Enhancing Computer Security and Data Integrity Strategies

1. Chapter 19Security • Integrity • Security • Control • computer-based • non-computer-based • PC security • DBMS and Web security • Risk Analysis • Data protection and privacy laws

2. Integrity • Definition • Consistent with constraints • Types • Entity • Referential or existence • Domain • Enterprise

3. Security • Threats • Theft & fraud • Loss of confidentiality • Loss of privacy • Loss of integrity • Loss of availability

4. Countermeasures • Computer-based controls • Non-computer-based controls

5. Computer-based Controls - 1 • Authorization & authentication • Password • Account number • Relations, users & right (CRUD) table • Subschema • Create views

6. Computer-based Controls - 2 • Logs • Transaction logs • Violation logs (time, terminal, violation) • Check points • Backup (redundant array of independent disks - RAID) & recovery • Audit

7. Computer-based Controls - 3 • Encryption or cryptosystem • Encryption key • Encryption algorithm • Decryption key • Decryption algorithm • Symmetric encryption (Data Encryption Standard (DES) • Asymmetric encryption (RSA)

8. Example of Encryption - I • Divide text into groups of 8 characters. Pad with blank at end as necessary • Select an 8-characters key • Rearrange text by interchanging adjacent characters • Translate each character into an ordinal number with blank as 0, A as 1, B as 2… • Add the ordinal number of the key to the results • Divide the total by 27 and retain the remainder • Translate the remainder back into a character to yield the cipher text

9. Example of Encryption - II • Message: DATA COM • Key: PROTOCOL • A D A T C M O • 01 04 01 20 03 00 13 15 (adatc mo) • 01 04 01 20 03 00 13 15 • 16 18 15 20 15 03 15 12 (protocol) • 17 22 16 40 18 03 28 27 (sum) • 17 22 16 13 18 03 01 00 remainder • Q V P M R C A SPACE

10. Example of Decryption - I • Divide cipher text into groups of eight characters. Pad with blanks at end as necessary • Translate each cipher text alphabetic character and the encryption key into an ordinal number • For each group, subtract the ordinal number of the key value from the ordinal number of the cipher text • Add 27 to any negative number • Translate the number back to alphabetic equivalents • Rearrange the text by interchanging adjacent characters

11. Example of Decryption - II • Q V P M R C A SPACE • 17 22 16 13 18 03 01 00 (qvpmrca ) • 17 22 16 13 18 03 01 00 • 16 18 15 20 15 03 15 12 (protocol) • 01 04 01 -7 03 00 -14 -12 (substract) • plus 27 27 27 27 • 01 04 01 20 03 00 13 15 • A D A T C M O • D A T A C O M

12. Non-Computer-based Controls • Security policy • Contingency plan • Person, phone no., procedures • Site (cold, warm, or hot) • Personnel control • Reference • Termination • Training • Balance of duty • Escrow & maintenance agreements • Physical

13. PC Security • Policy & procedure • Physical • Logical • Virus

14. DBMS and Web Security • Proxy server: performance & filtering • Firewall: packet filter, application gateway, circuit level gateway, & proxy server • Digital signatures & Certificate Authority (CA) • Message digest algorithms and digital signature • Kerberos: centralized security server (certificate server • Secure Sockets Layer (SSL) for data & Secure HTTP for individual message • Secure Electronic Transaction (SET) for credit card & Secure Transaction Technology (STT) for bank payment

15. Risk Analysis • Assets • Threats and risks • Countermeasures • Cost/benefit analysis • Testing

16. Data Protection & Privacy Law

17. Assignment • Review chapters 5-6, 11-13, and 18 • Read chapter 19 • Exam 3 • Date: 12/9/04 • Project • Normalization and Corrected EER diagram due date: 12/2/04 • SQL, corrected normalization, and EER diagram due date: 12/15/04 (MIS Department Office)