Description
Submit a security plan to secure the organization's database. The security plan will be submitted to the CIO. The organization has many concerns about unauthorized access, since there have been reports that some confidential information has been accessed from the database.
Specifically, the CIO would like a plan that will ensure log files can be reviewed to determine who accessed the data, when it was accessed, and what was changed in the database.
To complete this task, you will need to examine the DBMS used by your organization and identify the current security measures provided.
You can view the SQL Server log files. Following are the types of log files you can access using the Log File viewer.
- Audit Collection
- Data Collection
- Job History
- Maintenance Plans
- SQL Server
- SQL Server Agent
After reviewing these files, list the potential threats that could occur and propose countermeasures to overcome them. Describe the use of potential uses of cloud computing services by your organization and list the potential threats, implications, and countermeasures.
For additional details, please refer to the Creating a Security Plan Rubric document.
Unformatted Attachment Preview
Purchase answer to see full attachment
Explanation & Answer
Attached.
Running head: CREATING SECURITY PLAN
Creating Security Plan
Name:
Professor:
Course:
Date:
1
CREATING SECURITY PLAN
2
Introduction
In today’s technological environment, data is generated at a high speed and the final destination of
such data is the database. The databases often allow any authorized user to access, store and
analyze data. The data is often organized in different segments with regard to the type and the role
of information in the organization. With the advancements provided by the database technology,
however, sensitive information has become a major target for the external intruders. The
unauthorized users often seek to gain access to the database with the aim of stealing, manipulating
or erasing information. In addition to proposing the proper approaches of database security, this
paper discusses the potential security threats in database system. It also analyses the potential uses
of cloud computing in an organization.
Potential Threats to an Organization
A threat is a situation or event, both intentional and unintentional, that can affect a database system
and organization. One of the major threat in a database system is the privileges elevation. In this
situation, a user can convert the extra privileges from an ordinary user to the database administrator
hence taking over the platform (Chou, 2013). Once the user has gained the administrator privileges,
he or she can manipulate the files. For example, the user can alter the maintenance plans to create
business in the organizations’ operations.
Loss of availability is another huge database security threat. In the case of this issue, any
user cannot access the database system. It often arises with sabotage of the hardware, the network
systems and the applications. A vulnerable network can invite the possibilities of the Denial of
Service (DoS) attacks, which in turn prevent complete access of the system. For example, in the
CREATING SECURITY PLAN
3
case of an online banking system offered by an organization, the denial of services can deny
complete entry to all the users.
SQL injection is another database security threat. The database systems are often used for
backend functionality. The user supplied data is often used to build and transform the effectiveness
of the platform in terms of retrieving and sharing data. However, the unauthorized users to subvert
the originality and the integrity of the information can use input injections. Such an event can
interrupt the organization’s operations (Chou, 2013).
Malware or virus is another common threat of the database. Ideally, a virus such as Trojan
horse can easily attack a system that lacks the necessary antivirus or antimalware software
programs (Chou, 2013). Th...