Search Results

Database systems and applications should be hosted in the data hosting environment officially adopted by the Government as guided by RISA. The institution should ensure that they subscribe to a minimum hosting plan that includes daily backups and disaster reco...

For critical database systems and applications hosted on premises, the government entity should immediately consult RISA to devise a road map for migration to the official Government hosting environment .

For other systems and applications deemed non-critical and kept on premises, entities are required to implement appropriate measures to secure them and to develop and follow an appropriate backup and recovery process

When capturing new data in a DBMS, data validation must be used to ensure the DBMS’s stability and integrity of stored data

Due to the higher threat environment that web servers are typically exposed to, hosting database servers and web servers within the same operating environment increases the likelihood of database servers being compromised by malicious actors. This security ris...

Data communicated between database servers and web servers, especially over the internet, is susceptible to capture by malicious actors. As such, it is important that all data communicated between database servers and web servers is encrypted.

Placing database servers on the same network segment as user workstations can increase the likelihood of database servers being compromised by malicious actors. Additionally, in cases where databases will only be accessed from their own database server, allowi...

Using production database servers for development and testing activities could result in accidental damage to their integrity or contents. Therefore development, testing and production database servers should be separated.

The server operating systems that the database is installed upon must be security hardened

Implement strict access controls to restrict access to authorized personnel only Access to a DBMS must apply the principle of least privilege and users and applications should only have the permissions required to achieve their role and purpose

The default passwords for accounts and services such as System Administrator must be changed prior to DBMS being deployed

The versions of DBMS used must still be supported by the vendor All installations of a DBMS must be up to date with all appropriate security patches prior to deployment

Use strong encryption algorithms to protect sensitive data stored on disks, databases, and other storage systems. Ensure that encryption keys are properly managed and stored separately from the encrypted data.

Database administrators and database users should know the sensitivity or classification associated with databases and their contents. In cases where all of a database’s contents are the same sensitivity or classification, an organisation should classify the...

Employ real-time monitoring tools to detect and respond to unauthorized access attempts as they occur. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are useful for this purpose Centrally logging and analysing database events can a...

Ensure compliance to the Minimum Cybersecurity Standards for Public Institutions that are provided by the National Cyber Security Authority Ensure compliance with Rwanda’s Data Privacy Law and RISA Security and Data privacy guidelines

Implement real-time monitoring to promptly detect and respond to performance issues as they arise Implement database performance tuning which involves optimizing the configuration, structure, and queries of a database system to achieve optimal efficiency, r...

Establish a formal process for submitting requesting, approval and implementation of changes to a database Document all database changes comprehensively. This includes changes to schema, indexes, stored procedures, triggers, and configuration settings Use ...

Maintain accurate and up-to-date database documentation which is crucial for the efficient and effective management of databases within an institution

Develop a backup and recovery strategy to prevent data loss in case of hardware failures, errors or disasters Specify the acceptable data loss in case of a disruption. This determines how frequently backups need to be taken to minimize data loss Determine ...