Analysis of Database Security
Scenario: ABC company is a small, but growing manufacturing company with revenues of approximately $25 million. Until now, the company has had a single headquarters and production facility in a Midwestern city, but it is building a separate sales office on the east coast which will open in a few months.
You are the Manager of IT at ABC, and you have been responsible for operating a basic set of computer applications in the Midwest office: order entry and fulfillment, financial and accounting systems, e-mail, and general office automation (word processing, etc.) You have been maintaining a Local Area Network connecting the office desktop computers to each other and to the applications running on the company servers, but there has been no access to these systems from outside the office.
You have been told by senior management that when the new sales office opens, the east coast staff must be able to enter new orders directly into the home office system using their desktop computers. They also need access to customer records and order status information. Furthermore, management wants to implement a new company website for customers to place orders online and to view their ordering history, current order status, and financial statement information without calling customer service.
You realize there are huge security implications implied by these changes. You have been uneasy in the past because the company has lacked a comprehensive computer security policy. Furthermore, most employees have not really understood all the security issues in the old "internal" computing environment. The new configuration with its networked offices and Internet-accessible elements will require more security awareness than ever. You see this as your opportunity, and imperative, to move the company to accept a formal corporate security standard. In the weeks ahead, you will begin to educate both management and system users regarding the components, necessity, and use of security standards for all of the new technologies that will be used, as well as for the current technology they have been using. In the end, you will develop all of this together into a complete corporate security program proposal.
Task Details: ABC Manufacturing has a number of internal databases which are of particular importance to the business. Some of these databases detail the company's manufacturing processes and formulae, including the unique ways to control manufacturing costs. These processes and formulae are particularly sensitive in this industry because ABC produces low-margin commodity products with little price flexibility. Some other databases have customer-specific sales contract information. Senior management recognizes that this mission critical information must be protected from loss and from unauthorized disclosure in order to preserve the company's competitive edge.
You need to explain the following to senior management:
What is meant by Database Security?
What are the essential considerations in Database Security?
How are they specifically relevant to ABC's planned computing environment?