Recent orders
Dabase Security for 21st century business
Database Security for 21st century business
Name
Professor
Institution
Course
Date
Database Security for 21st century business
Introduction
Most companies have servers for different purposes; however, the most critical servers any company has is the database servers. Data such as client details, financials, and human capital are the data that support any business in operations. For this reason, there is an increasing concern about the general protection of databases. Any breach of security would lead to either loss of data, exposure of sensitive data, unauthorized access to sensitive information or access to classified files. As companies develop, so is the need to secure the data stored within the databases. The benefits of controlled, protected access to the classified files as well as the preservation of the general integrity, standards and consistency of these data is much more expensive (Shamimabi, & Nicholas, 2008).
The concept of database security is much more focused on the, physical security, network security, encryption and authentication. The main constructs that the concept of database security thrives on includes confidentiality or protection from informal disclosure, integrity or prevention from illegal data access, and availability of equipment for identifying and recovering errors that might cause a denial of access to information. In the process of ensuring that the data stored are secure, most companies try to restrict access using software, reduce vulnerability, eliminate interference as well as upgrade their database auditing mechanisms.
Database security problems
Physical Commuters are becoming physically accessible to unauthorized users
Personnel Organizations are becoming more involved in system administration and database security
Procedural Most organizations have same people manage various operation of the database. This exposes the organization and its data to various risks, which necessitates the need for background checks.
Technical Storage, manipulation, and transmission of the data stored in the database. This needs safeguarding by technology that can enforce particular information control policies.
Database securities current and future trends
Database has undergone a number of metamorphoses; the main metamorphosis is the security lay out. Amongst these is the activity monitoring and blocking, classification, Encryption, consolidation, and configuration. However, organization can achieve these using various software. In this light, most companies dealing within database security have tried to developed software and application, but the most effective one is the product of oracle. it has solution for activity monitoring and blocking protection of databases irrespective of the platform is important, however, it should also be cost effective. Most companies use firewalls for windows based databases forgetting the vulnerability of their databases if open source software are used to hack into these databases (Shamimabi, & Nicholas, 2008).
The activities of the database on any network need monitoring to prevent any form of unauthorized access. Oracles have achieved this by preventing SQL injection and role escalations. Any database security system must prevent these in real time. The SQL grammar technology is an effective platform for reducing millions of SQL statement to few SQL characteristics. It has a high level of accuracy, performance and flexibility (Sandhu, 2008).
The system should be able to enforce white; lists and blacklists (positive and negative security model to provide protection without costly false positives. It should be able to allow for addressing SOX, PCI, HIPAA/HITECH, any other regulatory requirement. This should be easy to achieve without necessarily changing the existing databases.
Privileged User and Multi-Factor Access Control:
The cost of protecting corporate data should not be hefty therefore; organization should seek ways of protecting their data cheaply. The most trusted is the Oracle Database Vault; oracle database vault is an effective way by which organization can address regulatory directives. Organization also needs to secure their existing application, as is a mandatory requirement by some regulation of which Gramm-Leach-Bliley Act (GLBA) is the key. They call for separation of the duties from the any other activities related to data management with the aim of securing data and make certain that the veracity of data is managed. Organization face increased challenge of proactively safeguarding of their application data kept in their databases. In this way, organization will use data for the intended purpose and not adversely. Only Privileged database clients should only access data. This requires the need for multifactor policy within the organization that can control the level of access by use of any built in factor. This may include instance, IP address, application record, application bypasses as well as the authentification methods.
Data Classification:
Shamimabi, & Nicholas, (2005), argue that industry leading application software is important. The bottom line of any database security is to classify data effectively in order to mediate access to organization data stored within the databases irrespective of the classification. A good database security system should be seamless to meet all the level of security. Organizations specifically design these systems to meet the requirement of the multilevel security requirements. Organization need systems that can classify data to allow access based on need to know. In this way, organization can protect the privacy of their data and realize the regulatory compliances. Label security should be integrated with identity management to enable centralized definition of the organization policy. The database systems should be able to support parent Data Encryption and offer hold up for PKI, Kerberos, and any other RADIUS-based well-built validation systems.
Sandhu, (2008), argues that database security should be cost effective and comply with various privacy and regulatory requirement such as the Sarbanes-Oxley, or the Payment Card Industry (PCI) and even the latest Data Security Standard (DSS). However, the Health Insurance Portability and Accountability Act (HIPAA), is a new regulatory mandate, which might require constant upgrading necessitating the need for flexibility and compatibility of systems. Customers should be able to transparently encrypt any of their application data and other sensitive columns like their credit card numbers social security and PIN numbers while in the database as well as in back up devices or even over then networks. The systems need to be cost effective.
Consolidated Auditing And Reporting:
There are many insider threats that most organizations phase. However, databases security systems need to automatically collect and consolidate the audits that the organization carries out in search of quality and total security. Organization are in need of systems that offer them secure and scalable audit warehouses that also enable simplified recording and automating the collection and final consolidation of audit data. Organization need to control database audit centrally and managed from within the database security system to reduce the cost related to IT security.
Secure Configuration Management,
According to Baker, et al, (2009), organization should be ready to increase the level of the database security and compliance with the IT control frameworks. This includes frameworks like Control Objectives for Information and related Technology: (COBIT), global directives require internal control, database security configuration management global directives. It should enhance discovery, and vulnerability scanning while ensuring compliance benchmarking, including any other functionality such as central management of database configuration. Organizations require this to detect and prevent configuration drift in the databases. Organizations should also have systems that can alert them in case of critical patches issued by various security framework developers. This, might help in invoking a patch wizard that automatically deploys patches and ensure that application databases within organizations are always updated and secure from unauthorized access (Bertino, Byun, & Kamra, 2007)..
Data Masking
There is increasing need for marking of sensitive information by replacing them realistic values. In this way, organization can use production data for the purpose of analysis, development, and even sharing with the out-sourced partners. Organization can also share these data with offshore partners as well. This might apply the use of templates readily available in libraries and the format rules. This consistently transforms data with the view of maintaining referential integrity for all application used within the organization.
Conclusion
While protecting the database from intrusion is important, it is also important to underscore the need for management restrain and controlled access. This will go a long way in ensuring that the company has the best protection from espionage, hacking, data leaks and data theft. The main database protraction platforms include oracle.
References
Baker, H., Hutton, A., Hylender, D., Novak, C., Porter, C., Sartin, B., Tippett, P., & Valentine, (2009). The 2009 data breach investigations report. Verizon Business. Retrieved January 31, 2010,
Bertino, E., Byun, J., & Kamra, A. (2007). Database security. security, privacy, and trust in modern data management (Data-centric systems and applications) (pp. 87-102).New York: Springer-Verlag.
Sandhu R., (2009). Database security concepts, approaches, and challenges: IEEE Dependable secure computing
Shamimabi P., & Nicholas R., (2008).Protocol engineering for web service conversations: journal of Engineering Applications of Artificial Intelligence, Special Issue on Agent-oriented Software Development
D& G Promotional Plan
Promotional Plan for D & G
Name
Institution
Promotional plan for D & G
Dolce and Gabbana (D & G) represents authentic and eccentric luxurious products. It is a brand that signifies elegance and represents a kind of clothing that is classy based on new innovations and creativity. The brand has over the years maintained its identity based on the standards, roots, and the pillars in which the organization is based. D & G has continually evolved over the years through the use of male and female models to market and promote its brands. For example, it has used a Russian 22 year old model called Andreea Diaconu to advertise its products. According to Richard (2010), the company has realized that the use of such attractive models make the company products more attractive to the consumers. This has made the product stand out in the market and develop a very strong brand name in the market. The company has also displayed itself and come out as a brand that represents simplicity, glamour, and trend. Musicians have also played a great role in promoting the brand as witnessed by the rappers who portray a flashy lifestyle. They have helped the product develop a sense of luxury and brand power. D & G have a target customer of people between the age of 15 and 30 years who are sensitive about trends and fashion.
In order to achieve an effective promotional plan for the brand, it is important to carry out a competitor analysis that would enable the organization develop a competitive advantage and at the same time establish the strengths and weaknesses of the organization. The major competitors for D & G include Gucci, Channel, Prada, Versace, and Dior. However, D & G has out matched the competitors because of its unmatchable strong fashion contemporary and quality (Richard, 2013). It has also expanded its boutiques that target specific segments of the market across the world, thereby making it stand out above all its competitors. The other promotional plan or promotional idea is the aspect of advertising, whose main aim is to persuade customers to purchase the brand under promotion. An effective advertisement should be able to promote the product consumption as reflected in the increase in sales.
However, it is important to analyze the kind of advertisement used. This is because an advertisement that elicits negative public reaction can seriously dent the company’s public image and consequently lower its sales. D & G has not had an effective advertisement strategy since the kind of advertisement it uses is non-specific and lacks thematic balance. It also does not take into consideration the psychological requirements of particular market segments. The organization’s advertisement is also not effective in the sense that it has some form of gender sexual objectification of women. According to Blasberg (2014), a good media advertisement should be able to exhibit a content that is of thematic harmony and be able to target a particular market segment at a particular time. An advertisement that has some form of sexual objectification only portrays the organization as one that advocates for female sexual objectification, which only gives the company a negative public image. If such a thing happens to Dolce and Gabanna, it may only make its customers escape to its competitors. The other market strategy that has made Dolce and Gabanna enjoy a huge market share is its ability to develop a variety of product designs in every market segment. It has stocked product designs for children, adults, and even the middle aged.
References
Blasberg, Derek. (2014). Andreea Diaconu’s Model Behavior. The Wall Street Journal. Retrieved from:http://online.wsj.com/news/articles/SB10001424052702303933104579304763970245636
D’Avene, Richard. (2010). Fashion Conscious: Lessons in Commoditization from the Fashion Industry. Ivey Business Journal, Retrieved from:HYPERLINK “http://iveybusinessjournal.com/topics/strategy/fashion-conscious-lessons-in-commoditization-from-the-fashion-industry” l “.UuavfdKDrIU”http://iveybusinessjournal.com/topics/strategy/fashion-conscious-lessons-in-commoditization-from-the-fashion-industry#.UuavfdKDrIU
D’Aveni, Richard Anthony. (2013). Beating the Commodity Trap: How to Maximize Your Competitive Position and Increase Your Pricing Power, Harvard Business Press, USA
Negotiation gone bad
Negotiation gone bad
Negotiation is a process whereby individuals discuss their conflicting interests to settle on a mutual agreement (Alavoine, Kaplanseren & Teulon, 2013). Below is an example of a negotiation gone bad.
An employee receives feedback on his performance evaluation. The performance is poor, and he feels that the assessment should be positive as he has been working hard and giving suggestions to improve the company’s performance. He goes to the employer and shouts, “Mr Riggs, Why did you do this to me? I have been working hard, and this evaluation does not consider my hard work”. As Riggs hears this, gets up and shouts back at the employee,” Who do you think you are to question my work? I make all the decisions and what I say must stand”. The conversation turned to a heated quarrel which led to the employer asking him to leave the office. According to Mr Riggs, the employee thinks that he is not performing his evaluations fairly, and it annoys him. After a week, the employee receives a job dismissal letter.
Analysis
The employee started the conversation in a poorly, by throwing allegations at his employer. He begins by shouting at Mr Riggs instead of politely asking for explanations and reasons for the poor feedback. The procedure would require a plan for a meeting to address the issue. After the meeting time is approved, the employee asks for clarification, and the employer justifies his actions through by explaining the reasons behind the negative feedback. Next, a proper bargain takes place by giving a concession and ways to solve the issue at hand. The employer explains the activities he has been doing, along with the results achieved and the impact it had on the company. On the other hand, Mr Riggs explains the factors he considered in developing the evaluation statement. With these two evaluations, they can analyze them and come up with a final analysis that is true and agreed on by both parties.
Through this process, the outcome of dismissing the employee from work could not have occurred. Instead, evidence of the factors that Riggs considered in coming up with the evaluation would be revealed. The employer would also get an explanation of why the human resource manager did not assess because Mr Riggs, the employer may usually be out of the office attending meetings hence has no adequate information on employee performance.
Reference
Alavoine, C., Kaplanseren, F., & Teulon, F. (2013). Teaching (And Learning) Negotiation: Is There Still Room For Innovation?. International Journal Of Management & Information Systems (IJMIS), 18(1), 35. doi: 10.19030/ijmis.v18i1.8337
