Need help with your Discussion

Get a timely done, PLAGIARISM-FREE paper
from our highly-qualified writers!

glass
pen
clip
papers
heaphones

Defense In Depth Database Security Solution

Defense In Depth Database Security Solution

Defense In Depth Database Security Solution

7.0 DEFENSE IN DEPTH DATABASE SECURITY SOLUTION REQUIREMENTS

Integrate your information from Step 8.

7.1 Confidentiality and Integrity of Data

The medical healthcare database management system shall implement various encryption techniques such as Triple Data Encryption Standard (TripleDES) to prevent unauthorized access to the data stored in the database, even in cases where the database is compromised and an attacker gains unauthorized access (Singh and Maini, 2011).

The healthcare DBMS shall implement validation procedures such as the Optimistic Concurrency Control Technique, which ensures data accuracy and completeness that make up the integrity of the data stored in the database (Ding et al., 2018).

The health care DBMS shall implement either Named System exceptions or Un-named System exceptions that form the system-defined exceptions in the database management system, which will be used to detect any errors that might occur in the database due to attempts to compromise the integrity of the database.

The medical health care DBMS shall use a public key infrastructure (PKI) to manage the digital certificates that are used during the implementation of the data encryption techniques used to ensure the confidentiality of the data in the database.

The healthcare DBMS should be compatible with various monitoring tools such as intrusion detection systems (IDS) and database monitoring tools that will be useful in identifying and mitigating potential attacks targeting the database, therefore, ensuring data integrity in the database (Alsmadi and AlEroud, 2017).

7.2 Authentication

The medical health care database system (DBMS) shall implement authentication measures that use something that the database user knows, such as a personal identification number (PIN), or a username, and a password to validate the identity of the user before allowing them to access the data in the database.

The medical health care DBMS shall also use authentication measures that validate the identity of the user and allow them to access the data in the database through something that the user physically possesses, such as smart cards and token devices used to generate one-time passwords (OTP).

The DBMS shall also implement authentication measures that use some other user attributes such as retina scans, facial recognition, and fingerprints to validate the identity of the user and allow them access to the database.

The database management system should also accommodate the implementation of multi-factor authentication measures such as using usernames and passwords in addition to using OTPs generated by token devices to increase the security of the database (Wang and Wang, 2014).

The medical health care DBMS shall use a public key infrastructure (PKI) to manage the digital certificates, which will be used to authenticate the identity of the user who wants to access the data stored in the database (Lozupone, 2018).

7.3 Authorization

The medical health care database management system shall define the authenticated database users who are authorized only to view the data stored in the database without performing any transactions in the database.

The healthcare DBMS shall implement measures to prevent individuals who are not stakeholders in the military hospital from viewing, accessing, modifying, and deleting the data stored in the database.

The healthcare DBMS shall also define permissions that apply to specific authenticated database users allowing or restricting them from modifying the data in the database.

The medical healthcare database management system shall define the authenticated database users who have complete control over the database, allowing them to perform any transactions, including viewing, modifying, and deleting the data in the database without any restrictions.

The health care DBMS shall also define the data in the database that can be accessed by authenticated database users and other individuals outside the military hospital without granting them the privileges to modify the data.

7.4  Access Control Security Models (by user types)

The medical healthcare database management system shall implement either Biba or Bell-LaPadula security models, which are examples of Mandatory Access Control (MAC) that allow for the classification of the database users and data into classes that allow members of the classes to access only the data in the classes (Liu, 2019).

The healthcare DBMS shall use the Role Base Access Control (RBAC) model to define data access privileges for the various roles of the stakeholders at the military hospital, which allows different stakeholders to be assigned roles with predefined permissions.

The healthcare DBMS shall also use the Discretionary Access Control (DAC) model to either allow or prevent database users from accessing the data in the database by following the policies defined by the classes under which the users are classified (Liu, 2019).

The medical healthcare database management system shall use the Rule-Based Access Control model to allow or deny the database users access to the database based on the rules that the database administrator at the military hospital will determine.

References

Alsmadi, I. M., & AlEroud, A. (2017). SDN-based real-time IDS/IPS alerting system. In Information Fusion for Cyber-Security Analytics (pp. 297-306). Springer, Cham.

Ding, B., Kot, L., & Gehrke, J. (2018). Improving Optimistic Concurrency Control Through Transaction Batching And Operation Reordering. Proceedings of the VLDB Endowment, 12(2), 169-182.

Liu, B. (2019). Cryptographic Access Control: Security Models, Relations and Construction (Doctoral dissertation, University of Bristol).

Lozupone, V. (2018). Analyze Encryption And Public Key Infrastructure (PKI). International Journal of Information Management, 38(1), 42-44.

Singh, S. P., & Maini, R. (2011). Comparison Of Data Encryption Algorithms. International Journal of Computer Science and Communication, 2(1), 125-127.

Wang, D., & Wang, P. (2014). Understanding Security Failures Of Two-Factor Authentication Schemes For Real-Time Applications In Hierarchical Wireless Sensor Networks. Ad Hoc Networks, 20, 1-15.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question 


Project 5 instruction

Please read this first and then see the list, below, for your Section “DiD DB Security Solution” for Project 5, as well as the names of each Section.

Defense In Depth Database Security Solution

Defense In Depth Database Security Solution

These assignments are sections within the Request for Proposal (RFP) template and ARE NOT the Steps given in the Project. Therefore, be sure to complete the correct Section number.

An RFP is a request for someone to propose their solution and bid on building or providing a system, for example, that you are interested in acquiring. Those bidders need to know what you specifically want. You provide that information in the RFP. So, this is not your implementation, or your specific solutions. The bidders will review and study you’re your needs and determine how they can meet them. There will be many ways of meeting them, each having a different solution/implementation. When they are done considering the options and trade-offs, they will reply to the RFP, with their proposal. We are not addressing their proposal to you. We are addressing what you specify as your needs; the RFP.

RFPs normally have sections which state the requirements and then give explanations, maybe even modelling results, your own tradeoffs, considerations and preferences, etc. Then the is usually summarized in the Appendix, with just the specific, numbered requirements statements, in a table which follows the section organization of the body. That is done as a simple and clear list of what is needed and serves as a check list for the bidders to ensure that they have addressed each requirement and as a check list for you, when you receive their proposals. You want to ensure that all of your requirements are addressed. Project 5 is asking ONLY FOR THE SUMMARY.

Your deliverable is for you to provide the numbered requirements statements (no explanations and no implementations) and no discussions corresponding to your assigned Section. If there are subsections within your section, provide the numbered requirements within each subsection and make sure all of the requirements statements in that subsection are related to the subsection topic. Three to five requirements statements will suffice, per subsection. I don’t need your set of requirements to be comprehensive and complete. But I do want to see that you understand what some of the specific requirements are, pertaining to the specific topic in your section. If your section has 3 subsections and you wrote 3-5 requirements statements in each section, your submission would be only 9 to 15 requirements statements total. That’s 9-15 separate sentences, one per line and each numbered relative to the subsection. You should have only one requirement per requirement statement.

You must use my full RFP Template, even though you are completing only one section. Please leave all of my formatting and numbering exactly as given. Then fill in your numbered requirements statements within your given section and number them relative to your section. For example, if you were assigned 4.1 to 4.4, your requirements in section 4.1 are numbered 4.1.1, 4.1.2, 4.1.3, etc. and those in section 4.2 are numbered 4.2.1, 4.2.2, 4.2.3, etc. That will make it easy for me to place all or your work into one document.

Immediately after your last section requirements, enter the summary of references, relating to your in-line citations within your requirements statements. Do not enter these at the end of the RFP.

Project 3 Scenario

NOTE: THIS IS NOT A TEAM PROJECT. I WILL ASSIGN ONE SECTION OF THE RFP TO EACH OF YOU.

Company: A U.S. military hospital. Give your hospital a name.

  • The hospital wants to adopt a new medical health care database management system (DBMS).
  • You are to form and be part of a team to create a request for proposal (RFP), for the DBMS, for which different vendors/suppliers will compete, to build and provide to the hospital.
  • Note that an RFP is not your desired implementation of the DBMS. It is the set of requirements that you want a vendor/supplier to meet. They will propose the solution/implementation which they believe meets your requirements.
  • Also note that the RFP normally consists of the body of requirements and explanations and the summary of requirements, without the explanations. This project concentrates on the summary of requirements statements, without the explanations.

You: A Security System Engineer

Your Company: The same U.S. military hospital.

Your Manager: You are reporting to the hospital’s Contracting Officer, as their technical support representative.

The Specific Assignment: You will

  • Be assigned only one section of the RFP template. That section may have several sub-sections for which you are responsible.
  • Create the requirements, for your Section of the RFP, for the hospital’s new medical health care DBMS, for which different vendors/suppliers will compete, to build and provide to the hospital.
  • Determine 3 to 5 technical and security requirements[i] specifications, per sub-section within your section of the RFP, for the DBMS.

[i] See my guidance on writing requirements specifications. You will be providing the summary of the requirements which are normally found at the end of an RFP, for quick reference.

Project 5 RFP Template 2201

Have a similar assignment? "Place an order for your assignment and have exceptional work written by our team of experts, guaranteeing you A results."

Order Solution Now

Attachments

Our Service Charter


1. Professional & Expert Writers: Eminence Papers only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed of papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided by Eminence Papers are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. Eminence Papers are known for the timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit in all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At Eminence Papers, we have put in place a team of experts who answer all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.

We Can Write It for You! Enjoy 20% OFF on This Order. Use Code SAVE20

Stuck with your Assignment?

Enjoy 20% OFF Today
Use code SAVE20