Database Storage & Design Chapter 20 Homework Trojans And Spyware Similarly Desktops Mobile Malware

– Part III

3

Chapter 20 Security and Administration

Review Questions

20.1 Explain the purpose and scope of database security.

The purpose is clearly concerned with the protection of the data. However, the scope is wider than

20.2 List the main types of threat that could affect a database system and for each describe the controls

that you would use to counteract each of them.

20.3 Explain the following in terms of providing security for a database:

(a) authorization See Section 20.2.1

20.4 Discuss Discretionary Access Control and Mandatory Access Control.

Discretionary Access Control (DAC) a means of restricting access to objects based on the

Mandatory Access Control (MAC) – based on system-wide policies that cannot be changed

20.5 Describe the security measures provided by Microsoft Office Access or Oracle DBMS.

For Access, this may involve setting a password (system security) or user-level security (data

20.6 Describe the approaches for securing DBMSs on the Web.

20.7 Describe cloud computing services and the databases within their context.

Cloud computing services describes the varied forms of computing software or hardware

resources that are delivered over a network and accessed typically from a Web browser or

20.8 Describe any specific security measures for databases in mobile applications and devices.

Many of the security problems discussed in this chapter apply to mobile applications and

devices, such as:

Mobile malware Smartphones and tablets are susceptible to worms, viruses, Trojans and

spyware similarly to desktops. Mobile malware can steal sensitive data, rack up long

20.9 What tasks are associated with data administration?

20.10 What tasks are associated with database administration?

Exercises

20.11 Examine any DBMS used by your organization and identify the security measures provided.

20.12 Identify the types of security approach that are used by your organization to secure any DBMSs

that are accessible over the Web

20.13 Consider the DreamHome case study described in Chapter 11. List the potential threats that

could occur and propose countermeasures to overcome them.

20.14 Consider the Wellmeadows Hospital case study described in Appendix B.3. List the potential

threats that could occur and propose countermeasures to overcome them.

6

20.15 Investigate whether data administration and database administration exist as distinct

functional areas within your organization. If identified, describe the organization,

responsibilities, and tasks associated with each functional area.

20.16 Describe the use and potential uses of cloud computing services by your organisation and list

the potential threats, implications and countermeasures.