Security Gaps in Databases

When deploying database-centric web applications, administrators should pay special attention to database security requirements. Acknowledging this, Database Management Systems (DBMS) implement several security mechanisms that help Database Administrators (DBAs) making their installations secure. However, different software products offer different sets of mechanisms, making the task of selecting the adequate package for a given installation quite hard. This paper proposes a methodology for detecting database security gaps. This methodology is based on a comprehensive list of security mechanisms (derived from widely accepted security best practices), which was used to perform a gap analysis of the security features of seven software packages composed by widely used products, including four DBMS engines and two Operating Systems (OS). The goal is to understand how much each software package helps developers and administrators to actually accomplish the security tasks that are expected from them. Results show that while there is a common set of security mechanisms that is implemented by most packages, there is another set of security tasks that have no support at all in any of the packages.

Download Full-text

Security management systems for the supply chain. Best practices for implementing supply chain security. Assessments and plans

10.3403/30157492u ◽

2015 ◽

Keyword(s):

Supply Chain ◽

Best Practices ◽

Security Management ◽

Management Systems ◽

Supply Chain Security

Download Full-text

Security management systems for the supply chain. Best practices for implementing supply chain security. Assessments and plans

10.3403/30157492 ◽

2006 ◽

Keyword(s):

Supply Chain ◽

Best Practices ◽

Security Management ◽

Management Systems ◽

Supply Chain Security

Download Full-text

Analysis of Bio-Risk Management System Implementation in Indonesian Higher Education Laboratory

International Journal of Environmental Research and Public Health ◽

10.3390/ijerph18105076 ◽

2021 ◽

Vol 18 (10) ◽

pp. 5076

Author(s):

Anom Bowolaksono ◽

Fatma Lestari ◽

Saraswati Andani Satyawardhani ◽

Abdul Kadir ◽

Cynthia Febrina Maharani ◽

...

Keyword(s):

Higher Education ◽

Risk Management ◽

Management System ◽

Gap Analysis ◽

Secondary Data ◽

Education Institution ◽

Management Systems ◽

Primary Data ◽

Risk Management System ◽

The Impact

Developing countries face various challenges in implementing bio-risk management systems in the laboratory. In addition, educational settings are considered as workplaces with biohazard risks. Every activity in a laboratory facility carries many potential hazards that can impact human health and the environment and may cause laboratory incidents, including Laboratory Acquired Infections (LAIs). In an effort to minimize the impact and occurrence of these incidents, it is necessary to evaluate the implementation of a bio-risk management system in every activity that involves handling biological agents. This study was conducted in an Indonesian higher-education institution, herein coded as University Y. This is a descriptive, semi-quantitative study aimed at analysing and evaluating the implementation of the bio-risk management systems used in laboratories by analysing the achievements obtained by each laboratory. The study used primary data that were collected using a checklist which referred to ISO 35001: 2019 on Laboratory Bio-risk Management. The checklist consisted of 202 items forming seven main elements. In addition, secondary data obtained from literature and document review were also used. The results show that out of 11 laboratories examined, only 2 laboratories met 50% of the requirements, which were Laboratory A and B, achieving good performance. Regarding the clauses of standards, a gap analysis identified leadership, performance evaluation, and support as elements with the lowest achievement. Therefore, corrective action should be developed by enhancing the commitment from management as well as improving documentation, policy, education and training.

Download Full-text

USE OF ONTOLOGIES IN MAPPING OF INFORMATION SECURITY REQUIREMENTS / ONTOLOGIJOS NAUDOJIMAS INFORMACIJOS SAUGUMO REIKALAVIMAMS SUSIET

Mokslas - Lietuvos ateitis ◽

10.3846/mla.2013.15 ◽

2013 ◽

Vol 5 (2) ◽

pp. 88-91

Author(s):

Simona Ramanauskaitė ◽

Eglė Radvilė ◽

Dmitrij Olifer

Keyword(s):

Information Security ◽

Best Practices ◽

Security Requirements ◽

Security Standards

A large amount of different security documents, standards, guidelines and best practices requires to ensure mapping between different security requirements. As the result of mapping, security requirements of different standards can coincide or require to be amended or harmonised. This is the reason why it is so difficult to map more than two different security documents. Ontologies can be used to solve this issue. The article offers a review of different security documents and ontology types as well as investigates possible use of ontologies for mapping of security standards. Article in Lithuanian Santrauka Esant daugybei informacijos saugą reglamentuojančių dokumentų, gairių ir standartų, aktualu tarpusavyje susieti juose apibrėžtus saugumo reikalavimus. Skirtinguose saugos dokumentuose aprašyti saugumo reikalavimai gali ne tik sutapti arba papildyti vienas kitą, bet ir prieštarauti vienas kitam. Tai labai apsunkina daugiau negu dviejų informacijos saugą reglamentuojančių dokumentų susiejimą. Vienas būdų susieti daugiau negu du saugą reglamentuojančius dokumentus galėtų būti ontologijos naudojimas. Straipsnyje apžvelgiami šiuo metu pagrindiniai saugą reglamentuojantys standartai, egzistuojančios saugumo ontologijos, išnagrinėta galimybė naudoti ontologiją saugą reglamentuojančių dokumentų reikalavimams susieti ir galimybę tokį susiejimą atvaizduoti grafais.

Download Full-text

DATABASE PROTECTION BASED ON WEB APPLICATION FIREWALL

Journal of Automation and Information sciences ◽

10.34229/0572-2691-2021-1-7 ◽

2021 ◽

Vol 1 ◽

pp. 84-90

Author(s):

Rustam Kh. Khamdamov ◽

◽

Komil F. Kerimov ◽

Keyword(s):

Web Application ◽

Web Applications ◽

Personal Information ◽

Database Security ◽

Security Threats ◽

Web Application Security ◽

Application Security ◽

Client Request ◽

Database Protection ◽

Information Bank

Web applications are increasingly being used in activities such as reading news, paying bills, and shopping online. As these services grow, you can see an increase in the number and extent of attacks on them, such as: theft of personal information, bank data and other cases of cybercrime. All of the above is a consequence of the openness of information in the database. Web application security is highly dependent on database security. Client request data is usually retrieved by a set of requests that request the application user. If the data entered by the user is not scanned very carefully, you can collect a whole host of types of attacks that use web applications to create security threats to the database. Unfortunately, due to time constraints, web application programmers usually focus on the functionality of web applications, but only few worry about security. This article provides methods for detecting anomalies using a database firewall. The methods of penetration and types of hacks are investigated. A database firewall is proposed that can block known and unknown attacks on Web applications. This software can work in various ways depending on the configuration. There are almost no false positives, and the overhead of performance is relatively small. The developed database firewall is designed to protect against attacks on web application databases. It works as a proxy, which means that requests for SQL expressions received from the client will first be sent to the developed firewall, rather than to the database server itself. The firewall analyzes the request: requests that are considered strange are blocked by the firewall and an empty result is returned to the client.

Download Full-text

UCEasy: A software package for automating and simplifying the analysis of ultraconserved elements (UCEs)

Biodiversity Data Journal ◽

10.3897/bdj.9.e78132 ◽

2021 ◽

Vol 9 ◽

Author(s):

Caio Ribeiro ◽

Lucas Oliveira ◽

Romina Batista ◽

Marcos De Sousa

Keyword(s):

Best Practices ◽

Software Package ◽

Phylogenetic Trees ◽

Computational Analysis ◽

Data Matrix ◽

Command Line ◽

Command Line Interface ◽

Ultraconserved Elements ◽

Research Software ◽

Different Levels

The use of Ultraconserved Elements (UCEs) as genetic markers in phylogenomics has become popular and has provided promising results. Although UCE data can be easily obtained from targeted enriched sequencing, the protocol for in silico analysis of UCEs consist of the execution of heterogeneous and complex tools, a challenge for scientists without training in bioinformatics. Developing tools with the adoption of best practices in research software can lessen this problem by improving the execution of computational experiments, thus promoting better reproducibility. We present UCEasy, an easy-to-install and easy-to-use software package with a simple command line interface that facilitates the computational analysis of UCEs from sequencing samples, following the best practices of research software. UCEasy is a wrapper that standardises, automates and simplifies the quality control of raw reads, assembly and extraction and alignment of UCEs, generating at the end a data matrix with different levels of completeness that can be used to infer phylogenetic trees. We demonstrate the functionalities of UCEasy by reproducing the published results of phylogenomic studies of the bird genus Turdus (Aves) and of Adephaga families (Coleoptera) containing genomic datasets to efficiently extract UCEs.

Download Full-text

OpenStats: A Robust and Scalable Software Package for Reproducible Analysis of High-Throughput Phenotypic Data

10.1101/2020.05.13.091157 ◽

2020 ◽

Author(s):

Hamed Haselimashhadi ◽

Jeremy C Mason ◽

Ann-Marie Mallon ◽

Damian Smedley ◽

Terrence F Meehan ◽

...

Keyword(s):

High Throughput ◽

Software Package ◽

Computational Time ◽

Phenotypic Data ◽

Creative Commons ◽

International Mouse Phenotyping Consortium ◽

Software Packages ◽

Current Production ◽

High Throughput Phenotyping ◽

Reproducible Analysis

AbstractReproducibility in the statistical analyses of data from high-throughput phenotyping screens requires a robust and reliable analysis foundation that allows modelling of different possible statistical scenarios. Regular challenges are scalability and extensibility of the analysis software. In this manuscript, we describe OpenStats, a freely available software package that addresses these challenges. We show the performance of the software in a high-throughput phenomic pipeline in the International Mouse Phenotyping Consortium (IMPC) and compare the agreement of the results with the most similar implementation in the literature. OpenStats has significant improvements in speed and scalability compared to existing software packages including a 13-fold improvement in computational time to the current production analysis pipeline in the IMPC. Reduced complexity also promotes FAIR data analysis by providing transparency and benefiting other groups in reproducing and re-usability of the statistical methods and results. OpenStats is freely available under a Creative Commons license at www.bioconductor.org/packages/OpenStats.

Download Full-text

From computer operating systems to biodiversity: co-emergence of ecological and evolutionary patterns

10.7287/peerj.preprints.2367v2 ◽

2016 ◽

Author(s):

Petr Keil ◽

Joanne M Bennett ◽

Bérenger Burgeois ◽

Gabriel E García-Peña ◽

Andrew M MacDonald ◽

...

Keyword(s):

Operating Systems ◽

Phylogenetic Signal ◽

Biological Species ◽

System Level ◽

Evolutionary Patterns ◽

Data Accessibility ◽

Software Packages ◽

Empirical Argument ◽

Phylogenetic Lineages ◽

Mean Variance

Comparisons between biodiversity and other complex systems can facilitate cross-disciplinary exchange of theories and the identification of key system processes and constraints. For example, due to qualitative structural and functional analogies to biological systems, coupled with good data accessibility, computer operating systems offer opportunities for comparison with biodiversity. However, it remains largely untested if the two systems also share quantitative patterns. Here, we employ analogies between GNU/Linux operating systems (distros) and biological species, and look for a number of well-established ecological and evolutionary patterns in the Linux universe. We demonstrate that patterns of the Linux universe match the macroecological patterns: Linux distro commonness and rarity (popularity of a distro) follow a lognormal distribution, power law mean-variance scaling of temporal fluctuation, and there is a significant relationship between niche breadth (number of software packages) and commonness. The diversity in the Linux universe also follows general macroevolutionary patterns: The number of phylogenetic lineages increases linearly through time, with clear per-species diversification and extinction slowdowns, something that is unobservable in biology. Moreover, the composition of functional traits (software packages) exhibits significant phylogenetic signal. Our study provides foundations for using Linux as a model system for eco-evolutionary studies, as well as insights into patterns and dynamics of computer operating systems, which may be used to inform their future development and maintenance. The co-emergence of patterns across systems suggests that some patterns might be produced by system-level properties, independently of system identity, which offers an empirical argument for non-biological explanations of fundamental biodiversity patterns.

Download Full-text

Metode Rapid Application Development (RAD) pada Perancangan Website Inventory PT. SARANA ABADI MAKMUR BERSAMA (S.A.M.B) JAKARTA

Evolusi : Jurnal Sains dan Manajemen ◽

10.31294/evolusi.v6i2.4414 ◽

2018 ◽

Vol 6 (2) ◽

Author(s):

Oky Irnawati - AMIK BSI Bekasi ◽

Galih Bayu Aji Listianto - AMIK BSI Bekasi

Keyword(s):

Operating Systems ◽

Fast Moving ◽

Web Applications ◽

Design System ◽

Application Development ◽

Web Based ◽

Transportation Services ◽

Rapid Application Development ◽

Logistics Company ◽

Asset Inventory

Abstract - PT. S.A.M.B (Sarana Abadi Makmur Bersama) is a distributor and logistics company engaged in Modern Trade (MT) for fast moving consumer goods (FMCG) in Jabodetabek (Jakarta, Bogor, Depok, Tangerang, Bekasi). In addition to distribution, SAMB also provides services for companies seeking logistics and transportation services for modern trade within the designated area. The inventory design system is one of the most important factors in meeting the needs of consumers in a timely and demanding manner. There are still many companies that use desktop applications especially on PT. Sarana Abadi Makmur Bersama. Employees often complain about the performance of the used desktop app. Not all desktop applications can run on all operating systems, while web applications can run in all operating systems as long as there is a browser and an internet connection, it makes it more practical. With web-based asset inventory data item can be used relatively fast, relatively accurate, and relatively more accurate data. . Keywords: Rapid Application Development, Web-Based Inventory Program Design Abstrak - PT. S.A.M.B (Sarana Abadi Makmur Bersama) adalah perusahaan distributor dan logistik yang bergerak dalam bidang Modern Trade (MT) untuk fast moving consumers goods (FMCG) di wilayah Jabodetabek (Jakarta, Bogor, Depok, Tangerang, Bekasi). Selain distribusi, SAMB juga menyediakan layanan bagi perusahaan yang mencari jasa logistik dan transportasi untuk perdagangan modern dalam area yang ditentukan. Perancangan sistem inventory menjadi salah satu faktor yang paling penting dalam memenuhi kebutuhan konsumen dalam waktu yang tepat dan sesuai dengan permintaan. Masih banyak perusahaan-perusahaan yang menggunakan aplikasi desktop terutama pada PT. Sarana Abadi Makmur Bersama. Para karyawan sering mengeluhkan kinerja dari aplikasi desktop yang dipakai. Tidak semua aplikasi desktop dapat berjalan di semua Sistem Operasi, sedangkan aplikasi web dapat berjalan disemua Sistem Operasi selama ada browser dan koneksi internet, itu membuatnya lebih praktis. Dengan berbasis web, data inventori asset barang dapat digunakan relatif cepat, relatif tepat, dan relatif data lebih akurat. . Kata Kunci: Rapid Application Development, Perancangan Website Inventory.

Download Full-text