Scribd
Upload
2 views

NOTES (3)

ict

Uploaded by

Rodgers Neo
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
2 views

NOTES (3)

ict

Uploaded by

Rodgers Neo
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 3

COMPUTER SECURITY

Computer systems are increasingly being used to store information about all aspects of an
enterprise. The data stored in a DBMS is often vital to the business interests of the organization
and is regarded as a corporate asset. In addition to protecting the intrinsic value of the data,
corporations must consider ways to ensure privacy and to control access to data that must not be
revealed to certain groups of users for various reasons.
There are three main objectives to consider while designing a secure computer application:
1. Secrecy: Information should not be disclosed to unauthorized users. For example, a student
should not be allowed to examine other students' grades.
2. Integrity: Only authorized users should be allowed to modify data. For example, students
may be allowed to see their grades, yet not allowed (obviously!) to modify them.
3. Availability: Authorized users should not be denied access. For example, an instructor who
wishes to change a grade should be allowed to do so.
To achieve these objectives, a clear and consistent security policy should be developed to
describe what security measures must be enforced. In particular, we must determine what part of
the data is to be protected and which users get access to which portions of the data. Next, the
security mechanisms of the underlying DBMS (and OS, as well as external mechanisms such as
securing access to buildings and so on) must be utilized to enforce the policy. We emphasize that
security measures must be taken at several levels. Security leaks in the operating system or
network connections can circumvent database security mechanisms. For example, such leaks
could allow an intruder to log on as the database administrator with all the attendant DBMS
access rights! Human factors are another source of security leaks. For example, a user may
choose a password that is easy to guess, or a user who is authorized to see sensitive data may
misuse it. Such errors in fact account for a large percentage of security breaches.
Views provide a valuable tool in enforcing security policies. The view mechanism can be used to
create a `window' on a collection of data that is appropriate for some group of users. Views allow
us to limit access to sensitive data by providing access to a restricted version (through a view) of
that data, rather than to the data itself.
Security of a computer is related to the following situations:-
i. Theft and fraud
ii. Loss of confidentiality
iii. Loss of privacy
iv. Loss of integrity
v. Loss of availability
These situations could be closely related such that an activity that leads to loss in one area may
also lead to loss in another.
Theft and fraud affect not only the computer environment but also the entire organization.
Loss of confidentiality could lead to loss of competitiveness.
Loss of integrity leads to invalid or corrupted data which may affect the operation of an
organization.
Loss of availability means that the data or system cannot be accessed which can affect the
organization’s performance.
A threat is any situation/event whether intentional or accidental that may affect a system and the
organization.
Threats in organizations may involve a person, action or circumstance that is likely to bring harm
to an organization (loss of hardware, software, data, credibility or client confidence).
Threats can be intentional or unintentional but the impact to the organization remains the same.
Any threat must be considered a potential breach of security that will have a certain impact.

Potential Threats
Hardware
Fire/floods/bombs
Data corruption due to power loss
Failure of security mechanisms giving greater access
Theft of equipment
Physical damage to equipment
Electronic interference

Communication network
Wire tapping
Cable disconnection
Electronic interference
DBMS and application software
Failure of security mechanism
Program alteration
Theft of programs

Database
Unauthorized amendment or copying of data
Theft of data
Data corruption due to power loss or surge

Users
Using another person’s means of access
Viewing and disclosing unauthorized data
Inadequate staff training
Illegal entry by hacker
Blackmail
Viruses

Programmers/operators
Creating trapdoors
Program alteration
Inadequate staff training
Inadequate security policies and procedures
Database/data administrator
Inadequate security policies

You might also like