需要考虑的数据库相关安全政策_MySQL
在能够真正影响每个行业的所有的政府和行业规则中,总有一天会出现这么一条,要你真正地应用一些信息安全政策。你也许已经对密码和数据备份有了一些基本政策。但是还有更多内容。所以,如果你的企业现在才刚刚把它的安全政策放在一起,或者你已经意识到了是时候需要更新一些东西了,那么这里有几个你需要了解的数据库安全相关的问题。
从技术上来说,为了准确判断需要哪个安全政策,你需要执行信息风险评估。然而,我理解,现实情况经常会导致其它内容。就是说,我可以考虑得很少,如果有的话,但是几乎很少有不再要求我思考如下数据库相关安全政策的环境出现:
?可接受的利用率――什么可以/不可以在数据库服务器上完成,例如网络浏览和安装/卸载中间件,以及个人防火墙保护,还有MSDE, SQL Server Express 2005,以及其它非服务器系统上的数据库软件的安装。
?认证控制――对于数据库,以及有关应用程序和操作系统来说,包括密码的要求,多种成分的使用等。
?业务合作――应对外部承包人、审计人员、寄存提供者商等,包括合同规定和应用的服务级别的协商。
?业务连续性――灾难恢复和/或业务连续性计划要求可以帮助你的数据库保持运转状态,可以访问。
?变更管理――记录谁、为什么、在什么时候,如何,以及所有相关的拆除过程。
?数据备份――什么,什么时候,以及使用的方法。
?数据保持和破坏――什么,为什么,使用的方法和时间线。
?加密――不仅覆盖了静止的数据,例如加密特定的行,还覆盖了传输的数据,例如数据库服务器和网络应用程序之间的TLS。数据备份也是覆盖的一部分。
?信息分类――为信息贴上公共、内部、机密等标签。
?物理安全――构建,数据中心和服务器的安全。
?财产的删除――服务器,驱动,磁带,和其它财产。
?安全测试和审计――什么,如何,什么时候,以及谁执行的测试,用的什么工具。
?职责的分隔――用户,数据库管理员,安全审计员,以及其它与数据库管理有关的人的角色/职责。
?系统维护――打补丁,系统清理/清楚和中间件的更新。
?系统监控和意外事件的响应――谁,为什么,什么时候,以及如何进行实时监控和记录审计日志,还有为了维护正式的意外响应计划所需要的特殊需求。
?用户授权――添加/删除用户,授予谁,为什么,什么时候,多长时间的管理权限。
我认为这里有几个关键点需要与数据库中心的安全政策相关。首先,如果管理层没有明确表示他们的支持(例如,他们将会接受并强制政策的执行),你兴许也只能一起放弃这个计划。所以首先要把他们也拉上船。其次,尽可能地把你的政策提到最高级别上,这样你就可以最大化覆盖的部门和系统。最大化规则的数量,你可以真正地实施它。换句话说,如果你可以帮助它,不在你的数据库中发生以上所有的政策,并且在无线网络、存储系统等等中拥有另一套规则。同样,至少也要理解你的企业对解决PCI, GLBA, HIPAA, SOX等问题上的规则上的调整需求。这一点在你有一个依从性或者IT管理委员会来审视和现实安全政策的时候,可以带来最好的帮助。如果你能帮助它的话,你不会想要你自己管理一套政策。
最后,确保你尽可能地以一种可以直接带来最大理解和管理的方式记录你的政策。以下政策中的组成部分对于保证政策的简单性和长期的可管理性是至关重要的。
?简介――对题目的简单概括,例如加密
?目的――简单列出最高的目标和方针的策略。
?范围――说明覆盖了哪些雇员、部门和数据库系统。
?角色和职责――列出与谁有关,以及要他们支持政策的话,需要他们做什么。
?政策的陈述――你的真正的政策的陈述。你应该对每个主题有一篇陈述。换句话说,为前面列出的你选择使用的每个政策创建一个单独的模版。
?例外情况――强调没有包括在政策里面的人,部门,数据库等。
?过程――政策如何实现和在你的环境内强制执行的详细步骤。你可能会想要参考这个信息,并且把它放在不同的文件中。
?遵循――列出如何衡量是否遵循了这个政策的过程,包括所有涉及的衡量标准。
?制裁――列出当违反了政策时候会发生的事情。这可能包括了第一次违反的时候发生什么事情,第二次违反的时候发生什么事情,以及第三次违反的时候发生什么事情。
?回顾和评估――说明什么时候政策必须检查其准确性、实用性,以及遵循的目的(例如,. SOX, HIPAA, GLBA, PCI等)。
?参考――指出调整代码部分河信息安全标准(ISO/IEC 17799, ITIL, COBIT等)
?相关文档――指出其它政修订――记录针对这个政策文档进行的修改。
?修订――记录针对这个政策文档进行的修改。
?注意事项――最重要的注意事项,贴士等。它可以帮助以后的政策管理和加强。
如果你以正确的方式做完了以上所有内容来构建你的政策,它会在很长一段时间内节省你大量的时间和烦恼,让你的审计员很高兴。良好的回报值得你的努力。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How effective is receiving phone calls using airplane mode?
Feb 20, 2024 am 10:07 AM
What happens when someone calls in airplane mode? Mobile phones have become one of the indispensable tools in people's lives. It is not only a communication tool, but also a collection of entertainment, learning, work and other functions. With the continuous upgrading and improvement of mobile phone functions, people are becoming more and more dependent on mobile phones. With the advent of airplane mode, people can use their phones more conveniently during flights. However, some people are worried about what impact other people's calls in airplane mode will have on the mobile phone or the user? This article will analyze and discuss from several aspects. first
VBOX_E_OBJECT_NOT_FOUND(0x80bb0001)VirtualBox error
Mar 24, 2024 am 09:51 AM
When trying to open a disk image in VirtualBox, you may encounter an error indicating that the hard drive cannot be registered. This usually happens when the VM disk image file you are trying to open has the same UUID as another virtual disk image file. In this case, VirtualBox displays error code VBOX_E_OBJECT_NOT_FOUND(0x80bb0001). If you encounter this error, don’t worry, there are some solutions you can try. First, you can try using VirtualBox's command line tools to change the UUID of the disk image file, which will avoid conflicts. You can run the command `VBoxManageinternal
File Inclusion Vulnerabilities in Java and Their Impact
Aug 08, 2023 am 10:30 AM
Java is a commonly used programming language used to develop various applications. However, just like other programming languages, Java has security vulnerabilities and risks. One of the common vulnerabilities is the file inclusion vulnerability (FileInclusionVulnerability). This article will explore the principle, impact and how to prevent this vulnerability. File inclusion vulnerabilities refer to the dynamic introduction or inclusion of other files in the program, but the introduced files are not fully verified and protected, thus
The impact of data scarcity on model training
Oct 08, 2023 pm 06:17 PM
The impact of data scarcity on model training requires specific code examples. In the fields of machine learning and artificial intelligence, data is one of the core elements for training models. However, a problem we often face in reality is data scarcity. Data scarcity refers to the insufficient amount of training data or the lack of annotated data. In this case, it will have a certain impact on model training. The problem of data scarcity is mainly reflected in the following aspects: Overfitting: When the amount of training data is insufficient, the model is prone to overfitting. Overfitting refers to the model over-adapting to the training data.
How to turn off the comment function on TikTok? What happens after turning off the comment function on TikTok?
Mar 23, 2024 pm 06:20 PM
On the Douyin platform, users can not only share their life moments, but also interact with other users. Sometimes the comment function may cause some unpleasant experiences, such as online violence, malicious comments, etc. So, how to turn off the comment function of TikTok? 1. How to turn off the comment function of Douyin? 1. Log in to Douyin APP and enter your personal homepage. 2. Click "I" in the lower right corner to enter the settings menu. 3. In the settings menu, find "Privacy Settings". 4. Click "Privacy Settings" to enter the privacy settings interface. 5. In the privacy settings interface, find "Comment Settings". 6. Click "Comment Settings" to enter the comment setting interface. 7. In the comment settings interface, find the "Close Comments" option. 8. Click the "Close Comments" option to confirm closing comments.
What problems will bad sectors on the hard drive cause?
Feb 18, 2024 am 10:07 AM
Bad sectors on a hard disk refer to a physical failure of the hard disk, that is, the storage unit on the hard disk cannot read or write data normally. The impact of bad sectors on the hard drive is very significant, and it may lead to data loss, system crash, and reduced hard drive performance. This article will introduce in detail the impact of hard drive bad sectors and related solutions. First, bad sectors on the hard drive may lead to data loss. When a sector in a hard disk has bad sectors, the data on that sector cannot be read, causing the file to become corrupted or inaccessible. This situation is especially serious if important files are stored in the sector where the bad sectors are located.
What specific impact do mine cards have on the game?
Jan 03, 2024 am 09:05 AM
Some users may consider buying mining cards for the sake of cheapness. After all, these cards are top-notch graphics cards. However, some gamers are worried about the impact of mining cards on playing games. Let’s take a look at the detailed introduction below. What are the effects of using a mining card to play games: 1. The stability of playing games with a mining card cannot be guaranteed, because the life of the mining card is very short and it is likely to become useless after just playing. 2. The mining card is basically a castrated version of the original version. Due to long-term wear and tear, the performance in all aspects may be weak. 3. In this way, users may not be able to display all the effects of the game when playing the game. 4. Moreover, the electronic components of the graphics card will age in advance, not to mention that playing games also consumes the graphics card, so it is drained to a greater extent, so the impact on the game is great. 5. In general, use mining cards to play games
Ant Manor January 18: People often use the word 'smashing the pot' to describe things that don't get done. Guess which industry it originated from?
Feb 23, 2024 pm 04:13 PM
Ant Manor’s question on January 18: People often use “smashing the pot” to describe things that don’t get done. Guess which industry it originated from? Many friends don’t know which industry first originated from the common use of “smashing the pot” to describe things not getting done. So below, the editor will bring you the answer to Ant Manor’s daily question on January 18. If you are interested, come and find out. Just give it a try. Summary of Ant Manor's answers today Ant Manor January 18: People often use "smashing the pot" to describe things that are not done. Guess which industry problem it originated from: People often use "smashing the pot" to describe things that are not done. Guess the origin Which industry? Answer: Opera Answer analysis: 1. At the end of the Qing Dynasty and the beginning of the Republic of China, Peking Opera in the north once performed on the same stage as Shanxi Bangzi and Zhili Bangzi (now Hebei Bangzi), but the repertoire and performances remained the same.
