Defense In Depth Database Security Solution
7.0 DEFENSE IN DEPTH DATABASE SECURITY SOLUTION REQUIREMENTS
Integrate your information from Step 8.
7.1 Confidentiality and Integrity of Data
The medical healthcare database management system shall implement various encryption techniques such as Triple Data Encryption Standard (TripleDES) to prevent unauthorized access to the data stored in the database, even in cases where the database is compromised and an attacker gains unauthorized access (Singh and Maini, 2011).
The healthcare DBMS shall implement validation procedures such as the Optimistic Concurrency Control Technique, which ensures data accuracy and completeness that make up the integrity of the data stored in the database (Ding et al., 2018).
The health care DBMS shall implement either Named System exceptions or Un-named System exceptions that form the system-defined exceptions in the database management system, which will be used to detect any errors that might occur in the database due to attempts to compromise the integrity of the database.
The medical health care DBMS shall use a public key infrastructure (PKI) to manage the digital certificates that are used during the implementation of the data encryption techniques used to ensure the confidentiality of the data in the database.
The healthcare DBMS should be compatible with various monitoring tools such as intrusion detection systems (IDS) and database monitoring tools that will be useful in identifying and mitigating potential attacks targeting the database, therefore, ensuring data integrity in the database (Alsmadi and AlEroud, 2017).
7.2 Authentication
The medical health care database system (DBMS) shall implement authentication measures that use something that the database user knows, such as a personal identification number (PIN), or a username, and a password to validate the identity of the user before allowing them to access the data in the database.
The medical health care DBMS shall also use authentication measures that validate the identity of the user and allow them to access the data in the database through something that the user physically possesses, such as smart cards and token devices used to generate one-time passwords (OTP).
The DBMS shall also implement authentication measures that use some other user attributes such as retina scans, facial recognition, and fingerprints to validate the identity of the user and allow them access to the database.
The database management system should also accommodate the implementation of multi-factor authentication measures such as using usernames and passwords in addition to using OTPs generated by token devices to increase the security of the database (Wang and Wang, 2014).
The medical health care DBMS shall use a public key infrastructure (PKI) to manage the digital certificates, which will be used to authenticate the identity of the user who wants to access the data stored in the database (Lozupone, 2018).
7.3 Authorization
The medical health care database management system shall define the authenticated database users who are authorized only to view the data stored in the database without performing any transactions in the database.
The healthcare DBMS shall implement measures to prevent individuals who are not stakeholders in the military hospital from viewing, accessing, modifying, and deleting the data stored in the database.
The healthcare DBMS shall also define permissions that apply to specific authenticated database users allowing or restricting them from modifying the data in the database.
The medical healthcare database management system shall define the authenticated database users who have complete control over the database, allowing them to perform any transactions, including viewing, modifying, and deleting the data in the database without any restrictions.
The health care DBMS shall also define the data in the database that can be accessed by authenticated database users and other individuals outside the military hospital without granting them the privileges to modify the data.
7.4 Access Control Security Models (by user types)
The medical healthcare database management system shall implement either Biba or Bell-LaPadula security models, which are examples of Mandatory Access Control (MAC) that allow for the classification of the database users and data into classes that allow members of the classes to access only the data in the classes (Liu, 2019).
The healthcare DBMS shall use the Role Base Access Control (RBAC) model to define data access privileges for the various roles of the stakeholders at the military hospital, which allows different stakeholders to be assigned roles with predefined permissions.
The healthcare DBMS shall also use the Discretionary Access Control (DAC) model to either allow or prevent database users from accessing the data in the database by following the policies defined by the classes under which the users are classified (Liu, 2019).
The medical healthcare database management system shall use the Rule-Based Access Control model to allow or deny the database users access to the database based on the rules that the database administrator at the military hospital will determine.
References
Alsmadi, I. M., & AlEroud, A. (2017). SDN-based real-time IDS/IPS alerting system. In Information Fusion for Cyber-Security Analytics (pp. 297-306). Springer, Cham.
Ding, B., Kot, L., & Gehrke, J. (2018). Improving Optimistic Concurrency Control Through Transaction Batching And Operation Reordering. Proceedings of the VLDB Endowment, 12(2), 169-182.
Liu, B. (2019). Cryptographic Access Control: Security Models, Relations and Construction (Doctoral dissertation, University of Bristol).
Lozupone, V. (2018). Analyze Encryption And Public Key Infrastructure (PKI). International Journal of Information Management, 38(1), 42-44.
Singh, S. P., & Maini, R. (2011). Comparison Of Data Encryption Algorithms. International Journal of Computer Science and Communication, 2(1), 125-127.
Wang, D., & Wang, P. (2014). Understanding Security Failures Of Two-Factor Authentication Schemes For Real-Time Applications In Hierarchical Wireless Sensor Networks. Ad Hoc Networks, 20, 1-15.
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Project 5 instruction
Please read this first and then see the list, below, for your Section “DiD DB Security Solution” for Project 5, as well as the names of each Section.
Defense In Depth Database Security Solution
These assignments are sections within the Request for Proposal (RFP) template and ARE NOT the Steps given in the Project. Therefore, be sure to complete the correct Section number.
An RFP is a request for someone to propose their solution and bid on building or providing a system, for example, that you are interested in acquiring. Those bidders need to know what you specifically want. You provide that information in the RFP. So, this is not your implementation, or your specific solutions. The bidders will review and study you’re your needs and determine how they can meet them. There will be many ways of meeting them, each having a different solution/implementation. When they are done considering the options and trade-offs, they will reply to the RFP, with their proposal. We are not addressing their proposal to you. We are addressing what you specify as your needs; the RFP.
RFPs normally have sections which state the requirements and then give explanations, maybe even modelling results, your own tradeoffs, considerations and preferences, etc. Then the is usually summarized in the Appendix, with just the specific, numbered requirements statements, in a table which follows the section organization of the body. That is done as a simple and clear list of what is needed and serves as a check list for the bidders to ensure that they have addressed each requirement and as a check list for you, when you receive their proposals. You want to ensure that all of your requirements are addressed. Project 5 is asking ONLY FOR THE SUMMARY.
Your deliverable is for you to provide the numbered requirements statements (no explanations and no implementations) and no discussions corresponding to your assigned Section. If there are subsections within your section, provide the numbered requirements within each subsection and make sure all of the requirements statements in that subsection are related to the subsection topic. Three to five requirements statements will suffice, per subsection. I don’t need your set of requirements to be comprehensive and complete. But I do want to see that you understand what some of the specific requirements are, pertaining to the specific topic in your section. If your section has 3 subsections and you wrote 3-5 requirements statements in each section, your submission would be only 9 to 15 requirements statements total. That’s 9-15 separate sentences, one per line and each numbered relative to the subsection. You should have only one requirement per requirement statement.
You must use my full RFP Template, even though you are completing only one section. Please leave all of my formatting and numbering exactly as given. Then fill in your numbered requirements statements within your given section and number them relative to your section. For example, if you were assigned 4.1 to 4.4, your requirements in section 4.1 are numbered 4.1.1, 4.1.2, 4.1.3, etc. and those in section 4.2 are numbered 4.2.1, 4.2.2, 4.2.3, etc. That will make it easy for me to place all or your work into one document.
Immediately after your last section requirements, enter the summary of references, relating to your in-line citations within your requirements statements. Do not enter these at the end of the RFP.
Project 3 Scenario
NOTE: THIS IS NOT A TEAM PROJECT. I WILL ASSIGN ONE SECTION OF THE RFP TO EACH OF YOU.
Company: A U.S. military hospital. Give your hospital a name.
- The hospital wants to adopt a new medical health care database management system (DBMS).
- You are to form and be part of a team to create a request for proposal (RFP), for the DBMS, for which different vendors/suppliers will compete, to build and provide to the hospital.
- Note that an RFP is not your desired implementation of the DBMS. It is the set of requirements that you want a vendor/supplier to meet. They will propose the solution/implementation which they believe meets your requirements.
- Also note that the RFP normally consists of the body of requirements and explanations and the summary of requirements, without the explanations. This project concentrates on the summary of requirements statements, without the explanations.
You: A Security System Engineer
Your Company: The same U.S. military hospital.
Your Manager: You are reporting to the hospital’s Contracting Officer, as their technical support representative.
The Specific Assignment: You will
- Be assigned only one section of the RFP template. That section may have several sub-sections for which you are responsible.
- Create the requirements, for your Section of the RFP, for the hospital’s new medical health care DBMS, for which different vendors/suppliers will compete, to build and provide to the hospital.
- Determine 3 to 5 technical and security requirements[i] specifications, per sub-section within your section of the RFP, for the DBMS.
[i] See my guidance on writing requirements specifications. You will be providing the summary of the requirements which are normally found at the end of an RFP, for quick reference.
Complete the 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.