Chapter 19 Security - PowerPoint PPT Presentation

About This Presentation
Title:

Chapter 19 Security

Description:

Computer-based Controls - 2. Logs. Transaction logs ... Computer-based Controls - 3. Encryption or cryptosystem. Encryption key. Encryption algorithm ... – PowerPoint PPT presentation

Number of Views:57
Avg rating:3.0/5.0
Slides: 18
Provided by: CSUS5
Learn more at: https://www.csus.edu
Category:

less

Transcript and Presenter's Notes

Title: Chapter 19 Security


1
Chapter 19Security
  • Integrity
  • Security
  • Control
  • computer-based
  • non-computer-based
  • PC security
  • DBMS and Web security
  • Risk Analysis
  • Data protection and privacy laws

2
Integrity
  • Definition
  • Consistent with constraints
  • Types
  • Entity
  • Referential or existence
  • Domain
  • Enterprise

3
Security
  • Threats
  • Theft fraud
  • Loss of confidentiality
  • Loss of privacy
  • Loss of integrity
  • Loss of availability

4
Countermeasures
  • Computer-based controls
  • Non-computer-based controls

5
Computer-based Controls - 1
  • Authorization authentication
  • Password
  • Account number
  • Relations, users right (CRUD) table
  • Subschema
  • Create views

6
Computer-based Controls - 2
  • Logs
  • Transaction logs
  • Violation logs (time, terminal, violation)
  • Check points
  • Backup (redundant array of independent disks -
    RAID) recovery
  • Audit

7
Computer-based Controls - 3
  • Encryption or cryptosystem
  • Encryption key
  • Encryption algorithm
  • Decryption key
  • Decryption algorithm
  • Symmetric encryption (Data Encryption Standard
    (DES)
  • Asymmetric encryption (RSA)

8
Example of Encryption - I
  • Divide text into groups of 8 characters. Pad
    with blank at end as necessary
  • Select an 8-characters key
  • Rearrange text by interchanging adjacent
    characters
  • Translate each character into an ordinal number
    with blank as 0, A as 1, B as 2
  • Add the ordinal number of the key to the results
  • Divide the total by 27 and retain the remainder
  • Translate the remainder back into a character to
    yield the cipher text

9
Example of Encryption - II
  • Message DATA COM
  • Key PROTOCOL
  • A D A T C M O
  • 01 04 01 20 03 00 13 15 (adatc mo)
  • 01 04 01 20 03 00 13 15
  • 16 18 15 20 15 03 15 12 (protocol)
  • 17 22 16 40 18 03 28 27 (sum)
  • 17 22 16 13 18 03 01 00 remainder
  • Q V P M R C A SPACE

10
Example of Decryption - I
  • Divide cipher text into groups of eight
    characters. Pad with blanks at end as necessary
  • Translate each cipher text alphabetic character
    and the encryption key into an ordinal number
  • For each group, subtract the ordinal number of
    the key value from the ordinal number of the
    cipher text
  • Add 27 to any negative number
  • Translate the number back to alphabetic
    equivalents
  • Rearrange the text by interchanging adjacent
    characters

11
Example of Decryption - II
  • Q V P M R C A SPACE
  • 17 22 16 13 18 03 01 00 (qvpmrca )
  • 17 22 16 13 18 03 01 00
  • 16 18 15 20 15 03 15 12 (protocol)
  • 01 04 01 -7 03 00 -14 -12 (substract)
  • plus 27 27 27 27
  • 01 04 01 20 03 00 13 15
  • A D A T C M O
  • D A T A C O M

12
Non-Computer-based Controls
  • Security policy
  • Contingency plan
  • Person, phone no., procedures
  • Site (cold, warm, or hot)
  • Personnel control
  • Reference
  • Termination
  • Training
  • Balance of duty
  • Escrow maintenance agreements
  • Physical

13
PC Security
  • Policy procedure
  • Physical
  • Logical
  • Virus

14
DBMS and Web Security
  • Proxy server performance filtering
  • Firewall packet filter, application gateway,
    circuit level gateway, proxy server
  • Digital signatures Certificate Authority (CA)
  • Message digest algorithms and digital signature
  • Kerberos centralized security server
    (certificate server
  • Secure Sockets Layer (SSL) for data Secure HTTP
    for individual message
  • Secure Electronic Transaction (SET) for credit
    card Secure Transaction Technology (STT) for
    bank payment

15
Risk Analysis
  • Assets
  • Threats and risks
  • Countermeasures
  • Cost/benefit analysis
  • Testing

16
Data Protection Privacy Law
17
Assignment
  • Review chapters 5-6, 11-13, and 18
  • Read chapter 19
  • Exam 3
  • Date 12/9/04
  • Project
  • Normalization and Corrected EER diagram due date
    12/2/04
  • SQL, corrected normalization, and EER diagram due
    date 12/15/04 (MIS Department Office)
Write a Comment
User Comments (0)
About PowerShow.com