Databases Reference
In-Depth Information
Internal, Intentional Threats
Internal, intentional threats come from employees who, for professional
or personal reasons, try to defraud the organization by stealing, disclosing,
or destroying data in DDBS. Preventive measures against these threats
focus on ensuring that the potential user in a distributed database environ-
ment is a legitimate user, who is trying to access an authorized data object
or file and performing an authorized action. The first layer of this type of
security ensures the legitimacy of a user by authenticating the individual's
identity. The user is identified through a combination of some form of user
ID and password. Other methods include the use of smart cards or tokens
and biometrics systems.
The second layer of security focuses on ensuring that the user, having
been identified as legitimate, is trying to access data that the individual is
authorized to access. This is accomplished through the establishment of
authorization rules involving such methods as user privileges and clear-
ances, data classification and fragmentation, and restricted views.
Users are assigned clearances according to their privileges in using spe-
cific segments of the database. Given the nature of the distributed data-
base environment, the assignment and tracking of clearances can be a dif-
ficult task because the population of potential users includes all those in
the multiple nodes of the DDBSs. This procedure, however, helps deter-
mine who is authorized to access which object or segment of the database.
Data classification assigns sensitivity levels to different segments of the
database. Together, with the user classification, data sensitivity levels help
determine the domain of each user.
The third layer of security is accomplished by the implementation of
embedded controls in the DDBSs (the software that runs the distributed
database) and audit trails. Although access and authorization controls
through audit trails are retrospective in nature, high-quality audit trails can
provide a complete record of every activity that an individual performs.
Internal, Accidental Threats
Accidental threats from DDBSs users may be considered less serious
than intentional employee threats because, unlike intentional threats,
there is no malicious intent behind them. Nevertheless, the effects could
still theoretically ruin an organization, especially if very sensitive, private
data is involved. Measures to handle these threats include the implemen-
tation of extensive training programs, the heightening of user security
awareness, and constant monitoring and assessment of security violations
resulting from user negligence, ignorance, or omission of automatic error-
checking methods.
Search WWH ::
Custom Search