Information SEcurity > Multilevel Security (MLS) > Tools and policies
Tools and policies for enforcement in secure environments of Systems and Databases
To protect sensitive data and maintain system integrity in secure environments, a combination of technical tools and administrative policies is used. These helps ensure that data access, storage, and processing comply with security standards.
Access Control Mechanisms
- Role-Based Access Control (RBAC): Grants permissions based on user roles within an organization.
- Attribute-Based Access Control (ABAC): Uses user and environmental attributes (e.g., location, device, clearance level) for dynamic access decisions.
- Mandatory Access Control (MAC): Enforces strict access rules based on system-defined classifications (e.g., in MLS environments).
Database Security Tools
- Database Activity Monitoring (DAM): Tracks and audits all database activity in real time.
- Encryption (at rest and in transit): Secures data using cryptographic algorithms (e.g., AES, TLS).
- Data Masking & Redaction: Hides sensitive data for unauthorized users during queries or views.
- Integrity Constraints: Enforce rules like foreign key constraints, unique keys, and not-null conditions to ensure logical consistency.
System-Level Enforcement Tools
- Security Information and Event Management (SIEM): Collects, analyzes, and reports on security events across systems.
- Endpoint Detection and Response (EDR): Monitors and responds to threats at the device level.
- Host-Based Intrusion Detection Systems (HIDS): Monitors file integrity, system logs, and configuration changes.
Cryptographic Techniques
- Checksums & Hashing: Validate data integrity (e.g., using SHA-256).
- Digital Signatures: Ensure data authenticity and integrity.
- Public Key Infrastructure (PKI): Manages digital certificates for secure authentication and encryption.
Administrative Policies and Standards
- Security Policies: Define roles, responsibilities, and procedures for secure operations.
- Data Classification Policy: Specifies how data is labeled and protected based on sensitivity.
- Audit and Logging Policy: Requires regular review and archiving of logs for accountability.
- Change Management Procedures: Ensure that system modifications are controlled and approved.