or data file gets stolen.  You do not need to create triggers or views to decrypt data. Data from tables is decrypted for the database user.  Database users need not be aware of the fact that the data they are accessing is stored in encrypted form. Data is transparently decrypted for the database users and does not require any action on their part.  Applications need not be modified to handle encrypted data. Data encryption/decryption is managed by the database. 21
 Read authorization - allows reading, but not modification of data  Insert authorization - allows insertion of new data, but not modification of existing data.  Update authorization - allows modification, but not deletion of data.  Delete authorization - allows deletion of data 22
23

Recommended

Database security
Database securityDatabase security
Database security
Murchana Borah
 
Database security
Database securityDatabase security
Database security
afzaalkhalid1
 
Information security
Information security Information security
Information security
AishaIshaq4
 
DB security
DB security DB security
DB security
ERSHUBHAM TIWARI
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Security
amiable_indian
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Database security
Database securityDatabase security
Database security
MaryamAsghar9
 
Information security
Information securityInformation security
Information security
AlaaMahmoud108
 

Recommended

Database security
Database securityDatabase security
Database security
Murchana Borah
 
Database security
Database securityDatabase security
Database security
afzaalkhalid1
 
Information security
Information security Information security
Information security
AishaIshaq4
 
DB security
DB security DB security
DB security
ERSHUBHAM TIWARI
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Security
amiable_indian
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Database security
Database securityDatabase security
Database security
MaryamAsghar9
 
Information security
Information securityInformation security
Information security
AlaaMahmoud108
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
Veracrypt
VeracryptVeracrypt
Veracrypt
RUTVICHANGELA
 
Database security
Database securityDatabase security
Database securitykeerthusandeepreddy
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security Risk
Dedi Dwianto
 
system Security
system Security system Security
system Security
Gaurav Mishra
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
Physical security
Physical securityPhysical security
Physical security
Tariq Mahmood
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
Imperva
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
Mukesh Chinta
 
Information classification
Information classificationInformation classification
Information classification
Jyothsna Sridhar
 
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat Sheet
Juan F. Padilla
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
uu (2).pdf
uu (2).pdfuu (2).pdf
uu (2).pdf
uzairAsif268
 
Database security
Database securityDatabase security
Database security
Software Engineering
 

More Related Content

What's hot

Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
Veracrypt
VeracryptVeracrypt
Veracrypt
RUTVICHANGELA
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security Risk
Dedi Dwianto
 
system Security
system Security system Security
system Security
Gaurav Mishra
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
Physical security
Physical securityPhysical security
Physical security
Tariq Mahmood
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
Imperva
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
Mukesh Chinta
 
Information classification
Information classificationInformation classification
Information classification
Jyothsna Sridhar
 
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat Sheet
Juan F. Padilla
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 

What's hot (20)

Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
Veracrypt
VeracryptVeracrypt
Veracrypt
 
Database security
Database securityDatabase security
Database security
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security Risk
 
system Security
system Security system Security
system Security
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Information Security
Information SecurityInformation Security
Information Security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Physical security
Physical securityPhysical security
Physical security
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Information classification
Information classificationInformation classification
Information classification
 
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat Sheet
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 

Similar to Database Security Management

uu (2).pdf
uu (2).pdfuu (2).pdf
uu (2).pdf
uzairAsif268
 
Database security
Database securityDatabase security
Database security
Software Engineering
 
databasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdfdatabasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdf
AnSHiKa187943
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptx
FarhanaMariyam1
 
203135 Muhammad Usama.pptx
203135 Muhammad Usama.pptx203135 Muhammad Usama.pptx
203135 Muhammad Usama.pptx
muhammadusama257191
 
Database security presentation in easy way
Database security presentation in easy wayDatabase security presentation in easy way
Database security presentation in easy way
ArsalanMaqsood1
 
Database Security Presentation Why database Security is important
Database Security Presentation Why database Security is importantDatabase Security Presentation Why database Security is important
Database Security Presentation Why database Security is important
Kamruzzamansohel2
 
Database Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxDatabase Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptx
SaqibAhmedKhan4
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
missionsk81
 
Dstca
DstcaDstca
Dstca
ajay vj
 
Computer security
Computer securityComputer security
Computer security
Ayesha Arshad
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORK
ijcsit
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security Framework
Maria Perkins
 
Data security
Data securityData security
Data security
AbdulBasit938
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
shahadd2021
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10
Irsandi Hasan
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database Security
FredReynolds2
 
Comparative Analysis of Windows and Linux System.pptx
Comparative Analysis of Windows and Linux System.pptxComparative Analysis of Windows and Linux System.pptx
Comparative Analysis of Windows and Linux System.pptx
Green University of Bangladesh
 
Importance of DBMS.pptx
Importance of DBMS.pptxImportance of DBMS.pptx
Importance of DBMS.pptx
Green University of Bangladesh
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 

Similar to Database Security Management (20)

uu (2).pdf
uu (2).pdfuu (2).pdf
uu (2).pdf
 
Database security
Database securityDatabase security
Database security
 
databasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdfdatabasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdf
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptx
 
203135 Muhammad Usama.pptx
203135 Muhammad Usama.pptx203135 Muhammad Usama.pptx
203135 Muhammad Usama.pptx
 
Database security presentation in easy way
Database security presentation in easy wayDatabase security presentation in easy way
Database security presentation in easy way
 
Database Security Presentation Why database Security is important
Database Security Presentation Why database Security is importantDatabase Security Presentation Why database Security is important
Database Security Presentation Why database Security is important
 
Database Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxDatabase Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptx
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
 
Dstca
DstcaDstca
Dstca
 
Computer security
Computer securityComputer security
Computer security
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORK
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security Framework
 
Data security
Data securityData security
Data security
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database Security
 
Comparative Analysis of Windows and Linux System.pptx
Comparative Analysis of Windows and Linux System.pptxComparative Analysis of Windows and Linux System.pptx
Comparative Analysis of Windows and Linux System.pptx
 
Importance of DBMS.pptx
Importance of DBMS.pptxImportance of DBMS.pptx
Importance of DBMS.pptx
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 

More from Ahsin Yousaf

Corporate law in pakistan
Corporate law in pakistanCorporate law in pakistan
Corporate law in pakistan
Ahsin Yousaf
 
Register Dld project
Register Dld projectRegister Dld project
Register Dld project
Ahsin Yousaf
 
Three step writing process bovee by ahsin yousaf
Three step writing process bovee by ahsin yousafThree step writing process bovee by ahsin yousaf
Three step writing process bovee by ahsin yousaf
Ahsin Yousaf
 
Financial Accounting presentation
Financial Accounting presentationFinancial Accounting presentation
Financial Accounting presentation
Ahsin Yousaf
 
Bcrw
BcrwBcrw
Bcrw
Ahsin Yousaf
 
Global market place
Global market placeGlobal market place
Global market place
Ahsin Yousaf
 
Physical access control
Physical access controlPhysical access control
Physical access control
Ahsin Yousaf
 

More from Ahsin Yousaf (7)

Corporate law in pakistan
Corporate law in pakistanCorporate law in pakistan
Corporate law in pakistan
 
Register Dld project
Register Dld projectRegister Dld project
Register Dld project
 
Three step writing process bovee by ahsin yousaf
Three step writing process bovee by ahsin yousafThree step writing process bovee by ahsin yousaf
Three step writing process bovee by ahsin yousaf
 
Financial Accounting presentation
Financial Accounting presentationFinancial Accounting presentation
Financial Accounting presentation
 
Bcrw
BcrwBcrw
Bcrw
 
Global market place
Global market placeGlobal market place
Global market place
 
Physical access control
Physical access controlPhysical access control
Physical access control
 

Recently uploaded

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
UiPathCommunity
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
Jen Stirrup
 

Recently uploaded (20)

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
 

Database Security Management

  • 2. Group Members • Ahsin Yousaf • Adnan Hussain • Usman Jamil • Ayesha Afzal • L1F17MSCT0047 • L1F17MSCT0051 • L1F17MSCT00 • L1F17MSCT00
  • 3. OUTLINE  Overview ToDatabase Security.  What is Database Security  Why need of database security.  Concepts of Database Security.  Security Problems  Security Controls 2
  • 4. Mobile Computer Vehicles OVERVIEW Intoday’s world, we need everything secured whetherit is your mobile phone ,computer ,vehicle or almost anything. 3
  • 5. What is database security? 5 Database: It is a collection of information stored in a computer. Security: It is being free from danger. Database Security: It is the mechanisms that protect the database against intentional or accidental threats.
  • 6. Database Security is defined as the process by which “Confidentiality, Integrity and Availability” of the database can be protected Definition of Database Security 6
  • 7. If there is no security to database what happens??? Data will be easily corrupted 7 It is important to restrict access to the database from authorized users to protect sensitivedata. Why need of database security?
  • 8. Three are 3 main aspects 1. Secrecy or Confidentiality 2. Integrity 3. Availability 8 Concepts of Database Security
  • 9. SECRECY/  It is protecting the database from unauthorized users.  Ensures that users are allowed to do the things theyare trying to do.  Encryption is a technique or a process by which the data is encoded in such a way that only that authorized users are able to read the data. 9
  • 10. INTEGRITY 1 0  Protecting the database from authorized users.  Ensures that what users are trying to do is correct. For examples,  An employee should be able to modify his or herown information.
  • 11. AVAILABILITY 10 Database must have not unplanned downtime. Toensure this ,following steps should be taken Restrict the amount of the storage space given to each user in the database. Limit the number of concurrent sessionsmade available to each database user. Back up the data at periodic intervals to ensure data recovery in case of application users.
  • 13. Any circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. There are two kinds of threat. Non-fraudulent Threat fraudulent Threat 13
  • 14. 1. Non-fraudulent Threat 14  Natural or accidental disasters.  Errors or bugs in hardware or software.  Humanerrors. 2. fraudulentThreat  Authorized users  Those who abuse their privileges andauthority.  Hostile agents  Those improper users (outsider orinsiders).  who attack the software and/or hardware system, or read or write data in adatabase.
  • 15. DATABASEPROTECTION REQUIREMENTS 15 1. Protection from ImproperAccess 2. Protection from Inference 3. Integrity of the Database 4. User Authentication 5. Multilevel Protection 6. Confinement 7. Management and Protection of SensitiveData
  • 17.  Authorization - privileges, views.  Encryption - public key / private key,secure sockets.  Authentication –passwords.  Logical - firewalls, net proxies. 17
  • 18. AFIREWALLis dedicated software on another computer which inspects network traffic passing through it and denies (or) permits passage based on set of rules. Basically it is a piece of softwarethat monitors all traffic that goes from your system to another via the Internet or network and ViceVersa Database Firewalls are a type of Web Application Firewalls that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored inthe databases. 18
  • 19. 19
  • 20.  Data encryption enables to encrypt sensitive data, such as credit card numbers, stored in table columns.  Encrypted data is decrypted for a database user who has access to the data.  Data encryption helps protect data stored on media in the event that the storage media or data file gets stolen. 20
  • 21.  As a security administrator, one can be sure that sensitive data is safe in case the storage media or data file gets stolen.  You do not need to create triggers or views to decrypt data. Data from tables is decrypted for the database user.  Database users need not be aware of the fact that the data they are accessing is stored in encrypted form. Data is transparently decrypted for the database users and does not require any action on their part.  Applications need not be modified to handle encrypted data. Data encryption/decryption is managed by the database. 21
  • 22.  Read authorization - allows reading, but not modification of data  Insert authorization - allows insertion of new data, but not modification of existing data.  Update authorization - allows modification, but not deletion of data.  Delete authorization - allows deletion of data 22
  • 23. 23