Week #8 MidTerm Assignment 1
The database is the most tender segment of the information technology (IT) infrastructure. The systems are susceptible to both internal and external attackers. Internal attackers are workers or individuals with the organization which uses data obtained from the organizational servers for personal gain. Organizations like Vestige Inc. holding nesh data for varying organizations require absolute security and sober database security assessment for effectiveness. The database security assessment is a process that scrutinizes system database security at a specific time or period (Ransome & Misra, 2018). Organizations offering data storage hold crucial information like financial data, customer records, and patient data. This type of information is of significant value to attackers and hackers highly target such information. It is thus crucial to perform regular system security assessments within the organization as the primary step to maximizing database security. Regular assessment eases bug identification offering promising results on the reliability of the systems. The current paper will highlight the significant process of carrying out database security assessments for the organization’s system architect to ensure that it does not pose a danger to the parent organization database system.
The database security assessment should consider using such techniques that do not exploit the system, which may result in system error or collapsing. As a primary assessment measure, the database architect considers susceptibility evaluation as the first action during the security assessment process. In this case, as adopted in the case of Vestige Inc., the security measurement occurs concerning known attackers. As a system architect, I will carry out an assessment based on knowledge of unsophisticated attackers. From this point, identification of areas across which vulnerabilities emanate from like weak or open database password policy and software coding error get identified and assessed vulnerabilities. Each component identified gets rated and reports on the different vulnerabilities generated and presented in infographics. The assessor will take the vulnerabilities and improve database security based on the obtained results.
Architecture, threat, attack surface, and mitigation (ATASM) is a unique process that I will apply when assessing the security of the database systems. The procedure is essential for beginners as it keeps track of data within the system and follows a unique procedure to attain quality results and secure the systems (Schoenfield, 2015). With the model, the primary procedure will be understanding the logic and components of the system and highlighting communication flow together with vital data moved and stored in the database. The other adopted process on threats would be; listing possible threat agents and the goals of each threat model. Identify and formulate a conceivable attack model for the threat model and then formulate objectives based on the attack model. After the process, then the third component gets approached. The step covers the attack surface and includes, decomposition of the system to bring out possible attack surfaces and application of viable attack surface objectives. Finally, one would apply viable measures to exposed threat agents.
The last ATASM step is the mitigation stage. Mitigation focused on narrowing down the vulnerabilities and addressing effectively susceptible areas to address attacker vendors wholly. With the area, I will tabulate the security controls to address each attacker’s surface identified above. I will then group the attack surface, which has sufficient security on a different list. After that, I will apply security measures to address attack surfaces that have insufficient security. The mitigation process would ensure complete scrutiny of the database architect to ensure that all areas get covered and that no surface is left susceptible to the threat. The final step on the ATASM model, thus, would be formulating and building as sturdy database defense, which is impenetrable by attackers. The ATASM models are a unique strategy to address security issues.
Brook S. E. Schoenfield. (2015). Securing Systems: Applied Security Architecture and Threat Models. Retrieved from http://www.ittoday.info/Excerpts/Securing_Systems.pdf
Ransome, J., & Misra, A. (2018). Core software security: Security at the source. Retrieved from http://docshare01.docshare.tips/files/26397/263973067.pdf