||Oracle Tips by Burleson
Dealing with confidential data on the web
Chapter 1 -
The Illusion of Anonymity
Regardless of the database architecture or specific product, all
data audits must capture the following information:
Who – A full identification of the person viewing or modifying the
Where – A log showing the specific application procedure and method
used to access the data.
When – A reliable date-time-stamp, globalized to Greenwich Mean Time
What – A full listing of all data
entities that were viewed or modified.
Why – Context-based information
describing how the data was disclosed.
These web-based database systems have extremely
complex and complete auditing mechanisms, but they remain vulnerable
to outside hacker attacks.
Figure 1.1 – An example of a data access structure and its
shown in Figure 1.1, there are many ways that web hackers can obtain
confidential information. In addition, internal disclosure of
private information is also a potential problem. This is especially
important for online health care databases. Successful web
companies apply sophisticated filters to the audit trails at data
capture time to spot suspicious trends and patterns in data access,
as in Figure 1.2.
Download your Oracle scripts now:
definitive Oracle Script collection for every Oracle professional DBA
Copyright © 1996 - 2014 by
Burleson. All rights reserved.
Oracle® is the registered trademark
of Oracle Corporation.