Database Management: Law, Ethics and Security

Database Management Law, ethical motive and certificateLaw, Ethics, and bailStandards Relevant intelligent and ethical standards need to be considered in the resolve design and in future implementation. (SNHU.)A combination of bits take on introduced strong ethical relates in entropybase design increase in coat of selective information, increased sophistication in mechanisms and convenience of adit systems, increased invisibility (through absorption into the application and/or the utiliser interface), increase in circulation and excessive, globalized manduction of entropy, increased moveion with other selective informationbases and applications, increased amounts of personal learning, increased merchandising of information and poor or lacking hostage measures for selective informationbase owners. (Goguen.)Addition totallyy, the risks put on been augment by new technologies open source database management systems blot out compute and social software applications. With the combined three, the exactly defense a run intost the unethical use of information is the ethical standards of the stakeholders themselves. (DeMers.)Ethics is a set of principles of right breeding or a theory or a system of object lesson values. In a civilized society, incorruptity and ethics guide and forfeit the law. There are no legal laws to govern how individuals morally behave. Nevertheless, legal and ethical guides/rules mustiness be applied to foster the information placid in databases.Limit access of data or counteract opposed access to all or part of a data set. maximise the skills call for in learning/victimization the existing system data. utilize total data transparency, i.e., include features that convey to the end user the sapidity like he/she is the databases only user, or hide all the added complexities of distri providedion, qualification users assume that they are working with a single centralized system. hold the concept of voluntary inform ed consent.Address data protection issues and hostage concerns.Ensure that copyrights are protected.Observe copyright laws (avoid each usage of materials/information without prior and proper consent).When expanding globally, learn and observe applicable regional and/or international laws.Protect IP (Intellectual Property) and IPR (Intellectual Property Rights).Do non trench upon the intellectual property or patents of others. grip detailed records of everything (research materials, database rules, etc.) not only for future references but to protect against possible accusations/allegations of impropriety or misconduct). jural Compliance The best practices in design, data use, and storehouse to ensure legal compliance must be implemented. (SNHU.)Certain principles or practices address the increase complexity of data usage, processing and storage at all levels and stages of a business as well as the associated consequences and effects. By adopting these principles, companies can h elp ensure that privacy and information security be pay off an essential destiny of its technologies and business practices from the outset.Understand the business model and rules, specifically, how the enterprise will interact with its clients at every step of the way.Implement appropriate information security policies or build technical reinforcements as to how client information is maintained, stored, collected, utilise and percentaged. This will help identify and avert potential privacy issue concerns and risks.Protect cardholder data (including bank and credit card accounts, social security, etc.). enroll transmission of cardholder data (to safeguard the data in the event it go into the wrong hands).Protect stakeholder information (including email addresses, telephone numbers to protect them against spamming, phishing and/or unwanted robocalling).Keep abreast of legal developments and regulations concerning privacy and information security. Seek legal advice as required.Kee p data completely anonymous (within and outside the organization).Acquire the users consent before obtaining any personal and slight information.Ethical Practices The best practices in design, data use, and storage can be implemented to ensure the ethical operation of the company. (SNHU.)Following and applying ethical and moral obligations will ensure the trust and confidence of users and nodes. The protection of these stakeholders should be the pristine concern of any business enterprise.Respect the privacy of users.Never share or pass on a clients personal information to any other person or party without first informing the customer and obtaining his/her consent.Reduce the efforts of repeated and unnecessary collection of data on the user.Be willing to provide customers access to any stored information that the system has on them.Allow users the right to have this information modified or take awayd if faulty or illegally collected.Be prepared to inform customers the reasons that the enterprise is collecting, storing and using personal information.Ensure safe/secure storage and disposal of customer information. Be prepared to provide a customer with any require for the return, transfer, or destruction of the data. (Yeung.)Choose the appropriate and suitable database model for the company. rehearse the data appropriately (i.e., do not misuse or contend it for profit or otherwise).Immediately disclose security breaches to stakeholders, the local introduce Attorney General, Data Protection Supervisory Authority, and any other brass agencies.Ensure stakeholders continued access to their information.Ensure data integrity to dissuade against data tampering.Hire trustworthy, reliable and experienced staff. Perform background checks if necessary. warranter Needs of Solution In consideration of the type of organization selected, the data used, and consideration of legal and ethical standards, the security needs of your DBMS solution are required. (SNHU.)Th e group/department for which the enterprise data model was constructed relates to customer sales. Like most enterprises, the success of Vinces Vinyl relies upon customer satisfaction. Therefore, customer data must be protected and kept secure at all cost.Maintain, guard and protect the privacy of customers/users.Monitor and keep user data current (e.g., ensure that the credit cards on file have not expired).Keep data secure and confidential.Document data (explain how it was created or digitized, what it contains, including its structure and any data manipulations). This will ensure data deliverance and continuation.Ensure adequate information security (e.g., personal data, financial data, customer purchases, transactions and references).Devote time and attention to security matters. Be aware of obvious vulnerabilities to the database management system.Fortify perimeter security and defenses such as firewalls and intrusion detection systems/intrusion saloon systems (IDS/IPS).Think primarily of security in every step of the way. Perform rhythmic and deep database picture scans and assessments.Apply restrictions when granting users access to the database and review the access privileges periodically.Encrypt sensitive data. Be sure to manage the encryption/decryption keys, and change them regularly.Periodically reminder and audit user authentication. (AscentTech.com.)Database Security Plan A comprehensive but high-level security management innovation for the design that will coordinate to organizational needs should be implemented. (SNHU.)In addition to the security required to safeguard the customers, Vinces Vinyl should establish certain security practices. This will not only guard against infringement of privacy issues but also against malicious attacks and security breaches such as identity theft. Such data must be protected from unauthorized access and malicious attacks (e.g., Trojan, virus, worms, malware, adware, spyware, DDoS). Of special concern i s SQL injection, which does not infect the end users directly. Instead it infects a website, allowing the attacker to gain unauthorized access to the database and the ability to retrieve all the valuable information stored in the database.Only allow and accept the creation of strong usernames and passwords.When systems/applications come with built-in default usernames and passwords (which have been created for easy set up), the log-on information should be erased and replaced as soon as possible.Periodically review the database configuration and delete any unnecessary or unused components since certain database vulnerabilities exploit add-ons and extensions. keep off creating complex systems. Simplify or only install components that are necessary.Keep the OS, browser(s), software, and hardware current. Apply the necessary updates and security patches.Apply secure secret writing practices.Frequently monitor and audit the database to determine vulnerabilities, monitor, and audit aga in. Use available, sixpenny tools to deploy monitoring and auditing automatically. Some tools include prevention capabilities.Protect not only the data but the servers on which they reside.Keep computers and devices physically pathless to unauthorized users. Apply strong passwords and usernames.Maintain strict business procedures, e.g., lay claim individuals specific roles that they should be accountable for (e.g., backing up data, generating reports, verifying data integrity).Implement proper authorization to allow individuals the ability to see only the data that they are authorized to access.Maintain a secure storage of sensitive data (e.g., use strong passwords, install firewalls, intrusion prevention and intrusion detection systems).Properly authenticate users (i.e., make sure that a person is who he/she claims to be and is not an impostor).Apply granular access control and determine how much data an authorized user should be allowed to see. Isolate portions of the database to prevent unlimited access. For example, while a user ability be allowed access to his/her personal data, he/she must not be allowed to view/access other users data.Maintain regular backups or data movement onto disk, tape, or stored at third-party sites which are also secured and tracked. Encrypt backups to prevent unauthorized viewing or access.Keep the backups current to enable convalescence should the need arise.Implement a documented disaster recovery plan to minimize time loss which could impact the business.Apply integrity constraints by maintaining valid and current information.Enforce encryption to incoming and outgoing data. degrade and verify database log reports, histories, changes, etc. Keep everything well documented.Train the personnel department and make sure that everyone understands and has a grasp of both desktop and cloud database security.Implement strict safety procedures for everyone to follow on a regular basis.References28 Types of Computer Security Thre ats and Risks. (n.d.). Retrieved on butt on 16, 2017 from http//www.itscolumn.com/2012/03/28-types-of-computer-security-threats-and-risks/ argumentation Rules easy Predicates. (n.d.). Retrieved on March 3, 2017 from http//www.databasedesign-resource.com/business-rules.htmlConger, S. (2014). hands-on Database, 2nd Edition. MBS Direct. Retrieved from https//mbsdirect.vitalsource.com//books/9780133927078/Compliance by physique. (n.d.). Retrieved on March 16, 2017 from https//www.itlawgroup.com/resources/articles/76-compliance-by-designDatabase Study Guide. (n.d.). Retrieved on March 16, 2017 from https//ethics.csc.ncsu.edu/privacy/database/study.phpData Security Challenges. (n.d.). Retrieved on March 16, 2017 from https//docs.oracle.com/cd/B10501_01/network.920/a96582/overview.htmDe Mers, B.A. (November 20, 2014). On Ethical Issues Surrounding the plan and Designing of Databases. Retrieved on March 16, 2017 from https//www.linkedin.com/pulse/20141120200923-338627392-on-ethical-issu es-surrounding-the-planning-and-designing-of-databasesEnterprise Data Model. (October 28, 2009). Retrieved on March 3, 2017 from http//www.learn.geekinterview.com/it/data-modeling/enterprise-data-model.htmlEnterprise Data Model. (n.d.). Retrieved on March 3, 2017 from https//www.techopedia.com/definition/30596/enterprise-data-modelGoguen, J.A. (December 6, 1999). The Ethics of Databases. Retrieved on March 16, 2017 from https//cseweb.ucsd.edu/goguen/papers/4s/4s.htmlB-S98Hernandez, M. J. (2013). Database Design for Mere Mortals A Hands-On Guide to Relational Database Design, 3rd Edition. MBS Direct. Retrieved from https//mbsdirect.vitalsource.com//books/9780133122275/SNHU (2016).Modeling Business Rules. (n.d.). Retrieved on March 3, 2017 from http//www.sparxsystems.com/enterprise_architect_user_guide/10/domain_based_models/modeling_business_rules.html IT 650 Milestone Four Rubric. (n.d.). Retrieved on January 20, 2017 from https//bb.snhu.edu/bbcswebdav/pid-14554096-dt-content-rid-41 947794_1/courses/IT-650-17TW3-MASTER/IT-650%20Student%20Documents/IT%20650%20Milestone%20Four%20Rubric.pdfKandle, N. (July 1, 2005). The Enterprise Data Model. Retrieved on March 3, 2017 from http//tdan.com/the-enterprise-data-model/5205Regulatory Compliance and Database Management. (March 2006). Retrieved on March 16, 2017 from http//www.sandhillconsultants.com/whitepapers/regulatory_compliance_and_database_management_whitepaper.pdfWhat Are Business Rules? (n.d.). Retrieved on March 3, 2017 from http//etutorials.org/SQL/Database+design+for+mere+mortals/Part+II+The+Design+Process/Chapter+11.+Business+Rules/What+Are+Business+Rules/Yeung, C. (September 5, 2012). What privacy issues are gnarly in building a marketing database? Retrieved on March 16, 2017 from http//www.startupsmart.com.au/ mentor/what-privacy-issues-are-involved-in-building-a-marketing-database/