Database Security Assessment
An RFP (request for proposal) 10 to 12 pages
Provide an Overview for Vendors
Provide vendors with an overview of your organization
Identify which departments or individuals will use the Security Concerns Common to All RDBMS, and for what purposes
Include the types of data that may be stored in the system and the importance of keeping these data secure
Provide Context for the Work
Explain the attributes of the database and describe the environment in which it will operate
Describe the security concepts and concerns for databases
Identify at least three security assurance and security functional requirements for the database that contain information for medical personnel and emergency responders
Provide Vendor Security Standards
Provide a set of internationally recognized standards that competing vendors will incorporate into the database
Address the concepts and issues with respect to disasters and disaster recovery, mission continuity, threats, and cyberattacks
Describe Defense Models
Define the use of defense models
Provide requirements in the RFP for the vendor to state its overall strategy for defensive principles
Explain the importance of understanding these principles
Explain how enclave computing relates to defensive principles.
Define enclave computing boundary defense, include enclave firewalls to separate databases and networks.
Define the different environments you expect the databases to be working in and the security policies applicable
Explore Database Defensive Methods
Include information about threats, risks, and possible recommendation strategies to these threats.
Provide a Requirement Statement for System Structure
State requirement statements for a web interface to do the following, all in the context of the medical database
a) Allow patients and other healthcare providers to view, modify, and update the database.
b) Allow integrated access across multiple systems.
c) Prevent data exfiltration through external media.
Provide Operating System Security Components
Provide requirements for segmentation by operating system rings to ensure processes do not affect each other
Provide one example of a process that could violate the segmentation mechanism. Ensure your requirement statements prevent such a violation from occurring.
Specify requirement statements that include a trusted platform module (TPM), in which a cryptographic key is supplied at the chip level. Include the specifications below
Describe the expected security gain from incorporating TPM.
Provide requirement statements that adhere to the trusted computing base (TCB) standard.
Provide examples of components to consider in the TCB.
Provide requirements of how to ensure protection of these components, such as authentication procedures and malware protection.
Write Requirements for Multiple Independent Levels of Security
Write requirement statements for MILS for your database in the RFP.
Include the definitions and stipulations for cybersecurity models, including the Biba Integrity Model, Bell-LaPadula Model, and the Chinese Wall Model.
Indicate any limitations for the application of these models.
Include requirement statements for addressing insecure handling of data.
Include Access Control Concepts, and Capabilities
Include requirement statements in the RFP that the vendor must identify, the types of access control capabilities, and how they execute access control.
Provide requirement statements for the vendor regarding access control concepts, authentication, and direct object access.
Include Test Plan Requirements
Incorporate a short paragraph requiring the vendor to propose a test plan
Provide requirements for the vendor to supply an approximate timeline for the delivery of technology.
RFP, about 10 to 12 pages, in the form of a double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. There is no penalty for using additional pages. Include a minimum of six references. Include a reference list with the report.