When designing a system an architect must conform to all three corners of the CIA (Confidentiality, Integrity and Accessibility) triangle. System requirements for data confidentiality are driven not only by business rules but also by legal and compliance requirements. As such, the data confidentiality (when required) must be preserved at any cost and irrespective of performance, availability or any other implications. Integrity and Accessibility, the other two sides of triangle, may have some flexibility in design.
Posted January 07, 2011
In today's world of global economy companies recognize a growing need for a single point of responsibility for all security aspects. More and more companies acknowledge a growing need for a single point of accountability for all security aspects by creating the position of information security officer (ISO). One of the main tasks of ISO is to protect companies' main asset - the data. An ISO has to recognize that for any intruder there are two ways of stealing the data - while in transmission or directly from the database. Traditionally, the main emphasis has been placed on network controls to prevent unauthorized access, and to a lesser extent, protecting data in transmission. However, database security is often overlooked.
Posted July 15, 2008