Chapter 2

Related Literature and Studies2.1 Foreign Literature2.1.1 Records Management

https://cs.uwaterloo.ca/~aataulla/papers/masters_thesis_ataullah.pdf S t o r a g e o f r e c o r d s
h a s a l w a y s b e e n a f u n d a m e n t a l objective of information systems.
owever in the past decademanaging sensitive information through
out its lifecycle! fromcreation to destruction "or archival#! has beco
m e o f s i g n i f i c a n t importance. $he increasing awareness of the impact of
technologyo n p r i v a c y h a s a d d e d m o m e n t u m t o t h e n e e d t o h a v e
b e t t e r enforcement of records retention policies. %rgani&ations today notonly have
to comply with regulations! but also have to maintain
ab a l a n c e b e t w e e n o p e r a t i o n a l r e c o r d ' e e p i n g r e ( u i r e m e n t s ! mini
mi&ing liability of storing private information! and customer privacy
preferences. $his wor' will not attempt to define the term)record* in the broad conte+t.
,nstead the term will be treated in allits generality and then applied to the world of
relational databases.-ithout attempting to differentiate terms such as data! 'nowledge!

information and record! it is recommended that the reader maintaina simple but consistent
definition of a record throughout this thesis.
2.1.2 Make Your Database More Secure
http://www.dar'reading.com/vulnerabilities and threats/ steps to ma'e your database
more secure/d/d id/0010121 any companies aren3t able to protect mission critica
ldata because they simply don3t understand how all the movingparts of their
database environments wor'. 4or controls to wor'! ,$must have a clear
understanding of where the importan t data is!who3s using it! and how it3s being
used. 56ou have one data store! but you might have manyapplications hoo'ed into it. 6ou
might not 'now who it is that3s usingthe systems if you3ve given out a lot of privileges!5 says
el Sha'ir!C$% of 7itroSecurity! a database activity monitoring "89 #
ands e c u r i t y i n f o r m a t i o n a n d e v e n t m o n i t o r i n g c o m p a n y r e c e n t l y purch
ased by c9fee. 59nd you might not even 'now where the critical data is if it3s
been copied off the system and moved to! say!test databases somewhere else.5
aluable steps include scanningfor unsanctioned! rogue databases that might have
been set up onthe fly by other departments! documenting privilege schemas!
andclassifying a company3s database assets by ris' according to the
type of data they hold. $hat can help get more out of
databases e c u r i t y i n v e s t m e n t s . % n c e , $ t e a m s ' n o w w h e r e
a l l y o u r databases are! they can ma'e sure they3re securely configured andpatched! and
use vulnerability assessment to decide what level of protection they need. 4or e+ample!
they can decide if they
warrantconstant oversight through activity monitoring software to trac'what
users are doing in these data stores at all times.