Attachments: CST 620 Project 5 Db Security Asse Proposal (18 Pages Ppt).docx [ Preview Here ] CST 620 Project 5 Db Security Asse Proposal (18 Pages Ppt)1.docx [ Preview Here ]
Instructions about the topics to write the project on are below after that it is the templates to use for the write-up are uploaded below
Modern health care systems incorporate databases for more effective and efficient management of patient health care. However, it should be noted that all organizations have a database system of some form and most of these databases are relational database systems that use the Structured Query Language (SQL) for data manipulation. These enterprise databases can support anywhere from 100 users up to 10,000 users at a time. The enterprise database is not only accessible by internal users but also external users. The top threats to database servers include SQL injection (most common), network eavesdropping, unauthorized service access, password cracking, denial of service, privilege elevation, cross-site scripting, insecure configurations, malware and backup data exposure. The two major types of database injection attacks are SQL injections that target traditional (relational) database systems and NoSQL injections that target big data platforms.
Because databases are prone to cyberattacks, they must be designed and built with security controls from the beginning of the life cycle. Though a lot can be accomplished by hardening the database earliest in the life cycle, much of the security is added after they have been built, forcing IT professionals to try to catch up with the threats. Today, it is critical that database security requirements are defined at the requirements stage of acquisition and procurement. Through specific security requirements and testing and sharing of test and remediation data, system security professionals and other acquisition personnel can collaborate more effectively with vendors wishing to build more secure database systems.
The deliverables for Project 5 are: