Database Security Policies and Procedures and Implementation for the Disaster Management Communication System
By Radostina Georgieva
Committee Members: Prof. Barbara Nicolai (Chair), Prof. Charles Winer and Prof. Keyuan Jiang
Abstract
Databases have become a major component of many modern organizations. They store sensitive information, which often is the target of malicious attacks. Attacks have become more targeted toward certain information or organizations, which has made information security a problem that needs to be addressed by every organization. The securing of information needs to be done in accordance with government regulations. With laws that need to be obeyed and new security threats being introduced along with technology advancement, information security becomes a challenge. The Disaster Management Communication System handles confidential and personal information and therefore becomes a target to information security attacks. If not secured, the database is vulnerable and accessible to virtually anybody, which means that clients’ personal information is exposed. This could make the DMCS subject to penalties and fines.
Data encryption combined with proper user administration (assigning roles and passwords) and auditing is a good way of protecting information. The advantage of data encryption is that it protects data while meeting numerous regulations, such as Health Insurance Portability and Accountability Act, Sarbanes-Oxley Act, and Privacy Act of 1974. SQL Server 2008 provides built-in data encryption and key management features, which are utilized for the database security for the Disaster Management Communication System.
