Professional Documents
Culture Documents
prevent
unauthorized
Designed
RISKS
Corruption
Theft
Misuse
Destruction of data
DATABASE AUTHORIZATION
TABLE
Contains rules that limit the
USER-DEFINED
PROCEDURES
Allows the user to create a
BIOMETRIC DEVICES
Measure
various
personal
characteristics,
such
as
fingerprints, voice prints, retina
prints,
or
signature
characteristics
INFERENCE CONTROLS
to preserve the quality and confidentiality of the database, these
INFERENCE CONTROLS
3 Types of Compromises to the
Database
Positive Compromise
User determines the specific value of a data item
Negative Compromise
User determines that a data item does not have a specific value
Approximate Compromise
User is unable to determine the exact value of an item but is able to
estimate it with sufficient accuracy to violate the confidentiality of the
data
(DDL) commands
Appropriate
Access with DBA programmers & personnel
Personal interviews
Authority
Auditor can select a sample of users & verify that the access privileges
stored in the authority table are consistent with their job descriptions
usually when very sensitive data are accessed by limited number of users
Inference
Controls
Auditor should verify that database query controls exist to prevent
Encryption
Controls
Auditor should verify that sensitive data are properly encrypted