Chapter 14 Integrity & Security - Sacramento State

Chapter 14 Integrity & Security - Sacramento State

Chapter 19 Security Integrity Security Control computer-based non-computer-based PC security

DBMS and Web security Risk Analysis Data protection and privacy laws Integrity Definition Consistent with constraints Types

Entity Referential or existence Domain Enterprise Security Threats Theft & fraud

Loss of confidentiality Loss of privacy Loss of integrity Loss of availability Countermeasures Computer-based controls Non-computer-based controls Computer-based Controls - 1 Authorization & authentication Password Account number Relations, users & right (CRUD) table

Subschema Create views Computer-based Controls - 2 Logs Transaction logs Violation logs (time, terminal, violation) Check points Backup (redundant array of independent disks - RAID) & recovery Audit

Computer-based Controls - 3 Encryption or cryptosystem Encryption key Encryption algorithm Decryption key Decryption algorithm Symmetric encryption (Data Encryption Standard (DES)

Asymmetric encryption (RSA) Example of Encryption - I Divide text into groups of 8 characters. Pad with blank at end as necessary Select an 8-characters key Rearrange text by interchanging adjacent characters Translate each character into an ordinal number with blank as 0, A as 1, B as 2 Add the ordinal number of the key to the results Divide the total by 27 and retain the remainder Translate the remainder back into a character to yield the cipher text

Example of Encryption - II Message: DATA COM Key: PROTOCOL

A D A T C M O 01 04 01 20 03 00 13 15 (adatc mo) 01 04 01 20 03 00 13 15 16 18 15 20 15 03 15 12 (protocol) 17 22 16 40 18 03 28 27 (sum) 17 22 16 13 18 03 01 00 remainder Q V P M R C A SPACE Example of Decryption - I Divide cipher text into groups of eight characters. Pad with blanks at end as necessary Translate each cipher text alphabetic character and the encryption key into an ordinal number

For each group, subtract the ordinal number of the key value from the ordinal number of the cipher text Add 27 to any negative number Translate the number back to alphabetic equivalents Rearrange the text by interchanging adjacent characters Example of Decryption - II

Q V P M R C A SPACE 17 22 16 13 18 03 01 00 (qvpmrca ) 17 22 16 13 18 03 01 00 16 18 15 20 15 03 15 12 (protocol) 01 04 01 -7 03 00 -14 -12 (substract) plus 27 27 27 27

01 04 01 20 03 00 13 15 A D A T C M O D A T A C O M Non-Computer-based Controls Security policy Contingency plan Person, phone no., procedures Site (cold, warm, or hot) Personnel control

Reference Termination Training Balance of duty Escrow & maintenance agreements Physical PC Security

Policy & procedure Physical Logical Virus DBMS and Web Security Proxy server: performance & filtering Firewall: packet filter, application gateway, circuit level gateway, & proxy server Digital signatures & Certificate Authority (CA)

Message digest algorithms and digital signature Kerberos: centralized security server (certificate server Secure Sockets Layer (SSL) for data & Secure HTTP for individual message Secure Electronic Transaction (SET) for credit card & Secure Transaction Technology (STT) for bank payment Risk Analysis

Assets Threats and risks Countermeasures Cost/benefit analysis Testing Data Protection & Privacy Law Assignment Review chapters 5-6, 11-13, and 18 Read chapter 19 Exam 3

Date: 12/9/04 Project Normalization and Corrected EER diagram due date: 12/2/04 SQL, corrected normalization, and EER diagram due date: 12/15/04 (MIS Department Office)

Recently Viewed Presentations

  • Quantitative aspects of asymmetric catalysis David Avnir Institute

    Quantitative aspects of asymmetric catalysis David Avnir Institute

    "Ligand Distortion Modes Leading to Increased Chirality Content of Katsuki-Jacobsen Catalysts" Kenny B. Lipkowitz et al, Chirality, 14, 677 (2002) Evaluation of the degree of chirality content of several Katuski-Jacobsen catalysts, a set of salen ligands coordinated to metals (Mn...
  • Do You TBL?Adventures in Team-Based Learning

    Do You TBL?Adventures in Team-Based Learning

    Team-Based Learning (TBL) Medical education has been moving in the direction of active learning for the past decade. Emphasis on problem-solving skills and critical analysis vs. memorization. Faculty are "the guide at the side" rather than "the sage on the...
  • IT 5433 LM3 - Kennesaw State University

    IT 5433 LM3 - Kennesaw State University

    A set of attributes FK is a foreign key in a relation R that references relation T if it satisfies the following two rules: • The attributes in FK have the same domain as the primary key in T. •...
  • Charter School Applications and Contracts

    Charter School Applications and Contracts

    Recruiting and Forming a Board. Your founding board needs to be made up of people from the community that you intend to serve, this is a chance to bring the community in to your school design.
  • 13 Project Management Organizational Structures  2015 Cengage Learning.

    13 Project Management Organizational Structures 2015 Cengage Learning.

    The functional organizational structure is typically used in businesses that primarily sell and produce standard products. The advantages of a functional organizational structure are no duplication of activities and functional excellence. Disadvantages include insularity, slow response time, and lack of...
  • hbagc.com

    hbagc.com

    ResistingPressureon. ComponentsandCladding. S. h. e. a. th. gable. end. walls. with. wo. o. d. s. t. ruc. t. ural. panel. s, such. as. pl. y. wood. or. oriented. st ...
  • Headline Title - ValidationQuant.com

    Headline Title - ValidationQuant.com

    In the Hull-White paradigm, similar to the alpha calculation denominator, the credit and liquidity environment is not embedded in the path generator. In the Brigo-Pallavicini paradigm (note these two are my terms, not the industry standard) everything is modeled together...
  • Workshop on SSP cooperation in Tirana Region Tirana

    Workshop on SSP cooperation in Tirana Region Tirana

    Sessanta ragazzi hanno ascoltato le parole del Sindaco di Fonni Stefano Coinu e del Questore che hanno parlato di legalità, di rispetto, di regole come presidio di libertà. "I sindaci - ha detto il Questore - non devono essere lasciati...