Databases Reference
In-Depth Information
when a company has access to a trading partner's data in a supply chain arrangement,
the partner company expects its data to remain secure. Governments, charged with
protecting their citizens, must protect sensitive defense data from unauthorized
intrusion. And the list goes on and on.
Types of Data Security Breaches
There are several different ways that data and the information systems that store
and process it can be compromised.
Unauthorized Data Access
Perhaps the most basic kind of data security breach is
unauthorized data access. That is, someone obtains data that they are not authorized
to see. This can range from seeing, say, a single record of a database table to
obtaining a copy of an entire table or even an entire database. You can imagine an
evil company wanting to steal a competitor's customer list or new product plans,
the government of one country wanting to get hold of another country's defense
plans, or even one person simply wanting to snoop on his neighbor's bank account.
Sometimes the stolen data consists of computer passwords or security codes so that
data or property can be stolen at a later time. And a variety of different people can be
involved in the data theft, including a company's own employees, a trading partner's
employees, or complete outsiders. In the case of a company's own employees, the
situation can be considerably more complicated than that of an outsider breaking
in and stealing data. An employee might have legitimate access to some company
data but might take advantage of his access to the company's information systems
to steal data he is not authorized to see. Or he might remove data from the company
that he
is
authorized to see (but not to remove).
Unauthorized Data or Program Modification
Another exposure is unauthorized data
modification. In this situation, someone changes the value of stored data that they are
not entitled to change. Imagine a bank employee increasing her own bank account
balance or that of a friend or relative. Or consider an administrative employee in a
university changing a student's grade (or, for that matter, the student breaking into
the university computer to change his own grade!). In more sophisticated cases a
person might manage to change one of a company's programs to modify data now
or at a later time.
Malicious Mischief
The field of reference has to be expanded when discussing
malicious mischief as a data security issue. To begin with, someone can corrupt
or even erase some of a company's data. As with data theft, this can range from
a single record in a table to an entire table or database. But there is even more to
malicious mischief. Data can also be made unusable or unavailable by damaging the
hardware on which it is stored or processed! Thus, in terms of malicious mischief,
the hardware as well as the data has to be protected and this is something that we
will address.
Methods of Breaching Data Security
Methods of breaching data security fall into several broad categories, Figure 11.1.
Some of these require being on a company's premises while others don't.
Search WWH ::
Custom Search