Objective

Through this real-world project you will design a secure, scalable, and responsive database security plan and requirements definition document for a system of your choice. Your chief security officer has given you the assignment of defining, developing, and documenting a database security policy and plan for your databases. This document shall define who is responsible for security in your organization and what authority is granted to that person in the advent of a security breach. Additionally, policies and procedures should be defined and documented that outline the daily administrative tasks, definition of security rules and methods, and the enforcement of those rules. Your job is not to implement the requirements but to define what the requirements are and to document them. While working on your project, assume the roles of the chief security officer, database designer, database administrator, and chief applications designer.

Part 1: Project Identification and Business Environment --

Address the following topics as they apply to your policy:

Establish authorities and responsibilities for database security management.

Develop operational and incident management procedures when security breaches are discovered.

Define personnel and procedures for daily administration and maintenance of security policies.

Part 2: Architecture and Operating System Considerations --

Address the following topics as they apply to your policy:

Define the architecture for your system. Does it use client server, web, or application servers? Given the architecture, elaborate on what

methods will be used in your database to support this architecture. Consider the following elements in the formulation of your policy:

Integration of DBMS security with client applications and operating systems

Integration of DBMS security with network operations

Integration of DBMS security with server operating systems

Integration of DBMS security with web servers and application servers

Define requirements as they relate to database security. This includes, but is not limited to: connection pooling, proxies, application

roles, file permissions, privileged accounts, password requirements, and other methods appropriate to your selection.

Part 3: User Accounts and Password Administration --

Address the following topics as they apply to your policy:

User administration

Password policies

Profile definitions and assignments. What is the criterion for assignment of a profile to an account?

Part 4: Privileges and Roles --

Address the following topics as they apply to your policy.

Security model selection

Roles, including privileged roles assignment and administration and role policies

System privileges

Object privileges

Part 5: Database Security Operations --

Address the following topics as they apply to your policy

Requirements and methodology for database logging

Requirements and methodology for activity auditing

Part 6: Data Isolation Policies --

Address the following topics as they apply to your policy:

Requirements for data isolation

Database views

Database triggers

Database stored procedures

Part 7: Physical Environment for Secured Databases --

Address the following topics as they apply to your policy:

Use of physical security and control mechanisms systems

Database backup and restore practices relating to security

Part 8: Conclusion, Summary, and References --

Develop a summary and conclusion for your paper

Cite your references