Process and Procedures
A database security program should include the regular review of permissions granted to individually owned accounts and accounts used by automated processes. The accounts used by automated processes should have appropriate controls around password storage such as sufficient encryption and access controls to reduce the risk of compromise. For individual accounts, a two-factor authentication system should be considered in a database environment where the risk is commensurate with the expenditure for such an authentication system.
In conjunction with a sound database security program, an appropriate disaster recovery program should exist to ensure that service is not interrupted during a security incident or any other incident that results in an outage of the primary database environment. An example is that of replication for the primary databases to sites located in different geographical regions.
After an incident occurs, the usage of database forensics should be employed to determine the scope of the breach, and to identify appropriate changes to systems and/or processes to prevent similar incidents in the future.
Read more about this topic: Database Security
Famous quotes containing the words process and/or procedures:
“If thinking is like perceiving, it must be either a process in which the soul is acted upon by what is capable of being thought, or a process different from but analogous to that. The thinking part of the soul must therefore be, while impassable, capable of receiving the form of an object; that is, must be potentially identical in character with its object without being the object. Mind must be related to what is thinkable, as sense is to what is sensible.”
—Aristotle (384–322 B.C.)
“Young children learn in a different manner from that of older children and adults, yet we can teach them many things if we adapt our materials and mode of instruction to their level of ability. But we miseducate young children when we assume that their learning abilities are comparable to those of older children and that they can be taught with materials and with the same instructional procedures appropriate to school-age children.”
—David Elkind (20th century)