database security plan

Database security on Windows Server 2008r2
Through this real-world project you will design a secure, scalable, and responsive database security plan and requirements definition document for a system of your choice. Your chief security officer has given you the assignment of defining, developing, and documenting a database security policy and plan for your databases. This document shall define who is responsible for security in your organization and what authority is granted to that person in the advent of a security breach. Additionally, policies and procedures should be defined and documented that outline the daily administrative tasks, definition of security rules and methods, and the enforcement of those rules. Your job is not to implement the requirements but to define what the requirements are and to document them. While working on your project, assume the roles of the chief security officer, database designer, database administrator, and chief applications designer.
Guidelines Back to Top
Each week you should add analysis and design elements to your project by following and extending the topics discussed in class. Plan to develop your project using a single Microsoft Word document. The format will be discussed in class. In addition, you should be prepared to share your project’s status and issues each week in class.

The final version of your project must be posted to the Dropbox. Here is a step-by-step outline to aid you in completing your project. Feel free to propose modifications that may better suit your specific goals.

Below is the key schedule for the applied research project:

Week 1: Class discussion of applied research project.
Week 2: The research project abstract is due at the end of this week.
Week 7: Applied research project report submission.

Part 1: Project Identification and Business Environment — 20 points

Address the following topics as they apply to your policy:

Establish authorities and responsibilities for database security management.
Develop operational and incident management procedures when security breaches are discovered.
Define personnel and procedures for daily administration and maintenance of security policies.

Part 2: Architecture and Operating System Considerations — 20 points

Address the following topics as they apply to your policy:

Define the architecture for your system. Does it use client server, web, or application servers? Given the architecture, elaborate on what methods will be used in your database to support this architecture. Consider the following elements in the formulation of your policy:
Integration of DBMS security with client applications and operating systems
Integration of DBMS security with network operations
Integration of DBMS security with server operating systems
Integration of DBMS security with web servers and application servers
Define requirements as they relate to database security. This includes, but is not limited to: connection pooling, proxies, application roles, file permissions, privileged accounts, password requirements, and other methods appropriate to your selection.

Part 3: User Accounts and Password Administration — 30 points

Address the following topics as they apply to your policy:

User administration
Password policies
Profile definitions and assignments. What is the criterion for assignment of a profile to an account?

Part 4: Privileges and Roles — 30 points

Address the following topics as they apply to your policy.

Security model selection
Roles, including privileged roles assignment and administration and role policies
System privileges
Object privileges

Part 5: Database Security Operations — 30 points

Address the following topics as they apply to your policy

Requirements and methodology for database logging
Requirements and methodology for activity auditing

Part 6: Data Isolation Policies — 30 points

Address the following topics as they apply to your policy:

Requirements for data isolation
Database views
Database triggers
Database stored procedures

Part 7: Physical Environment for Secured Databases — 20 points

Address the following topics as they apply to your policy:

Use of physical security and control mechanisms systems
Database backup and restore practices relating to security

Part 8: Conclusion, Summary, and References — 20 points

Develop a summary and conclusion for your paper
Cite your references
Grading Rubrics Back to Top
Category Points % Description
Project Abstract 20 2% Identify your project topic and scope for a key database security subject. Describe why the topic is important for our studies.
Content: Organization and Cohesiveness 200 77% Topic Selection and Project Scope: Select a subject important to database security. Develop a tangible project scope that clearly defines the deliverables of the project.

Executive Summary: Given a business requirement, provide a summary presentable to executives. Avoid jargon and acronyms. The presentation is the basis for your continued employment as a security analyst and an opportunity for advancement to a supervisory position.

Security Plan and Procedures: You should document your plan and procedures and support them with examples of how to implement them.

Literature Review and References: Review the major literature important to your discussion. Include a listing of references for all cited articles and books used in the preparation and development of your applied research project.

Evaluation Criteria:

Key elements of assignments covered
Content is comprehensive and accurate
Displays an understanding of relevant theory
Major requirements supported by specific details and examples
Research is adequate and timely
Writer has gone beyond textbook for resources

Organization, Presentation, Spelling, and Grammar 60 21% Report Presentation: Develop your Project Report in a professional format to ensure the best impact to technical reviewers.

Organization and Mechanics

Rules of grammar, usage, punctuation are followed
Spelling is correct

Sentences are complete, clear, and concise
Sentences are well-constructed with consistently strong, varied structure
Transitions between sentences/paragraphs/sections help maintain the flow of thought
Words used are precise and unambiguous
The tone is appropriate to the audience, content, and assignment

Total 280 100% A quality project will meet or exceed all of the above requirement