Teaching database security and auditing

Yang, Li

doi:10.1145/1508865.1508954

Cited by 20 publications

(31 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This arises from the different regulatory compliance laws enforced by different countries and regions. Yang [6] explain that auditing as a function needs to a play a central role in ensuring compliance because an audit documents actions, practices and conduct of a business or individual. It then measures their compliance to policies, procedure, process and law.…”

Section: Database Auditing For Compliancementioning

confidence: 99%

“…The level of security that a database system offers is, at least in part measured by the level of auditing that can be implemented with the system. Yang [6] explains that there is no security without auditing; therefore security and auditing should be implemented in an integrated fashion. Auditing database activity and access can help identify security issues and resolve them quickly.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Critical Assessment of Auditing Contributions to Effective and Efficient Security in Database Systems

Matthew¹,

Dudley²

2015

Computer Science &Amp; Information Technology ( CS &Amp; IT )

View full text Add to dashboard Cite

Database auditing has become a very crucial aspect of security as organisations increase their adoption of database management systems (DBMS) as major asset that keeps, maintain and monitor sensitive information. Database auditing is the group of activities involved in observing a set of stored data in order to be aware of the actions of users. The work presented here outlines the main auditing techniques and methods. Some architectural based auditing systems were also considered to assess the contribution of auditing to database security. Here a framework of several stages to be used in the instigation of auditing is proposed. Some issues relating to handling of audit trails are also discussed in this paper. This paper also itemizes some of the key important impacts of the concept to security and how compliance with government policies and regulations is enforced through auditing. Once the framework is adopted, it will provide support to database auditors and DBAs.

show abstract

Section: Database Auditing For Compliancementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Critical Assessment of Auditing Contributions to Effective and Efficient Security in Database Systems

Matthew¹,

Dudley²

2015

Computer Science &Amp; Information Technology ( CS &Amp; IT )

View full text Add to dashboard Cite

show abstract

“…These topics include security concepts (e.g., data confidentiality, integrity and availability), protection methodologies (e.g., access control models, cryptography, and Oracle Label Security), and known attacks (e.g., SQL Injection). Similarly Yang introduces a set of topics to be covered in information security and auditing at the university level; these are "database basics, access control theories, application security, virtual private database (VPD), and database auditing [28]." While Schweitzer and Boleng do not present an approach for teaching these courses, Guimareas et al [12], Shweitzer and Brown [25], and Yang [28] present ideas for interactive learning of security concepts.…”

Section: Related Workmentioning

confidence: 99%

“…Similarly Yang introduces a set of topics to be covered in information security and auditing at the university level; these are "database basics, access control theories, application security, virtual private database (VPD), and database auditing [28]." While Schweitzer and Boleng do not present an approach for teaching these courses, Guimareas et al [12], Shweitzer and Brown [25], and Yang [28] present ideas for interactive learning of security concepts. The proposed tools to teach security concepts were developed by the authors and do not require the purchase of vendor products.…”

Section: Related Workmentioning

confidence: 99%

First use: Introducing information security in high school oracle academy courses

Stalvey

Farkas

Eastman

2012

2012 IEEE 13th International Conference on Information Reuse &Amp; Integration (IRI)

View full text Add to dashboard Cite

Security education is vital to successfully counter cyberattacks.While stand-alone computer security and database security courses are offered in college-level computer science degree programs, these courses do not reach all computing majors and are often available only for senior level students. We believe that security should be incorporated into the computing curriculum at every level, including high school computing courses. In this paper we show how to extend the widely popular high school-level Oracle Academy program with security concepts. The proposed curriculum extensions require minimal changes to the current curriculum while introducing students to the security threats in database systems.We provide example database laboratory materials that can be included in a high school database or computer science course. We show that security concepts can be presented to the students even at this early stage of their education. We propose age and education-level appropriate methods, such as computer gaming and social interaction, to deliver the security relevant course modules.We also argue that it is imperative to educate high school teachers on database security topics to ensure satisfactory delivery of the security components.

show abstract

“…Information security is defined as the preservation of three foundational qualities: confidentiality, integrity and availability of information (ISO, 2005). Data confidentiality is handled by data access control mechanisms (SANDHU et al, 1996;YANG, 2009;CALI & MARTINENGHI, 2008;MURTHY & SEDLAR, 2007), which assure that a special type of business rules, named action assertion authorization, are applied.…”

Section: Introdu Introdu Introdu Introduction Ction Ction Ctionmentioning

confidence: 99%

Evaluating Tools for Execution and Management of Authorization Business Rules

Azevedo¹,

Duarte²,

Baião³

et al. 2010

RESI

View full text Add to dashboard Cite

Forma de avaliação: double blind review (mapa de palavras com os termos mais frequentes nos artigos desta edição) Esta revista é (e sempre foi) eletrônica para ajudar a proteger o meio ambiente. Ela voltou a ser diagramada em uma única coluna para facilitar a leitura na tela do computador. Mas, caso deseje imprimir esse artigo, saiba que ele foi editorado com uma fonte mais ecológica, a Eco Sans, que gasta menos tinta.

show abstract

Teaching database security and auditing

Cited by 20 publications

References 6 publications

Critical Assessment of Auditing Contributions to Effective and Efficient Security in Database Systems

Critical Assessment of Auditing Contributions to Effective and Efficient Security in Database Systems

First use: Introducing information security in high school oracle academy courses

Evaluating Tools for Execution and Management of Authorization Business Rules

Contact Info

Product

Resources

About