Describe the security architecture phases that will effectively ensure the confidentiality, availability, and integrity of the Web database.
Answer:
Phase 1: Assessment and Analysis
Assessing and analyzing an organization’s data security needs involves the identification of vulnerabilities, threats, and assets existing within an environment’s devices, resources, and vendor relationships.
A security audit must be thorough and exhaustive, searching for every type of potential threat that may exist within the database environment. Threats can range from social engineering gaps to external firewall faults. They can be present within any of the computer, network, and database layers, so all types of security should be addressed.
By identifying risks, defining the likelihood of a threat to an asset, and determining the cost of a breached or lost asset, you can prioritize and plan reasonable measures to counteract these threats.
Steps often taken to complete a risk assessment can include:
Phase 2: Design and Modeling
The design and modeling phase involves the creation of policies and prototype security architecture that fit an organization’s needs. The policies created will rely strictly on the results of the assessment and analysis phase.
The prioritized lists of threats dictate how the model is developed and what policies are put into place. In the design and modeling phase, security policies and procedures are created, necessary firmware and software changes are defined, and security tools or applications that are used to minimize risk are identified.
The entire organization must be included in this process. From senior management to human resources to network users, all should be made aware of the security efforts taking place. Involving the entire organization in this process will ensure policies are correctly focused and realistic for both user and business needs.
Steps often taken to complete a risk assessment may include:
Phase 3: Deployment
During deployment, the security policies, firmware, and tools defined in previous phases are put into place. These security measures are deployed using the steps that were defined in the design and modeling phase.
A test environment is often created to simulate the environment in which deployment will take place. Firmware and software is purchased and also tested to ensure that unforeseen variables do not affect the overall deployment and security goals.
Changes to user training and awareness are put into place in this phase as well.
Steps often taken in Phase 3 can include:
Phase 4: Management and Support
The management and support phase involves the ongoing support, maintenance, and assessment of the security architecture deployed in phase three. During this phase, performance of the security system is monitored, and any failures or breaches would result in the reevaluation of the security architecture.
Security policies can go through minor changes, yet too many small changes or a failure in a system may initiate the need to repeat the entire process from the beginning.
Steps often taken to complete a risk assessment may include:
Describe the security architecture phases that will effectively ensure the confidentiality, availability, and integrity of the...
The pyramid of security objectives are: Confidentiality, Integrity , Availability. Discuss what each term means and provide an example to support your discussion
The pyramid of security objectives are: Confidentiality, Integrity , Availability. Discuss what each term means and provide an example to support your discussion.
The primary focus of information security is the balanced protection of the confidentiality, integrity, and availability of data while maintaining efficient policy implementation and without disrupting organizational productivity. What are some of the best ways to keep this balance? 400 words or more please
Explain in detail the importance of confidentiality, integrity, and availability as it pertains to health information privacy and security
I need a particular security issue or vulnerability related to a linux service and explore its implications with regard to confidentiality, integrity, or availability of enterprise data. discuss specific administrative or technical security controls that may effectively mitigate the issue or vulnerability. some areas for you to consider may include: •absence of hardened systems. •legacy third-party applications. •nonexistence of data backups. •ineffective enforcement of password policies. •poor linux operating system patch management.
1. Explain the cuckoo’s egg exploit using the 4 security tenets of confidentiality, integrity, availability, and accountability. 2. Questions - answer, and remember to cite chapters: Name 5 default passwords that Cliff saw that every system administrator should have changed immediately upon installing new software that came with default, known passwords. Name 3 passwords Cliff and other system users use (NOT the hacker) and discuss why they are poor;
Which of the following is referred to when at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a moderate impact value and no security objective is assigned a high impact value for an information system? a) Low-impact system b) Moderate-impact system c) High-impact system d) No-impact system
Which of the following is (are) requirements for database security? Physical database integrity logical database integrity element integrity access control Firewall user authentication Availability
ANYONE PLEASE? A distributed DoS attack is meant to compromise which security service? -CONFIDENTIALITY -INTEGRITY -AVAILABILITY -ACCESS CONTROL In a full mesh network that has "n" number of devices, how many network interface cards (NICs) would be required on each device? -N -N-1 -2N -[N(N-1)/2] Which of the following IPv4 addresses are inside the reserved private IP space? -172.33.253.15 -10.235.200.15 -127.200.50.15 -192.168.255.15 UDP resides at this layer of the OSI model. -PHYSICAL -DATA LINK -NETWORK -TRANSPORT A NIDS will take...
Classify the following as a violation of confidentiality, integrity, availability, or of some combination (and state what that is). (a) During the final examination, Alice copies an answer from another student’s paper, then realizes that the answer is wrong and corrects it before submitting her paper for grading.