Search Results

Data communicated between database servers and web servers, especially over the internet, is susceptible to capture by malicious actors. As such, it is important that all data communicated between database servers and web servers is encrypted.

Placing database servers on the same network segment as user workstations can increase the likelihood of database servers being compromised by malicious actors. Additionally, in cases where databases will only be accessed from their own database server, allowi...

Using production database servers for development and testing activities could result in accidental damage to their integrity or contents. Therefore development, testing and production database servers should be separated.

The server operating systems that the database is installed upon must be security hardened

Implement strict access controls to restrict access to authorized personnel only Access to a DBMS must apply the principle of least privilege and users and applications should only have the permissions required to achieve their role and purpose

The default passwords for accounts and services such as System Administrator must be changed prior to DBMS being deployed

The versions of DBMS used must still be supported by the vendor All installations of a DBMS must be up to date with all appropriate security patches prior to deployment

Use strong encryption algorithms to protect sensitive data stored on disks, databases, and other storage systems. Ensure that encryption keys are properly managed and stored separately from the encrypted data.

Database administrators and database users should know the sensitivity or classification associated with databases and their contents. In cases where all of a database’s contents are the same sensitivity or classification, an organisation should classify the...

Employ real-time monitoring tools to detect and respond to unauthorized access attempts as they occur. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are useful for this purpose Centrally logging and analysing database events can a...

Ensure compliance to the Minimum Cybersecurity Standards for Public Institutions that are provided by the National Cyber Security Authority Ensure compliance with Rwanda’s Data Privacy Law and RISA Security and Data privacy guidelines

Implement real-time monitoring to promptly detect and respond to performance issues as they arise Implement database performance tuning which involves optimizing the configuration, structure, and queries of a database system to achieve optimal efficiency, r...

Establish a formal process for submitting requesting, approval and implementation of changes to a database Document all database changes comprehensively. This includes changes to schema, indexes, stored procedures, triggers, and configuration settings Use ...

Maintain accurate and up-to-date database documentation which is crucial for the efficient and effective management of databases within an institution

Develop a backup and recovery strategy to prevent data loss in case of hardware failures, errors or disasters Specify the acceptable data loss in case of a disruption. This determines how frequently backups need to be taken to minimize data loss Determine ...

Classify your data into categories based on factors such as sensitivity, importance, and compliance requirements. Different categories may have different retention periods Define data retention policies based on the operational needs of the institutions, re...

Data purging involves permanently deleting data that is no longer required or relevant. Document the procedures for data purging, including who is responsible for initiating purging, how it is executed, and how verification is done

This guideline shall come into force on the date of its signature by the Chief Executive Officer of RISA.

DevOps is a set of practices and tools that integrate and automate the work of software development and IT operations as a means for improving and shortening the systems development life cycle. This document is a guideline on the DevOps approach to be followed...

This document covers the DevOps approach to be followed by Government institutions in Rwanda. The intended audience are software developers, system administrators, DevOps engineers and engineering managers in software development companies that are working wit...