Which of the following databases refers to the set of interconnected multimedia pages on a website?

Internal certificates are intended for use on a single computer or within a single organization. An internal certificate offers the same protection as the commercial certificate. Internal certificates can be formed and handled by a certificate authority within an organization with the use of a Microsoft Certificate Server tool. A user can make a certificate for his or her own computer by using the Selfcert.exe (Cardoza, Hennig, Seach & Stein, 2004).

All of these security methods are used for securing the database within the computer. But there is a major difference between computer security and database security. Computer security has expanded to signify issues with regard to the networked use of computers and their resources (Jane F. Kinkus, 2002). A computer security model is a design for indicating and implementing security policies. Database systems deals with many different types of objects and the access controls are the important elements in designing security models for database security.

The objectives of confidentiality, integrity and availability comprise key components of computer security. The three objectives can be illustrated by the following examples:

This objectives appear in practically every information system. In a payroll system, for example, confidentiality is concerned with preventing an employee from finding out the boss’s salary; integrity, with preventing an employee from changing his or her own salary; and availability, with ensuring that paychecks are printed on time. Similarly, in a military command and control complex, confidentiality is concerned with preventing the enemy from determining the target coordinates of a missile; integrity, with preventing the enemy from altering the target coordinates; and availability, with ensuring that the missile is launched when the order is given (Sandhu, 1993).

While confidentiality, integrity, and availability are the chief concerns of a computer security administrator, privacy is perhaps the most important aspect of computer security for Internet users (Kinkus, 2002). Privacy on the Internet is about shielding one's personal information, even if users may feel that they have nothing to conceal when they are signing up with a website or Internet service. Kinkus explained why:

(…) privacy on the Internet is about protecting one's personal information, even if the information does not seem sensitive. Because of the ease with which information in electronic format can be shared among companies, and because small pieces of related information from different sources can be easily linked together to form a composite of, for example, a person's information seeking habits, it is now very important that individuals are able to maintain control over what information is collected about them, how it is used, who may use it, and what purpose it is used for (Kinkus, 2002).

Controlling access to information systems and associated networks is required for the preservation of its confidentiality, integrity, and availability. Confidentiality promises that the information is not revealed to unauthorized persons or processes. Integrity makes certain that the internal data is consistent with the prevention of altering information by unauthorized users. And availability reassures that a system’s authorized users have judicious and continual access to the information in the system. The additional access control objectives are reliability and utility (Ronald L. Krutz & Russell Dean Vine, 2002).

There are three things to consider for the planning and implementation of access control mechanisms that are the threats to the system, the system’s vulnerability to these threats, and the risk that the threat might pose. Access controls are applied to alleviate risk and trim down the potential for loss. Access control models are split into three categories or models. They are Mandatory Access Control (MAC), Lattice-Based Access Control (LBAC), and Role-Based Access Control (RBAC).

Mandatory Access Control is an access policy determined by the system, not the owner. MAC is used in most multilevel systems that process extremely sensitive data, such as confidential government and military information. A multilevel system is a sole computer system that manages multiple classification levels between subjects and objects (Krutz & Vines, 2002).

Lattice-Based Access Control, known as a label-based access control restriction, is used for complex access control decisions concerning multiple objects and subjects. A lattice model is a partial order set that describes the utmost lower-bound and least upper-bound values for a pair of elements, such as a subject and an object (Krutz & Vines, 2002). A lattice is used to characterize the levels of security that an object may have and that a subject may have access to. The subject is only permitted to access an object if the security level of the subject is greater than or equal to that of the object. A number of models has been developed to provide theoretical and conceptual foundations in relation to computer security (Sandhu, 1993).

And lastly, Role-Based Access Control, sometimes referred to as role based security, is a method of restricting system access to authorized users (David Ferraiolo & D. Richard Kuhn, 1992). Sandhu explained the notion of RBAC:

The central notion of RBAC is that permissions are associated with roles, and users are assigned to appropriate roles. This greatly simpli_es management of permissions. Roles are created for the various job functions in an organization and users are assigned roles based on their responsibilities and quali_cations. Users can be easily reassigned from one role to another. Roles can be granted new permissions as new applications and systems are incorporated, and permissions can be revoked from roles as needed (Sandhu, 1995).

RBAC is used in commercial applications and also in military systems, where multi-level security requisites are also in existence. RBAC directs collections of permissions that may incorporate complex operations such as an e-commerce transaction, or may be as simple as read or write. In RBAC, access is controlled at the system level outside of the user's control since users are not assigned permissions directly, but only obtain them through their role (or roles). Management of individual user rights becomes a matter of merely conveying suitable roles to the user, thus simplifying common operations, such as adding a user, or changing a user's department (Ferraiolo & Kuhn, 2002). A role in RBAC can be also cited as a set of permissions.

Controls can be preventive, detective, or corrective (Krutz, & Vines, 2002). Preventive controls are fitted in place to restrain damaging occurrences, detective controls are established to determine detrimental occurrences, and corrective controls are used to reinstate systems that are victims of harmful attacks.

To employ these measures, controls can be administrative, logical or technical, and physical. Administrative controls contain procedures and policies, background and work habit checks, security training, review of vacation history, and better supervision. Logical or technical controls engage the restriction of access to systems and the protection of information. Instances of these types of controls are encryption, smart cards, access control lists, and transmission protocols (Krutz & Vines, 2002). Generally, physical controls integrate sentinels and building security such as the fastening of doors locks, the securing of servers, desktops, or laptops, the protection of cables and wiring, the partition of duties, and the backing up of both sensitive and non-sensitive files.

Controls give liability for individuals who are obtaining sensitive information. This accountability is established through access control mechanisms that necessitate identification, authentication, and overall security.

In establishing general security, it requires detailed planning and policy. An assessment of an organization’s exposure and risks are part of the planning process. To protect the data from internal and external threats, database security evaluation is required when there is a system update or any changes applied to the database setup.

Securing a database goes beyond encrypted data and passwords. A database administrator should also be aware of the vulnerabilities by keeping confidential data secure from internal or external database prowlers even if the password has been compromised. The database security area faces several new challenges. Factors such as the advancement of security concerns, the blocking of access to critical data, new computing paradigms and applications, such as cloud computing and on-demand business, have initiated both new security requirements and new contexts in which to apply and probably widen existing security approaches.

While database security is mostly important, it is also necessary to acquire Internet protection. Internet security involves the protection of a computer's internet account and files from intrusion of an unauthorized user. Basic security measures involve protection by well-chosen passwords, change of file permissions, and back up of computer files and data (Man Young Rhee, 2003). Security will probably always be high on the IT agenda just because cyber criminals know that a winning attack is very advantageous.

Internet users should always be aware and vigilant especially when dishing out personal information. Even if a computer isn't used for anything serious, users must need to run security software such as an antivirus and a firewall. These programs will keep the computer protected from viruses and other malware that can multiply through email or other methods. In email, there are email encryption protocols to authenticate email messages.

To move a database in the cloud, there is going to be inactivity when accessing it from a user’s location. Microsoft recommends running applications that are using the database in the cloud on the Azure Platform, so the latency is minimal. When one positions an application on Windows Azure and provision an SDS server, the two are going to be co-located, to provide low latency between the data and the application (Alin Irimie, 2009).

Like with any other database, corruption of data can transpire in the cloud database as well. Microsoft has mechanisms in place to pull through from data corruption mostly by keeping database copies on multiple servers; however, they do not offer any backup of the database. In some of the PDC 2008 presentations, there will be a database backup/restore and geo-replication such as synchronous (simulated set spans datacenters) and asynchronous (self-determining duplication sets in different datacenters) (Irimie, 2009).

The types of databases that are applied in a cloud computing environment are operational databases, end-user databases, external databases, hypermedia databases, and navigational databases. Operational databases include customer, personal, and inventory databases. End-user databases comprise of a range of data files developed by end-users. Collection of documents in spreadsheets, word processing and even downloaded files are examples of end-user databases. Access to a score of information from an external database is accessible for a fee from commercial online services with or without charge from many sources in the Internet. Hypermedia databases are a set of interconnected multimedia pages at a web site. It features a homepage and other hyperlinked pages of multimedia or mixed media like text, graphic, images, audio, and video. Lastly, navigational databases have objects that are found principally by following references from other objects.

Databases also differ when it comes to private or public databases in a cloud computing environment. A private cloud database is when an organization possesses its own database applications, its servers, and no other entity outside of the organization is allowed to have an access. The servers are dedicated servers to be used by the organization only. Private databases are also an assemblage of names from external sources that are used for a particular user's exclusive prospecting purposes. A public cloud database is used by any entity worldwide and no single outside entity takes ownership of the database except the cloud service provider. The data from the database could be private or public data depend on types of data and organization that owns the data.

Speaking of public databases, such databases that are moved in a cloud computing environment are open to the public so securing its sensitive data is already a challenge. Any IT outsourcing that involves network infrastructure, security monitoring, remote hosting, are all forms of cloud computing (Bruce Schneier, 2009) so critical data can be found on some cloud computer with some user’s spreadsheets floating in Google’s servers. According to Bruce Schneier’s blog about cloud computing security, it all boils down to trust actually. There should be a grain of trust in the CPU manufacturer, the purchased hardware and operating systems, the software vendors, the Internet Service Provider (ISP), and even the customers. Any one of these can dent database security by crashing the systems, damaging the data, and allowing an intruder to get access to the systems. There really is no choice but to “blindly trust the security of the IT providers we use” (Schneier, 2009).