..:: Impruve - Security Considerations for Small Scale Databases ::..

Security Considerations for Small Scale Databases

The approach of this paper is somewhat abstract and it is important that the reader be aware of this from the outset.
We began with the task of addressing the problem of better understanding how non-profit organizations (NPOs) can implement greater security for their data using sustainable and affordable processes and tools. Being unfamiliar with the specifics of the NPO sector and with the main database products being used by them, what we have accomplished here is to discuss some of the salient issues in information security and guidelines on how to address these issues. The reader is advised to apply these guidelines to projects that they have experience with and to work with us towards a more specific set of practices for NPOs.

We begin by discussing a Californian regulatory requirement on information security (SB 1386) that many NPOs will need to address. Using this as motivation we discuss a mechanism for assessing risk in an organization. The main point of this paper is that once threats and risks have been assessed, mitigation strategies should be developed using a combination of policy, procedure and technology. We cannot stress enough, the importance for an organization to develop a security posture by formulating policies and procedures and using technology in the most cost effective way to support its policies. The consultants at CompuMentor are uniquely placed to assist NPOs in this strategy by providing a phased approach that will suit organizations whose focus is such that they will most likely fail to see the value of developing this infrastructure on their own.

The hope is that even if only following some of the guidelines outlined below are followed, an organization will have some semblance of a security program (if they had none before). This framework can be reworked to build it into a program by incorporating additional elements over time. Subsequent risk assessments, policy creation and dissemination, and technology appraisal and implementation can serve to support this maturation.

Download paper here (Zip, 150KB)