Database Security Assessment

at
Categories
Tags

 

Provide an Overview for Vendors
Provide vendors with an overview of your organization
Identify which departments or individuals will use the Security Concerns Common to All RDBMS, and for what purposes
Include the types of data that may be stored in the system and the importance of keeping these data secure
Provide Context for the Work
Explain the attributes of the database and describe the environment in which it will operate
Describe the security concepts and concerns for databases
Identify at least three security assurance and security functional requirements for the database that contain information for medical personnel and emergency responders
Provide Vendor Security Standards
Provide a set of internationally recognized standards that competing vendors will incorporate into the database
Address the concepts and issues with respect to disasters and disaster recovery, mission continuity, threats, and cyberattacks
Describe Defense Models
Define the use of defense models
Provide requirements in the RFP for the vendor to state its overall strategy for defensive principles
Explain the importance of understanding these principles
Explain how enclave computing relates to defensive principles.
Define enclave computing boundary defense, include enclave firewalls to separate databases and networks.
Define the different environments you expect the databases to be working in and the security policies applicable

 

 

Sample Solution

Overview of Organization

Our organization is a medical center that provides a variety of services, including emergency care, inpatient and outpatient surgery, and diagnostic imaging. We have a team of highly skilled medical professionals who are committed to providing our patients with the best possible care.

Security Concerns Common to All RDBMS

The following are some of the security concerns common to all relational database management systems (RDBMS):

  • Data confidentiality: This refers to the protection of data from unauthorized access.
  • Data integrity: This refers to the accuracy and completeness of data.
  • Data availability: This refers to the ability of data to be accessed when needed.
  • Data authentication: This refers to the process of verifying the identity of the user or system accessing the data.
  • Data authorization: This refers to the process of granting users or systems the permissions they need to access the data.

Types of Data Stored

The database will store a variety of data, including:

  • Patient medical records
  • Emergency medical records
  • Diagnostic imaging data
  • Financial data
  • Human resources data

Importance of Keeping Data Secure

The data stored in the database is confidential and sensitive. It is important to keep this data secure to protect the privacy of our patients and to prevent unauthorized access.

Context for the Work

The database will be used by a variety of departments and individuals, including:

  • Medical personnel
  • Emergency responders
  • Financial analysts
  • Human resources staff

The database will be used to store, retrieve, and analyze data related to patient care, emergency response, financial management, and human resources.

Security Concepts and Concerns for Databases

The following are some of the security concepts and concerns for databases:

  • Physical security: This refers to the protection of the database from physical threats, such as theft or vandalism.
  • Logical security: This refers to the protection of the database from logical threats, such as unauthorized access or modification.
  • Data encryption: This refers to the process of scrambling data so that it cannot be read by unauthorized individuals.
  • User access control: This refers to the process of granting users or systems the permissions they need to access the database.
  • Auditing: This refers to the process of tracking user activity in the database.

Security Assurance and Security Functional Requirements

The following are three security assurance and security functional requirements for the database:

  • The database must be encrypted to protect the confidentiality of the data.
  • Only authorized users must be able to access the database.
  • The database must be regularly backed up to prevent data loss.

Vendor Security Standards

The vendor must meet the following internationally recognized standards for database security:

  • ISO/IEC 27001:2013
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Health Insurance Portability and Accountability Act (HIPAA)

Disasters and Disaster Recovery

The database must be designed to withstand disasters, such as natural disasters or cyberattacks. The vendor must have a disaster recovery plan in place to restore the database in the event of a disaster.

Mission Continuity

The database must be available 24/7 to support the mission-critical operations of our organization. The vendor must have a business continuity plan in place to ensure that the database is available in the event of an outage.

Threats and Cyberattacks

The database must be protected from threats and cyberattacks. The vendor must have a security plan in place to protect the database from these threats.

Defense Models

The vendor must use a defense-in-depth approach to security. This means using a layered approach to security that includes physical security, logical security, and data encryption.

Overall Strategy for Defensive Principles

The vendor must have an overall strategy for defensive principles. This strategy should include the following:

  • Regularly reviewing and updating security policies and procedures
  • Training employees on security best practices
  • Conducting regular security assessments
  • Responding promptly to security incidents

Importance of Understanding These Principles

It is important to understand the security principles that are used to protect databases. This understanding will help to ensure that the database is properly protected from unauthorized access, modification, or destruction.

This question has been answered.

Get Answer
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, Welcome to Compliant Papers.
Hi, how can I help?