User Account

All Pages

Develop a database security policy

Assignment Help Database Management System
Reference no: EM13803773

You are to develop a database security policy for a small organization that collects and analyzes evaluation data for a variety of non-governmental organizations. The collected data includes both anonymous data and personally identifiable information such as names, dates of birth and social security numbers. Each employee is assigned to a certain number of evaluations. Employees access the data through desktop applications and/or intranet web applications while clients have restricted access to their data through another web application accessible through the Internet.

Guidelines

• A security policy describes what it means for an organization to be secure.
• A security policy is an agreed upon document that executive management uses to communicate its security goals and objectives. Thus, the language should be appropriate for all employees.
• A security policy generally stems from an asset inventory phase, in which the organization's assets are identified and evaluated, followed by a risk assessment phase, in which threats targeting those assets are evaluated. The security policy describes what the organization needs to secure, specifies the level of security that is needed and elaborates a strategy on how the assets will be protected.
• The goal of such a policy is generally to protect valuable and/or confidential information from unauthorized access, but also to limit legal liability and prevent waste or inappropriate use of organization resources. Phrases such as "must", "should", or "will" are used to establish baseline expectations for behavior by employees and to authorize audits and monitoring.
• The security policy is composed from high-level statements that describe a secure state for the organization assets. A security policy does not include best practices or recommendations, so details about how to implement the policy are typically included into supporting documents (standards and procedures)

• A security policy typically includes:

o Scope (1 paragraph)

o Goals (1 paragraph)

o Information classification (1-2 paragraphs)

o Actual requirements: as an itemized list. Specifically, database policy statements could address:
- Roles and responsibilities: Roles at the organization level could include application developer, database user, database administrator, database owner, application owner etc. Responsibilities should be designated.

- Database access types

- Authentication and authorization - a password policy should be defined or referenced

- Use of encryption (files, data in transit, backup files), managing encryption keys

- Backups and recovery (weekend or weekdays, on-line or off-line, incremental or full, etc.)

- Audits (auditor, frequency of audits, what is audited)

- Use of multi level security

- Use virtual private databases

- Database servers hardening (firewall/intrusion detection system, secure configuration, patch management, vulnerability assessment)

- Change management (ensure privileged accounts are documented, administered, monitored, and reviewed)

Reference no: EM13803773

Questions Cloud

Describe the meaning of multiculturalism : Describe the meaning of multiculturalism
Investigate a new type of technology : Write a 700 word paper in which you investigate a new type of technology and describe how it currently affects the print media industry.
Examine some of the most serious challenges facing : Examine some of the most serious challenges facing the state in which you reside or a state which you are familiar with. Visit the Pew Center on the States' webpage titled Stateline Headlines.
Describe how you would initiate the project : Describe how you would initiate the project. Create a project plan for moving the data center, considering the budget and time constraints. Develop an inclusive plan that incorporates the five (5) process areas and nine (9) knowledge areas of the PMB..
Develop a database security policy : Develop a database security policy for a small organization that collects and analyzes evaluation data for a variety of non-governmental organizations - security policy describes what it means for an organization to be secure.
Human socialization process : Human Socialization Process
Determine how the roles and functions of police chiefs : Examine the contemporary nature of the police chiefs and sherriffs duties in middlesex county to determine what qualifications they possessed in order to attain their present positions
Explain what can the congress do to address the issue : What can the Congress do to address this issue. Do you think the government has done enough to date
Write a paper about essay how and why to stop multitasking : Write a review paper about the essay "How (and Why) to Stop Multitasking" by Peter Bregman and "In Defense of Multitasking" by David Silverman.

Reviews

Write a Review

Database Management System Questions & Answers

  When does oracle stop processing the query

How does Oracle process this query? That is, what does Explain Plan tell you about how the query is processed - how would you recognize that the results were not correct?

  Create a table for patients with information

Create a table (by your own imagination) which comprises the least 25 patients with next information (columns): Calculate average of Value1 for each Gender.

  Characteristic of a database that has data redundancy

Explain one characteristic of a database that has data redundancy. Note: Redundancy in our context is not a good thing

  Referential integrity constraint prevent from data inserting

What actions does a referential integrity constraint prevent from occurring when data is inserted in a table that contains this constraint?

  Construct relational database for new yorks fire department

The state wants to record fire department for which each fire fighter currently works and each fire fighter's supervisor. Supervisors are always higher-ranking certified fire fighters - Construct relational database for New York's fire departments..

  What is a conceptual design process

When designing and developing a database, it is imperative that we utilize a conceptual design process. What is a conceptual design process

  Explain what is the method that you use to store files

What is the method that you use to store files on your computer for your classes

  Define the database life cycle

Per the text, the Database Life Cycle includes the Database Initial Study, Database Design, Implementation and Loading, Testing and Evaluation, Operation, and Maintenance and Evolution phases.

  Oracle datatypes for attributes from a normalized relation

Choose Oracle datatypes for the following attributes from a normalized relation including: Vendor(VendorID, Address, ContactName) Item (ItemID, Description) PriceQuote(VendorID, ItemID, Price) Describe why you selected the datatypes for each attri..

  Draw an orm diagram for lineiteminvoice

Draw an ORM diagram for LineItemInvoice. Note, this diagram should be connected to the previous diagrams. You will need a nested object.

  Demodulator circuits and amplitude modulator

Explain how much the modulating signal power is required to generate 100 percent modulation? What is the approximate center frequency of filter required to pass the lower sideband?

  1 which is not a factor to consider in software evaluationa

1. which is not a factor to consider in software evaluation?a. performance effectivenessb. performance efficiencyc.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd