Effective Database Security Planning

Your employer, a small but burgeoning Financial Services Institution has been considering the implementation of a new and more secure database management system $[$DBMS$]$ since the outbreak of hacks that have been perpetrated by

cybercriminals on a number of financial institutions lately. It is not that the institution does not currently have a DBMS$,$ but

considering current market knowledge regarding the architectures that have already been hacked, management in

conjunction with the Information Security Department, of you which you are the Head, have come to the conclusion after a

thorough analysis that a new system will be required.

You have been tasked with originating the draft which must incorporate considerations that need to be taken into account as the new system will be more sophisticated than the current one, as well as the information Security imperatives that must

be observed to ensure that there are no data breaches that might potentially result in great expenses to the business.

These expenses may be expressed in terms of business disruption, loss of customer confidence, legal costs, regulatory

fines, and any direct losses that may result from a ransomware attack, for instance. The effects thereof can potentially add

up to millions.

QUESTION $1(40$ Marks$)$

You are required to produce a comprehensive Database Security Draft with details of the considerations that need to be

taken into account in respect of the complexity of the system anticipated as well as the database security imperatives that

must be incorporated into the system to secure all the institution's financial, legal, regulatory, business and moral

obligations to all its stakeholders.

You are required to produce a comprehensive Database Security Draft with details of the considerations that need to be

taken into account in respect of the complexity of the system anticipated as well as the database security imperatives that

must be incorporated into the system to secure all the institution's financial, legal, regulatory, business and moral

obligations to all its stakeholders.

Strict Considerations That Your Drat Should Make:

Database Proxy

Audit

User Accounts

Software

Data In Transit and Data At Rest

Skills

Security Techniques and Modem Databases

Security of SQL

Training