@@DataBase Security Consortium @@@@

 

Database Security Consortium

Database is a critical repository of confidential information, such as personal information. While there are many experts specializing in either database or security, there are only a few experts who have expertise in both areas and capable of bridging the disciplines of database and security.

Under these circumstances, a voluntary association consisting of ordinary users and system integrators, as well as database and security venders called the "Database Security Consortium" was established in 2005.

Database Security Consortium creates working groups to discuss database security themes such as "forensics", "system design", "access control", "performance", which provides a forum for exchange of knowledge and know-how between database specialists, security specialists, system developers, and network engineers.

Deliverable

gDatabase Security Guideline version 2.0 (English Version)h was released on November 1st, 2010.

In light of the need for security measures that encompass the broad fields of database and security, a guideline that defines the policies and requirements of database security, has been lacking in Japan. To rectify this, Database Security Consortium formed a working group consisting of database and security experts from Database Security Consortium members to discuss and define security controls necessary to incorporate into a guideline, which has been released in November 2007 as the "Database Security Guideline version 1.0". Then, in February 2009, with the update of contents, "Database Security Guideline version 2.0" has been released.

Moreover, in order to contribute to the understanding of database security and to promote the implementation of security controls, not only domestically but also globally, the working group translated the guideline and released the deliverable in February 2010, in order to allow IT engineers around the world to use or refer to the guideline.

The objective of this guideline, which describes the necessity and effectiveness of various database security controls, is to provide a set of guidelines for corporate entities and other organizations to use when implementing said controls.

Currently-active WG
- DB Security Guideline WG
- DB Secure Implementation Guideline WG
- DB Security Degree Self Check WG
- DB Security Monitoring Guideline WG
- DB Security Guideline English Version Review & Promotion WG
- Integrated Log WG
- DB Security Guideline Promotion WG

Deliverable (Japanese)
gPCI DSS Database Security Guideline Supplemental Versionh
gDB Security Degree Self Check Statistics Data (Summary)h
gDB Security Degree Self Check Statistics Datah
gDB Security Guideline Version 2.0h
gAppendix 1 Information Assetsf Importance & Control Level Matrixh
gAppendix 2 DB Security Guideline and Other Security Framework Matrixh
gDB Security Degree Self Checkh
gDB Security Product-by-Product Function Matrixh

Copyright(C),2004-2013 DataBase Security Consortium