SlideShare a Scribd company logo

The Complete Guide to DBA Practices & Procedures - Database Security - Part 14

ā€¢
ā€¢
Flevy.com Best Practices
Flevy.com Best Practices

This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here: http://flevy.com/browse/business-document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585 Part 14 of a multi-part series of presentations on the management discipline of database administration. This section covers the range of activities and practices for securing your databases and data. The entire series can be used to implement an efficient and effective database administration function at your organization. This part covers the following areas: - Data Breaches - Database Security Basics - Granting & Revoking Authority - Authorization Roles & Groups - Other Database Security Mechanisms - Encryption - SQL Injections Attacks - Auditing - External Security - DBMS Fixpacks & Maintenance

Business
1 of 20
Database Administration: The Complete Guide to Practices and Procedures Chapter 14 Database Security
Data Breaches ā€¢ Data breaches dominate the IT newscape ā€¢ According to The Privacy Rights Clearinghouse, more than 544 million records have been breached between January 10, 2005 and early 2012. ā€“ Over the course of almost 3,000 separate events. http://www.privacyrights.org/data-breach This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
How Prevalent is this Problem? ā€¢ 68% of companies are losing sensitive data or having it stolen out from under them six times a year ā€¢ An additional 20% are losing sensitive data 22 times or more per year. Sources: eWeek, March 3, 2007 IT Policy Compliance Group http://www.eweek.com/c/a/Desktops-and-Notebooks/Report-Some-Companies-Lose-Data-Six-Times-a-Year/ This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
Who is Responsible for Security? ā€¢ The DBA typically is responsible for administering database security ā€“ Some organizations have transferred this task to a separate security administration function that controls all of the IT security for the company. ā€“ However, even in shops where security administration is a separate entity, database security is still handled by the DBA groupā€¦ ā€¢ ā€¦because database security is handled differently than a typical IT authorization scenario. ā€“ When the security administration group handles security policies, this group usually relies on third- party security software This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
Login Details When the DBMS controls the addition of logins, the DBA is required to provide certain information about the login when it is created: ā€¢ Passwordā€”the key phrase, word, or character string associated with the new login that must be provided by the user before access to the database is permitted ā€¢ Default databaseā€”the name of the database to which the user will initially be connected during login ā€¢ Default languageā€”the default language assigned to the login when using the DBMS if multiple languages are supported ā€¢ Nameā€”the actual full name of the user associated with this login ā€¢ Additional detailsā€”additional details about the user for which the login has been created: e-mail, phone number, office location, business unit, and so on. This is useful for documentation purposes This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
login SUID DBMS user Data basename UID Database Users This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
Types of Privileges ā€¢ Table: to control who can access and modify the data within tables ā€¢ Database object: to control who can create new database objects and drop existing database objects ā€¢ System: to control who can perform certain types of systemwide activities ā€¢ Program: to control who can create, modify, and use database programs ā€¢ Stored procedure: to control who can execute specific functions and stored procedures This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
System Privileges ā€¢ System privileges control which users can use certain DBMS features and execute certain DBMS commands. ā€¢ The system privileges available will vary from DBMS to DBMS but may include: ā€“ The ability to archive database logs ā€“ Shut down and restart the database server ā€“ Start traces for monitoring ā€“ Manage storage ā€“ Manage database caches This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
Revoking Authority ā€¢ Revoke is the inverse of Grant ā€¢ Using Revoke, a DBA can remove privileges from a user that has previously been Granted those privileges ā€¢ Proceed with caution if WITH GRANT OPTION was used ā€“ Cascading revokes can occurThis document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
Label Based Access Control (LBAC) ā€¢ LBAC provides for a more granular security scheme, specifying who can read and modify data in individual rows and/or columns. ā€¢ For example, you might want to set up an authorization scenario such that employees can see their own data but no one elseā€™s. Or your authorization needs might dictate that each employeeā€™s immediate manager is able to see his payroll information as well as all of his employeeā€™s data, and so on up through the org chart. ā€¢ Setting up such a security scheme is virtually impossible without LBAC. This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
LBAC Example This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
Groups ā€¢ Group-level authority is similar to roles. ā€¢ Each DBMS provides built-in groups that cannot be changed. The following groups are common among the major DBMSs: ā€“ System administrator. Sometimes abbreviated SA or SYSADM, the system administrator group is the most powerful within the DBMS. ā€“ Database administrator. Sometimes abbreviated as DBADM or DBA, the database administrator group gives all privileges over a specific database, plus the ability to access, but not modify, data in tables within that database. ā€“ Database maintenance. Sometimes abbreviated as DBMAINT, the database maintenance group includes the specific database privileges for maintaining database objects (such as the ability to run utilities and issue commands). ā€“ Security administrator. The security administrator role, aka SSO or SECADM, has the privilege-set permitting the granting and revoking of database security across the DBMS. Any database security-related activities can be performed by the security administrator. ā€“ Operations control. Sometimes referred to as OPER or SYSOPR, the operations control role has the authority to perform operational database tasks such as backup and recovery, or terminating runaway tasks. This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
Using Views for Security ā€¢ A view can be created that omits sensitive information. ā€“ By creating the view without the sensitive columns, users can be granted the SELECT privilege on the view and will be able to access employee information that is deemed appropriate. ā€“ For example, this view omits salary details: This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
Original Data ā€œJohnsonā€ Encryption Algorithm Encrypted Data ā€œs&1Yu.8ā€ Encryption Key Decryption Algorithm Encryption Encryption transforms data rendering it unreadable to anyone without the decryption key. This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
ā€œIn Transitā€ Encryption ā€¢ Encrypting data in transit is undertaken to prohibit network packet sniffing. ā€“ If the data is encrypted before it is sent over the network and decrypted upon reception at its destination, then it is protected along its journey. ā€“ Anyone nefariously attempting to access the data en route will receive only encrypted data. ā€“ Without the decryption key, the data cannot be read. ā€¢ Data in transit encryption most commonly is supported using DBMS system parameters and commands or through an add-on encryption product. This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
SQL Injection Example ā€¢ A web-based application using dynamic SQL requires users to login with their e-mail address and a password. ā€¢ Perhaps the SQL looks something like this: ā€¢ A savvy hacker can attempt a SQL injection attack by entering: This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
SQL Injection Prevention ā€¢ Using well designed query language interpreters and coding applications appropriately can prevent SQL injection attacks. ā€“ When possible use static SQL. ā€“ Always validate user input by testing type, length, format, and range. ā€“ The program should make absolutely no assumptions about the size, type, or content of the data that is received. ā€“ Avoid concatenating user input that has not been validated. ā€“ Analyze input and reject anything that contains special characters such as the semi-colon (;), the string delimiter ('), comment delimiters (--, /*ā€¦*/), V$ (the beginning of Oracle DBA views), and xp_ (the beginning of SQL Server catalog stored procedures). ā€“ For Microsoft SQL Server users, beware of the Transact-SQLprocedure xp_cmdshell. This procedure spawns a Windows command shell and passes in a string for execution. This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
Job Scheduling and Security ā€¢ Most organizations schedules tasks to be run at predetermined times, and when those tasks involve database access, authority must be granted to the scheduler. ā€¢ It is not a very good idea to grant SYSADM authority to the job scheduler. ā€¢ Doing so would permit any job to perform any database taskā€”creating potentially severe security problems. ā€¢ Instead, determine how to grant individual authorization to specific jobs using the facilities of the scheduling package and the DBMS. This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
Questions This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
1 Flevy (www.flevy.com) is the marketplace for premium documents. These documents can range from Business Frameworks to Financial Models to PowerPoint Templates. Flevy was founded under the principle that companies waste a lot of time and money recreating the same foundational business documents. Our vision is for Flevy to become a comprehensive knowledge base of business documents. All organizations, from startups to large enterprises, can use Flevyā€” whether it's to jumpstart projects, to find reference or comparison materials, or just to learn. Contact Us Please contact us with any questions you may have about our company. ā€¢ General Inquiries support@flevy.com ā€¢ Media/PR press@flevy.com ā€¢ Billing billing@flevy.com

Recommended

Dotnet datamining ieee projects 2012 @ Seabirds ( Chennai, Pondicherry, Vello...
Dotnet datamining ieee projects 2012 @ Seabirds ( Chennai, Pondicherry, Vello...Dotnet datamining ieee projects 2012 @ Seabirds ( Chennai, Pondicherry, Vello...
Dotnet datamining ieee projects 2012 @ Seabirds ( Chennai, Pondicherry, Vello...SBGC
Ā 
Database security
Database security Database security
Database security Shivnandan Singh
Ā 
Database & Data Security
Database & Data SecurityDatabase & Data Security
Database & Data SecurityCloudbells.com
Ā 
Data and database security and controls
Data and database security and controlsData and database security and controls
Data and database security and controlsFITSFSd
Ā 
Database management systems cs403 power point slides lecture 04
Database management systems cs403 power point slides lecture 04Database management systems cs403 power point slides lecture 04
Database management systems cs403 power point slides lecture 04Md.Abu Sayed
Ā 
Modern Data Security for the Enterprises ā€“ SQL Server & Azure SQL Database
Modern Data Security for the Enterprises ā€“ SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises ā€“ SQL Server & Azure SQL Database
Modern Data Security for the Enterprises ā€“ SQL Server & Azure SQL DatabaseWinWire Technologies Inc
Ā 
Weka project - DataMining
Weka project - DataMiningWeka project - DataMining
Weka project - DataMiningSafiya Najeh
Ā 
Database management systems cs403 power point slides lecture 03
Database management systems cs403 power point slides lecture 03Database management systems cs403 power point slides lecture 03
Database management systems cs403 power point slides lecture 03Md.Abu Sayed
Ā 

Recommended

Dotnet datamining ieee projects 2012 @ Seabirds ( Chennai, Pondicherry, Vello...
Dotnet datamining ieee projects 2012 @ Seabirds ( Chennai, Pondicherry, Vello...Dotnet datamining ieee projects 2012 @ Seabirds ( Chennai, Pondicherry, Vello...
Dotnet datamining ieee projects 2012 @ Seabirds ( Chennai, Pondicherry, Vello...SBGC
Ā 
Database security
Database security Database security
Database security Shivnandan Singh
Ā 
Database & Data Security
Database & Data SecurityDatabase & Data Security
Database & Data SecurityCloudbells.com
Ā 
Data and database security and controls
Data and database security and controlsData and database security and controls
Data and database security and controlsFITSFSd
Ā 
Database management systems cs403 power point slides lecture 04
Database management systems cs403 power point slides lecture 04Database management systems cs403 power point slides lecture 04
Database management systems cs403 power point slides lecture 04Md.Abu Sayed
Ā 
Modern Data Security for the Enterprises ā€“ SQL Server & Azure SQL Database
Modern Data Security for the Enterprises ā€“ SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises ā€“ SQL Server & Azure SQL Database
Modern Data Security for the Enterprises ā€“ SQL Server & Azure SQL DatabaseWinWire Technologies Inc
Ā 
Weka project - DataMining
Weka project - DataMiningWeka project - DataMining
Weka project - DataMiningSafiya Najeh
Ā 
Database management systems cs403 power point slides lecture 03
Database management systems cs403 power point slides lecture 03Database management systems cs403 power point slides lecture 03
Database management systems cs403 power point slides lecture 03Md.Abu Sayed
Ā 
100 Case Studies on Strategy & Transformation.pdf
100 Case Studies on Strategy & Transformation.pdf100 Case Studies on Strategy & Transformation.pdf
100 Case Studies on Strategy & Transformation.pdfFlevy.com Best Practices
Ā 
Project Management for MBA (in French)
Project Management for MBA (in French)Project Management for MBA (in French)
Project Management for MBA (in French)Flevy.com Best Practices
Ā 
4 Stages of Disruption
4 Stages of Disruption4 Stages of Disruption
4 Stages of DisruptionFlevy.com Best Practices
Ā 
Customer-centric Culture
Customer-centric CultureCustomer-centric Culture
Customer-centric CultureFlevy.com Best Practices
Ā 
[Whitepaper] Business Transformation Success Factors
[Whitepaper] Business Transformation Success Factors[Whitepaper] Business Transformation Success Factors
[Whitepaper] Business Transformation Success FactorsFlevy.com Best Practices
Ā 
[Whitepaper] 5 Dimensions of Employee Engagement Scorecard
[Whitepaper] 5 Dimensions of Employee Engagement Scorecard[Whitepaper] 5 Dimensions of Employee Engagement Scorecard
[Whitepaper] 5 Dimensions of Employee Engagement ScorecardFlevy.com Best Practices
Ā 
[Whitepaper] Digital Transformation: Workforce Digitization
[Whitepaper] Digital Transformation: Workforce Digitization[Whitepaper] Digital Transformation: Workforce Digitization
[Whitepaper] Digital Transformation: Workforce DigitizationFlevy.com Best Practices
Ā 
[Whitepaper] Strategic Human Resources: Evolution of Competition
[Whitepaper] Strategic Human Resources: Evolution of Competition[Whitepaper] Strategic Human Resources: Evolution of Competition
[Whitepaper] Strategic Human Resources: Evolution of CompetitionFlevy.com Best Practices
Ā 
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...Flevy.com Best Practices
Ā 
[Whitepaper] Strategy Classics: Value Disciplines Model
[Whitepaper] Strategy Classics: Value Disciplines Model[Whitepaper] Strategy Classics: Value Disciplines Model
[Whitepaper] Strategy Classics: Value Disciplines ModelFlevy.com Best Practices
Ā 
[Whitepaper] The Definitive Guide to Strategic Planning: Hereā€™s What You Need...
[Whitepaper] The Definitive Guide to Strategic Planning: Hereā€™s What You Need...[Whitepaper] The Definitive Guide to Strategic Planning: Hereā€™s What You Need...
[Whitepaper] The Definitive Guide to Strategic Planning: Hereā€™s What You Need...Flevy.com Best Practices
Ā 
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...Flevy.com Best Practices
Ā 
[Whitepaper] The ā€œTheory of Constraints:ā€ Whatā€™s Limiting Your Organization?
[Whitepaper] The ā€œTheory of Constraints:ā€ Whatā€™s Limiting Your Organization?[Whitepaper] The ā€œTheory of Constraints:ā€ Whatā€™s Limiting Your Organization?
[Whitepaper] The ā€œTheory of Constraints:ā€ Whatā€™s Limiting Your Organization?Flevy.com Best Practices
Ā 
[Whitepaper] Transportation Cost Reduction in Supply Chain Management
[Whitepaper] Transportation Cost Reduction in Supply Chain Management[Whitepaper] Transportation Cost Reduction in Supply Chain Management
[Whitepaper] Transportation Cost Reduction in Supply Chain ManagementFlevy.com Best Practices
Ā 
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...Flevy.com Best Practices
Ā 
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...Flevy.com Best Practices
Ā 
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...Flevy.com Best Practices
Ā 
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative BehaviorsFlevy.com Best Practices
Ā 
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...Flevy.com Best Practices
Ā 
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...Flevy.com Best Practices
Ā 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
Ā 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
Ā 

More Related Content

More from Flevy.com Best Practices

100 Case Studies on Strategy & Transformation.pdf
100 Case Studies on Strategy & Transformation.pdf100 Case Studies on Strategy & Transformation.pdf
100 Case Studies on Strategy & Transformation.pdfFlevy.com Best Practices
Ā 
Project Management for MBA (in French)
Project Management for MBA (in French)Project Management for MBA (in French)
Project Management for MBA (in French)Flevy.com Best Practices
Ā 
[Whitepaper] Business Transformation Success Factors
[Whitepaper] Business Transformation Success Factors[Whitepaper] Business Transformation Success Factors
[Whitepaper] Business Transformation Success FactorsFlevy.com Best Practices
Ā 
[Whitepaper] 5 Dimensions of Employee Engagement Scorecard
[Whitepaper] 5 Dimensions of Employee Engagement Scorecard[Whitepaper] 5 Dimensions of Employee Engagement Scorecard
[Whitepaper] 5 Dimensions of Employee Engagement ScorecardFlevy.com Best Practices
Ā 
[Whitepaper] Digital Transformation: Workforce Digitization
[Whitepaper] Digital Transformation: Workforce Digitization[Whitepaper] Digital Transformation: Workforce Digitization
[Whitepaper] Digital Transformation: Workforce DigitizationFlevy.com Best Practices
Ā 
[Whitepaper] Strategic Human Resources: Evolution of Competition
[Whitepaper] Strategic Human Resources: Evolution of Competition[Whitepaper] Strategic Human Resources: Evolution of Competition
[Whitepaper] Strategic Human Resources: Evolution of CompetitionFlevy.com Best Practices
Ā 
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...Flevy.com Best Practices
Ā 
[Whitepaper] Strategy Classics: Value Disciplines Model
[Whitepaper] Strategy Classics: Value Disciplines Model[Whitepaper] Strategy Classics: Value Disciplines Model
[Whitepaper] Strategy Classics: Value Disciplines ModelFlevy.com Best Practices
Ā 
[Whitepaper] The Definitive Guide to Strategic Planning: Hereā€™s What You Need...
[Whitepaper] The Definitive Guide to Strategic Planning: Hereā€™s What You Need...[Whitepaper] The Definitive Guide to Strategic Planning: Hereā€™s What You Need...
[Whitepaper] The Definitive Guide to Strategic Planning: Hereā€™s What You Need...Flevy.com Best Practices
Ā 
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...Flevy.com Best Practices
Ā 
[Whitepaper] The ā€œTheory of Constraints:ā€ Whatā€™s Limiting Your Organization?
[Whitepaper] The ā€œTheory of Constraints:ā€ Whatā€™s Limiting Your Organization?[Whitepaper] The ā€œTheory of Constraints:ā€ Whatā€™s Limiting Your Organization?
[Whitepaper] The ā€œTheory of Constraints:ā€ Whatā€™s Limiting Your Organization?Flevy.com Best Practices
Ā 
[Whitepaper] Transportation Cost Reduction in Supply Chain Management
[Whitepaper] Transportation Cost Reduction in Supply Chain Management[Whitepaper] Transportation Cost Reduction in Supply Chain Management
[Whitepaper] Transportation Cost Reduction in Supply Chain ManagementFlevy.com Best Practices
Ā 
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...Flevy.com Best Practices
Ā 
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...Flevy.com Best Practices
Ā 
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...Flevy.com Best Practices
Ā 
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative BehaviorsFlevy.com Best Practices
Ā 
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...Flevy.com Best Practices
Ā 
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...Flevy.com Best Practices
Ā 

More from Flevy.com Best Practices (20)

100 Case Studies on Strategy & Transformation.pdf
100 Case Studies on Strategy & Transformation.pdf100 Case Studies on Strategy & Transformation.pdf
100 Case Studies on Strategy & Transformation.pdf
Ā 
Project Management for MBA (in French)
Project Management for MBA (in French)Project Management for MBA (in French)
Project Management for MBA (in French)
Ā 
4 Stages of Disruption
4 Stages of Disruption4 Stages of Disruption
4 Stages of Disruption
Ā 
Customer-centric Culture
Customer-centric CultureCustomer-centric Culture
Customer-centric Culture
Ā 
[Whitepaper] Business Transformation Success Factors
[Whitepaper] Business Transformation Success Factors[Whitepaper] Business Transformation Success Factors
[Whitepaper] Business Transformation Success Factors
Ā 
[Whitepaper] 5 Dimensions of Employee Engagement Scorecard
[Whitepaper] 5 Dimensions of Employee Engagement Scorecard[Whitepaper] 5 Dimensions of Employee Engagement Scorecard
[Whitepaper] 5 Dimensions of Employee Engagement Scorecard
Ā 
[Whitepaper] Digital Transformation: Workforce Digitization
[Whitepaper] Digital Transformation: Workforce Digitization[Whitepaper] Digital Transformation: Workforce Digitization
[Whitepaper] Digital Transformation: Workforce Digitization
Ā 
[Whitepaper] Strategic Human Resources: Evolution of Competition
[Whitepaper] Strategic Human Resources: Evolution of Competition[Whitepaper] Strategic Human Resources: Evolution of Competition
[Whitepaper] Strategic Human Resources: Evolution of Competition
Ā 
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...
[Whitepaper] 8 Key Steps of Data Integration: Restructuring Redeployment Asse...
Ā 
[Whitepaper] Strategy Classics: Value Disciplines Model
[Whitepaper] Strategy Classics: Value Disciplines Model[Whitepaper] Strategy Classics: Value Disciplines Model
[Whitepaper] Strategy Classics: Value Disciplines Model
Ā 
[Whitepaper] The Definitive Guide to Strategic Planning: Hereā€™s What You Need...
[Whitepaper] The Definitive Guide to Strategic Planning: Hereā€™s What You Need...[Whitepaper] The Definitive Guide to Strategic Planning: Hereā€™s What You Need...
[Whitepaper] The Definitive Guide to Strategic Planning: Hereā€™s What You Need...
Ā 
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...
[Whitepaper] The Definitive Introduction to Strategy Development and Strategy...
Ā 
[Whitepaper] The ā€œTheory of Constraints:ā€ Whatā€™s Limiting Your Organization?
[Whitepaper] The ā€œTheory of Constraints:ā€ Whatā€™s Limiting Your Organization?[Whitepaper] The ā€œTheory of Constraints:ā€ Whatā€™s Limiting Your Organization?
[Whitepaper] The ā€œTheory of Constraints:ā€ Whatā€™s Limiting Your Organization?
Ā 
[Whitepaper] Transportation Cost Reduction in Supply Chain Management
[Whitepaper] Transportation Cost Reduction in Supply Chain Management[Whitepaper] Transportation Cost Reduction in Supply Chain Management
[Whitepaper] Transportation Cost Reduction in Supply Chain Management
Ā 
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...
[Whitepaper] A Great Leadership Experience: Dr. Rachid Yazami, Inventor of th...
Ā 
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...
[Whitepaper] Finding It Hard to Manage Conflict at the Workplace? Use the Tho...
Ā 
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...
[Whitepaper] Key Account Management: Handling Large Global Accounts the Right...
Ā 
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors
[Whitepaper] Nudge Theory: An Effective Way to Transform Negative Behaviors
Ā 
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...
[Whitepaper] Business Model Innovation: Creation of Scalable Business Models ...
Ā 
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
Ā 

Recently uploaded

Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
Ā 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
Ā 
Call Now ā˜ŽļøšŸ” 9332606886šŸ”Ā Call Girls ā¤ Service In Bhilwara Female Escorts Serv...
Call Now ā˜ŽļøšŸ” 9332606886šŸ”Ā Call Girls ā¤ Service In Bhilwara Female Escorts Serv...Call Now ā˜ŽļøšŸ” 9332606886šŸ”Ā Call Girls ā¤ Service In Bhilwara Female Escorts Serv...
Call Now ā˜ŽļøšŸ” 9332606886šŸ”Ā Call Girls ā¤ Service In Bhilwara Female Escorts Serv...Anamikakaur10
Ā 
Russian Call Girls In Gurgaon ā¤ļø8448577510 āŠ¹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ā¤ļø8448577510 āŠ¹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ā¤ļø8448577510 āŠ¹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ā¤ļø8448577510 āŠ¹Best Escorts Service In 24/7 Delh...lizamodels9
Ā 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel
Ā 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting
Ā 
Call Girls Jp Nagar Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Service Bang...amitlee9823
Ā 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
Ā 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876dlhescort
Ā 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon investment
Ā 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
Ā 
Call Girls Electronic City Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Servi...
Call Girls Electronic City Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Servi...Call Girls Electronic City Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Servi...
Call Girls Electronic City Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Servi...amitlee9823
Ā 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
Ā 
Call Girls Kengeri Satellite Town Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Gir...amitlee9823
Ā 
Call Girls From Pari Chowk Greater Noida ā¤ļø8448577510 āŠ¹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ā¤ļø8448577510 āŠ¹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ā¤ļø8448577510 āŠ¹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ā¤ļø8448577510 āŠ¹Best Escorts Service I...lizamodels9
Ā 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
Ā 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting
Ā 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
Ā 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...allensay1
Ā 

Recently uploaded (20)

Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Ā 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Ā 
Call Now ā˜ŽļøšŸ” 9332606886šŸ”Ā Call Girls ā¤ Service In Bhilwara Female Escorts Serv...
Call Now ā˜ŽļøšŸ” 9332606886šŸ”Ā Call Girls ā¤ Service In Bhilwara Female Escorts Serv...Call Now ā˜ŽļøšŸ” 9332606886šŸ”Ā Call Girls ā¤ Service In Bhilwara Female Escorts Serv...
Call Now ā˜ŽļøšŸ” 9332606886šŸ”Ā Call Girls ā¤ Service In Bhilwara Female Escorts Serv...
Ā 
Russian Call Girls In Gurgaon ā¤ļø8448577510 āŠ¹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ā¤ļø8448577510 āŠ¹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ā¤ļø8448577510 āŠ¹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ā¤ļø8448577510 āŠ¹Best Escorts Service In 24/7 Delh...
Ā 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
Ā 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
Ā 
Call Girls Jp Nagar Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Service Bang...
Ā 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Ā 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Ā 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
Ā 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
Ā 
Call Girls Electronic City Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Servi...
Call Girls Electronic City Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Servi...Call Girls Electronic City Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Servi...
Call Girls Electronic City Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Girl Servi...
Ā 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Ā 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Ā 
Call Girls Kengeri Satellite Town Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call šŸ‘— 7737669865 šŸ‘— Top Class Call Gir...
Ā 
Call Girls From Pari Chowk Greater Noida ā¤ļø8448577510 āŠ¹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ā¤ļø8448577510 āŠ¹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ā¤ļø8448577510 āŠ¹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ā¤ļø8448577510 āŠ¹Best Escorts Service I...
Ā 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
Ā 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
Ā 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Ā 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Ā 

The Complete Guide to DBA Practices & Procedures - Database Security - Part 14

  • 1. Database Administration: The Complete Guide to Practices and Procedures Chapter 14 Database Security
  • 2. Data Breaches ā€¢ Data breaches dominate the IT newscape ā€¢ According to The Privacy Rights Clearinghouse, more than 544 million records have been breached between January 10, 2005 and early 2012. ā€“ Over the course of almost 3,000 separate events. http://www.privacyrights.org/data-breach This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 3. How Prevalent is this Problem? ā€¢ 68% of companies are losing sensitive data or having it stolen out from under them six times a year ā€¢ An additional 20% are losing sensitive data 22 times or more per year. Sources: eWeek, March 3, 2007 IT Policy Compliance Group http://www.eweek.com/c/a/Desktops-and-Notebooks/Report-Some-Companies-Lose-Data-Six-Times-a-Year/ This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 4. Who is Responsible for Security? ā€¢ The DBA typically is responsible for administering database security ā€“ Some organizations have transferred this task to a separate security administration function that controls all of the IT security for the company. ā€“ However, even in shops where security administration is a separate entity, database security is still handled by the DBA groupā€¦ ā€¢ ā€¦because database security is handled differently than a typical IT authorization scenario. ā€“ When the security administration group handles security policies, this group usually relies on third- party security software This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 5. Login Details When the DBMS controls the addition of logins, the DBA is required to provide certain information about the login when it is created: ā€¢ Passwordā€”the key phrase, word, or character string associated with the new login that must be provided by the user before access to the database is permitted ā€¢ Default databaseā€”the name of the database to which the user will initially be connected during login ā€¢ Default languageā€”the default language assigned to the login when using the DBMS if multiple languages are supported ā€¢ Nameā€”the actual full name of the user associated with this login ā€¢ Additional detailsā€”additional details about the user for which the login has been created: e-mail, phone number, office location, business unit, and so on. This is useful for documentation purposes This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 6. login SUID DBMS user Data basename UID Database Users This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 7. Types of Privileges ā€¢ Table: to control who can access and modify the data within tables ā€¢ Database object: to control who can create new database objects and drop existing database objects ā€¢ System: to control who can perform certain types of systemwide activities ā€¢ Program: to control who can create, modify, and use database programs ā€¢ Stored procedure: to control who can execute specific functions and stored procedures This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 8. System Privileges ā€¢ System privileges control which users can use certain DBMS features and execute certain DBMS commands. ā€¢ The system privileges available will vary from DBMS to DBMS but may include: ā€“ The ability to archive database logs ā€“ Shut down and restart the database server ā€“ Start traces for monitoring ā€“ Manage storage ā€“ Manage database caches This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 9. Revoking Authority ā€¢ Revoke is the inverse of Grant ā€¢ Using Revoke, a DBA can remove privileges from a user that has previously been Granted those privileges ā€¢ Proceed with caution if WITH GRANT OPTION was used ā€“ Cascading revokes can occurThis document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 10. Label Based Access Control (LBAC) ā€¢ LBAC provides for a more granular security scheme, specifying who can read and modify data in individual rows and/or columns. ā€¢ For example, you might want to set up an authorization scenario such that employees can see their own data but no one elseā€™s. Or your authorization needs might dictate that each employeeā€™s immediate manager is able to see his payroll information as well as all of his employeeā€™s data, and so on up through the org chart. ā€¢ Setting up such a security scheme is virtually impossible without LBAC. This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 11. LBAC Example This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 12. Groups ā€¢ Group-level authority is similar to roles. ā€¢ Each DBMS provides built-in groups that cannot be changed. The following groups are common among the major DBMSs: ā€“ System administrator. Sometimes abbreviated SA or SYSADM, the system administrator group is the most powerful within the DBMS. ā€“ Database administrator. Sometimes abbreviated as DBADM or DBA, the database administrator group gives all privileges over a specific database, plus the ability to access, but not modify, data in tables within that database. ā€“ Database maintenance. Sometimes abbreviated as DBMAINT, the database maintenance group includes the specific database privileges for maintaining database objects (such as the ability to run utilities and issue commands). ā€“ Security administrator. The security administrator role, aka SSO or SECADM, has the privilege-set permitting the granting and revoking of database security across the DBMS. Any database security-related activities can be performed by the security administrator. ā€“ Operations control. Sometimes referred to as OPER or SYSOPR, the operations control role has the authority to perform operational database tasks such as backup and recovery, or terminating runaway tasks. This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 13. Using Views for Security ā€¢ A view can be created that omits sensitive information. ā€“ By creating the view without the sensitive columns, users can be granted the SELECT privilege on the view and will be able to access employee information that is deemed appropriate. ā€“ For example, this view omits salary details: This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 14. Original Data ā€œJohnsonā€ Encryption Algorithm Encrypted Data ā€œs&1Yu.8ā€ Encryption Key Decryption Algorithm Encryption Encryption transforms data rendering it unreadable to anyone without the decryption key. This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 15. ā€œIn Transitā€ Encryption ā€¢ Encrypting data in transit is undertaken to prohibit network packet sniffing. ā€“ If the data is encrypted before it is sent over the network and decrypted upon reception at its destination, then it is protected along its journey. ā€“ Anyone nefariously attempting to access the data en route will receive only encrypted data. ā€“ Without the decryption key, the data cannot be read. ā€¢ Data in transit encryption most commonly is supported using DBMS system parameters and commands or through an add-on encryption product. This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 16. SQL Injection Example ā€¢ A web-based application using dynamic SQL requires users to login with their e-mail address and a password. ā€¢ Perhaps the SQL looks something like this: ā€¢ A savvy hacker can attempt a SQL injection attack by entering: This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 17. SQL Injection Prevention ā€¢ Using well designed query language interpreters and coding applications appropriately can prevent SQL injection attacks. ā€“ When possible use static SQL. ā€“ Always validate user input by testing type, length, format, and range. ā€“ The program should make absolutely no assumptions about the size, type, or content of the data that is received. ā€“ Avoid concatenating user input that has not been validated. ā€“ Analyze input and reject anything that contains special characters such as the semi-colon (;), the string delimiter ('), comment delimiters (--, /*ā€¦*/), V$ (the beginning of Oracle DBA views), and xp_ (the beginning of SQL Server catalog stored procedures). ā€“ For Microsoft SQL Server users, beware of the Transact-SQLprocedure xp_cmdshell. This procedure spawns a Windows command shell and passes in a string for execution. This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 18. Job Scheduling and Security ā€¢ Most organizations schedules tasks to be run at predetermined times, and when those tasks involve database access, authority must be granted to the scheduler. ā€¢ It is not a very good idea to grant SYSADM authority to the job scheduler. ā€¢ Doing so would permit any job to perform any database taskā€”creating potentially severe security problems. ā€¢ Instead, determine how to grant individual authorization to specific jobs using the facilities of the scheduling package and the DBMS. This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 19. Questions This document is a partial preview. Full document download can be found on Flevy: http://flevy.com/browse/document/the-complete-guide-to-dba-practices-and-procedures-database-security-part-14-585
  • 20. 1 Flevy (www.flevy.com) is the marketplace for premium documents. These documents can range from Business Frameworks to Financial Models to PowerPoint Templates. Flevy was founded under the principle that companies waste a lot of time and money recreating the same foundational business documents. Our vision is for Flevy to become a comprehensive knowledge base of business documents. All organizations, from startups to large enterprises, can use Flevyā€” whether it's to jumpstart projects, to find reference or comparison materials, or just to learn. Contact Us Please contact us with any questions you may have about our company. ā€¢ General Inquiries support@flevy.com ā€¢ Media/PR press@flevy.com ā€¢ Billing billing@flevy.com