Evaluation model of the access control domain of the ISO 27002 standard applied to the database management process
Abstract:
In this study, the analysis of the vulnerabilities of the Database Management process of two institutions was conducted based on the access control domain of the international standard ISO 27002 and the maturity model of the information security administration (ISM3). 14 questions organized in 4 categories were established: business requirements for access control, access control to systems and applications, user responsibility and user access management. Three techniques were applied: the interview, observation and a technical test that was executed in order to evaluate each of the categories. It was evidenced that company A obtained the level of maturity controlled, unlike company B that obtained managed. Finally, the security mechanisms that are used to mitigate the vulnerabilities of the database management process are presented.
Año de publicación:
2019
Keywords:
- ISO 27001
- Access Control
- Database vulnerabilities
- Iso 27002
- Database manager
Fuente:
scopusTipo de documento:
Article
Estado:
Acceso restringido
Áreas de conocimiento:
- Base de datos
Áreas temáticas:
- Programación informática, programas, datos, seguridad
- Funcionamiento de bibliotecas y archivos
- Administración pública y ciencia militar
