Assignment:
"Database Security" Please respond to the following:
• Confidentiality, integrity, and availability are the three common security goals. Select at least three security vulnerabilities that could jeopardize and compromise a database. Classify each vulnerability with being technical, managerial, cultural, or procedural. Provide your rationale.
• Suggest specific actions that could be performed to minimize the vulnerabilities identified in Question 1 of this discussion. Describe how often these measures should be performed and the order in which each should be performed.
Classmate:
• Confidentiality, integrity, and availability are the three common security goals. Select at least three security vulnerabilities that could jeopardize and compromise a database. Classify each vulnerability with being technical, managerial, cultural, or procedural. Provide your rationale.
The using of a personal identifiable item as a primary key in a database could compromise a users financial security in other aspects of their lives, for the use of a social security number as the identifying unique ID could lead to identity theft if compromised which would be a cultural vulnerability. Organizational management needs to realize this is not the proper way to identify their clients. A technical vulnerability would involve not locking down the use of SQL code through a web browser. If not controlled a bad actor could append SQL code to the URL of a web site and take control and retrieve information from the internal database supplying information to the site. A procedural error would be allowing to many users access to underlying data stored in the data store by not creating separate views into table information that can then be controlled with access rules.
• Suggest specific actions that could be performed to minimize the vulnerabilities identified in Question 1 of this discussion. Describe how often these measures should be performed and the order in which each should be performed.
To eliminate the use of a social security number as an identifying marker a randomly generated number can be assigned to each user, in the system, as a replacement for personal identification. The best way to eliminate the use of SQL injection vulnerabilities is to use stored procedures in the query code for users that need to retrieve data. To eliminate too many users or not the approved users from accessing data the use of views which are only capable of displaying limited columns in a database and then granting access to those views to only the people with privileges to that data.