The Security, Audit, and Control of Databases PDF Download

Author: Rodney Clark
Publisher:
ISBN:
Category : Computers
Languages : en
Pages : 152

View

Book Description
Any organization, whether commercial, governmental or academic, which uses databases in material areas of its activities is vulnerable to their defective operation. Databases are required to be secure, well controlled and auditable in order to meet the business objectives of the application systems which use them as the data storage medium. This publication from the three BCS Specialist Groups for audit, security and database design was written to assist all individuals involved in achieving the above requirements. It treats all these three aspects from the viewpoint of practical experience, right from the initial choice of software. This continues through integration with other software, to control measures and audit procedures. The book also covers types of and integrity of databases, data dictionaries, and CASE tools. The volume provides a structured understanding of a complex topic; a reference manual to those designing applications using databases; and a guide to audit needs in a database envrironment. The readership includes database designers, security staff, auditors (internal and external), consultants and applications designers.

Author: ISACA
Publisher: ISACA
ISBN: 1604201185
Category : Computers
Languages : en
Pages : 43

View

Book Description

Author: Ron Ben Natan
Publisher: Elsevier
ISBN: 9780080470641
Category : Computers
Languages : en
Pages : 432

View

Book Description
This book is about database security and auditing. You will learn many methods and techniques that will be helpful in securing, monitoring and auditing database environments. It covers diverse topics that include all aspects of database security and auditing - including network security for databases, authentication and authorization issues, links and replication, database Trojans, etc. You will also learn of vulnerabilities and attacks that exist within various database environments or that have been used to attack databases (and that have since been fixed). These will often be explained to an “internals level. There are many sections which outline the “anatomy of an attack – before delving into the details of how to combat such an attack. Equally important, you will learn about the database auditing landscape – both from a business and regulatory requirements perspective as well as from a technical implementation perspective. * Useful to the database administrator and/or security administrator - regardless of the precise database vendor (or vendors) that you are using within your organization. * Has a large number of examples - examples that pertain to Oracle, SQL Server, DB2, Sybase and even MySQL.. * Many of the techniques you will see in this book will never be described in a manual or a book that is devoted to a certain database product. * Addressing complex issues must take into account more than just the database and focusing on capabilities that are provided only by the database vendor is not always enough. This book offers a broader view of the database environment - which is not dependent on the database platform - a view that is important to ensure good database security.

Author:
Publisher: It Governance Institute
ISBN: 9781893209589
Category : Database security
Languages : en
Pages : 158

View

Book Description
As systems have migrated from mainframe to client-server and multi-tiered web application environments, the criticality of protecting the database has grown at a tremendous rate. The confidentiality, integrity and availability requirements of the database tier are at an all time high because employees, customers and business partners demand access to data in an immediate and consistent manner. Further, the reality and awareness of security risks are growing, resulting in higher security expectations. As a result, more focus is directed toward auditing databases to ensure that there are appropriate safeguards in place to protect against reasonably foreseeable threats. This book provides guidance on Oracle Database including: * Understanding the IT environment, and developing a strategy to properly plan the Oracle audit * Security and access control related to the Oracle environment * A suggested security and control framework * A detailed general controls approach, along with specifics on application level security * An internal control questionnaire and audit program linked to COBIT * A list of frequently asked questions/answers, and recommendations for the professional * A list of automated assessment tools available. Call +1.847.253.1545 ext. 401, visit www.isaca.org/bookstore or e-mail [email protected] for more information.

Author: Jack J. Champlain
Publisher: John Wiley & Sons
ISBN: 0471466298
Category : Business & Economics
Languages : en
Pages : 450

View

Book Description
Have you been asked to perform an information systems audit and don't know where to start? Examine a company's hardware, software, and data organization and processing methods to ensure quality control and security with this easy, practical guide to auditing computer systems--the tools necessary to implement an effective IS audit. In nontechnical language and following the format of an IS audit program, you'll gain insight into new types of security certifications (e.g., TruSecure, CAP SysTrust, CPA WebTrust) as well as the importance of physical security controls, adequate insurance, and digital surveillance systems. Order your copy today!

Author: Michael Gertz
Publisher: Springer Science & Business Media
ISBN: 0387485333
Category : Computers
Languages : en
Pages : 577

View

Book Description
Handbook of Database Security: Applications and Trends provides an up-to-date overview of data security models, techniques, and architectures in a variety of data management applications and settings. In addition to providing an overview of data security in different application settings, this book includes an outline for future research directions within the field. The book is designed for industry practitioners and researchers, and is also suitable for advanced-level students in computer science.

Author: Frederick Gallegos
Publisher: Thomson South-Western
ISBN:
Category : Auditing
Languages : en
Pages : 744

View

Book Description

Author: Elisa Bertino
Publisher: Morgan & Claypool Publishers
ISBN: 1608457699
Category : Computers
Languages : en
Pages : 93

View

Book Description
As data represent a key asset for today's organizations, the problem of how to protect this data from theft and misuse is at the forefront of these organizations' minds. Even though today several data security techniques are available to protect data and computing infrastructures, many such techniques -- such as firewalls and network security tools -- are unable to protect data from attacks posed by those working on an organization's "inside." These "insiders" usually have authorized access to relevant information systems, making it extremely challenging to block the misuse of information while still allowing them to do their jobs. This book discusses several techniques that can provide effective protection against attacks posed by people working on the inside of an organization. Chapter One introduces the notion of insider threat and reports some data about data breaches due to insider threats. Chapter Two covers authentication and access control techniques, and Chapter Three shows how these general security techniques can be extended and used in the context of protection from insider threats. Chapter Four addresses anomaly detection techniques that are used to determine anomalies in data accesses by insiders. These anomalies are often indicative of potential insider data attacks and therefore play an important role in protection from these attacks. Security information and event management (SIEM) tools and fine-grained auditing are discussed in Chapter Five. These tools aim at collecting, analyzing, and correlating -- in real-time -- any information and event that may be relevant for the security of an organization. As such, they can be a key element in finding a solution to such undesirable insider threats. Chapter Six goes on to provide a survey of techniques for separation-of-duty (SoD). SoD is an important principle that, when implemented in systems and tools, can strengthen data protection from malicious insiders. However, to date, very few approaches have been proposed for implementing SoD in systems. In Chapter Seven, a short survey of a commercial product is presented, which provides different techniques for protection from malicious users with system privileges -- such as a DBA in database management systems. Finally, in Chapter Eight, the book concludes with a few remarks and additional research directions. Table of Contents: Introduction / Authentication / Access Control / Anomaly Detection / Security Information and Event Management and Auditing / Separation of Duty / Case Study: Oracle Database Vault / Conclusion

Author: Michelle Malcher
Publisher: McGraw Hill Professional
ISBN: 0071826173
Category : Computers
Languages : en
Pages : 88

View

Book Description
This Oracle Press eBook is filled with cutting-edge security techniques for Oracle Database 12c. It covers authentication, access control, encryption, auditing, controlling SQL input, data masking, validating configuration compliance, and more. Each chapter covers a single threat area, and each security mechanism reinforces the others.

Author: David Y. Chan
Publisher: Emerald Group Publishing
ISBN: 1787434141
Category : Business & Economics
Languages : en
Pages : 359

View

Book Description
Continuous Auditing provides academics and practitioners with a compilation of select continuous auditing design science research, and it provides readers with an understanding of the underlying theoretical concepts of a continuous audit, ideas on how continuous audit can be applied in practice, and what has and has not worked in research.