Thursday, June 30, 2022

Principle of Information Security: Module 2 The Need for Information Security (Part 2)

Without data, an organization loses its record of transactions and its ability to deliver value to customers. Any business, educational institution, or government agency that operates within the modern context of connected and responsive services relies on information systems. Even when transactions are not online, information systems and the data they process enable the creation and movement of goods and services. Therefore, protecting data in transmission, in processing, and at rest (storage) is a critical aspect of information security. The value of data motivates attackers to steal, sabotage, or corrupt it. An effective information security program implemented by management protects the integrity and value of the organization’s data.

Organizations store much of the data they deem critical in databases, managed by specialized software known as a database management system (DBMS). Database security is accomplished by applying a broad range of control approaches common to many areas of information security. Securing databases encompasses most of the topics covered in this textbook, including managerial, technical, and physical controls. Managerial controls include policy, procedure, and governance. Technical controls used to secure databases rely on knowledge of access control, authentication, auditing, application security, backup and recovery, encryption, and integrity controls. Physical controls include the use of data centers with locking doors, fire suppression systems, video monitoring, and physical security guards.

The fundamental practices of information security have broad applicability in database security. One indicator of this strong degree of overlap is that the International Information System Security Certification Consortium (ISC), the organization that evaluates candidates for many prestigious information security certification programs, allows experience as a database administrator to count toward the experience requirement for the Certified Information Systems Security Professional (CISSP).


Post a Comment