Data Protection from Insider Threats (Synthesis Lectures on Data Management)
暫譯: 內部威脅的數據保護(數據管理綜合講座)
Elisa Bertino
- 出版商: Morgan & Claypool
- 出版日期: 2012-07-13
- 售價: $1,460
- 貴賓價: 9.5 折 $1,387
- 語言: 英文
- 頁數: 92
- 裝訂: Paperback
- ISBN: 1608457680
- ISBN-13: 9781608457687
海外代購書籍(需單獨結帳)
商品描述
Chapter One introduces the notion of insider threat and reports some data about data breaches due to insider threats. Chapter Two covers authentication and access control techniques, and Chapter Three shows how these general security techniques can be extended and used in the context of protection from insider threats. Chapter Four addresses anomaly detection techniques that are used to determine anomalies in data accesses by insiders. These anomalies are often indicative of potential insider data attacks and therefore play an important role in protection from these attacks.
Security information and event management (SIEM) tools and fine-grained auditing are discussed in Chapter Five. These tools aim at collecting, analyzing, and correlating -- in real-time -- any information and event that may be relevant for the security of an organization. As such, they can be a key element in finding a solution to such undesirable insider threats. Chapter Six goes on to provide a survey of techniques for separation-of-duty (SoD). SoD is an important principle that, when implemented in systems and tools, can strengthen data protection from malicious insiders. However, to date, very few approaches have been proposed for implementing SoD in systems. In Chapter Seven, a short survey of a commercial product is presented, which provides different techniques for protection from malicious users with system privileges -- such as a DBA in database management systems. Finally, in Chapter Eight, the book concludes with a few remarks and additional research directions.
Table of Contents: Introduction / Authentication / Access Control / Anomaly Detection / Security Information and Event Management and Auditing / Separation of Duty / Case Study: Oracle Database Vault / Conclusion
商品描述(中文翻譯)
隨著數據成為當今組織的關鍵資產,如何保護這些數據免受盜竊和濫用的問題已成為這些組織的首要考量。儘管目前有多種數據安全技術可用於保護數據和計算基礎設施,但許多這些技術,例如防火牆和網絡安全工具,無法保護數據免受來自組織內部人員的攻擊。這些“內部人員”通常擁有對相關信息系統的授權訪問權限,這使得在允許他們執行工作時,阻止信息的濫用變得極具挑戰性。本書討論了幾種可以有效防護來自組織內部人員攻擊的技術。
第一章介紹了內部威脅的概念,並報告了一些由內部威脅引起的數據洩露的數據。第二章涵蓋了身份驗證和訪問控制技術,第三章展示了這些一般安全技術如何在防護內部威脅的背景下進行擴展和應用。第四章探討了用於檢測內部人員數據訪問異常的異常檢測技術。這些異常通常表明潛在的內部數據攻擊,因此在防護這些攻擊中扮演著重要角色。
第五章討論了安全信息和事件管理(SIEM)工具及細粒度審計。這些工具旨在實時收集、分析和關聯任何可能與組織安全相關的信息和事件。因此,它們可以成為尋找解決這些不良內部威脅的關鍵要素。第六章提供了職責分離(SoD)技術的調查。SoD是一個重要原則,當在系統和工具中實施時,可以加強對惡意內部人員的數據保護。然而,迄今為止,針對在系統中實施SoD的方案非常少。第七章簡要介紹了一種商業產品,該產品提供了針對擁有系統特權的惡意用戶(例如數據庫管理系統中的DBA)的不同保護技術。最後,第八章以幾條評論和額外的研究方向作為結尾。
目錄:介紹 / 身份驗證 / 訪問控制 / 異常檢測 / 安全信息和事件管理及審計 / 職責分離 / 案例研究:Oracle Database Vault / 結論