IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.126 Creation of a database security concept
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: IT Security Management
The long-term keeping of centralised data is of crucial importance for the
information management at authorities and corporations. For this reason, it is
essential to create a database concept. Such a concept defines the preparations
necessary for putting the database into operation, and should always include a
database security concept which focuses on the operation of the database.
Inadequate protection of data might result in a loss of confidentiality,
availability or integrity. To prevent this, it is absolutely necessary to prepare a
detailed database security concept.
To ensure the security of a database, a suitable database management system
(DBMS) needs to be employed. To offer effective protection, the database
management system needs to meet the following requirements: The DBMS
must be
- based on a comprehensive security policy
- incorporated into the IT security concept of the organisation
- installed correctly and
- administered correctly.
Direct access to the database (e.g. via SQL interpreters such as SQL*Plus)
must only be possible for administrative users, in order to prevent
manipulation of the data and database objects (e.g. tables and indices).
Modifications to database objects must always be controlled via special IDs.
For this purpose, the database management system must incorporate a suitable
access control and login concept (refer to S 2.129 Controlling Access to
Database Information and S 2.128 Controlling Access to a Database System).
User IDs which can only perform data modifications via an application must
not be granted direct access to the database, while IDs for managing database
objects must be granted direct, controlled access.
A database security concept must also settle the following important issues:
- The physical storage or mirroring of database files (e.g. the database
management software, the database itself, or the log files) as well as their
distribution must be specified in order to increase availability and
reliability, for example. For security reasons, mirrored control files should
be stored on different hard disks. This would prevent a loss of all the
control files in case of a failure on one hard disk. If the database objects of
an application are stored in separate data files, these files should be
distributed so as to prevent a failure on a hard disk from affecting all
applications.
Example:
A database manages the data of two applications, using one data file each
for the tables and indices. These data files can be distributed as required
among four hard disks.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000