|
|
 |
|
Network and Database Security: Regulatory Compliance, Network, and Database Security - A Unified Process and Goal
Errol A. Blake ABSTRACT
Database security has evolved; data security professionals have developed numerous techniques and approaches to assure data confidentiality, integrity, and availability. This paper will show that the Traditional Database Security, which has focused primarily on creating user accounts and managing user privileges to database objects are not enough to protect data confidentiality, integrity, and availability. This paper is a compilation of different journals, articles and classroom discussions will focus on unifying the process of securing data or information whether it is in use, in storage or being transmitted. Promoting a change in Database Curriculum Development trends may also play a role in helping secure databases. This paper will take the approach that if one make a conscientious effort to unifying the Database Security process, which includes Database Management System (DBMS) selection process, following regulatory compliances, analyzing and learning from the mistakes of others, Implementing Networking Security Technologies, and Securing the Database, may prevent database breach.
Keywords: Information Technology (IT), Information Security (InfoSec), Database Management System (DBMS), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes- Oxley Act (SOX), California Security Breach Information Act (CSBIA), Gramm-Leach-Bliley Act (GLB), The Fair and Accurate Credit Transactions Act (FACT Act), The Enterprise Information Security Policy (EISP), System-Specific Policy (SSP), Electronic Communications Protection Act (ECPA), SQL Injection, PCI Data Security Standard (PCI DSS).
|
Copyright © 2006 Association of Digital Forensics, Security and Law (ADFSL)