Introduction
Database collects and
stores all the information that pertains to an organization. It stores
a broad range of information some which is not important to the organization
or an individual. The primary objective
of any database security is the protection of data against compromise of their availability, integrity,
and confidentiality. Data compromise
can either be intentional or accidental. Database systems have become
more complex today. The distributed
database has changed locations
to server architectures and personal computers. It has, therefore, opened access to data through the internet and mobile
computing devices. The
openness of data has complicated data
security management making the process
time-consuming because data is a critical
resource. An organization
should educate its employees
about the threats and vulnerabilities faced by data. They should take necessary
measures to protect data
within their domain.
Granting
and denying authorization to database resources
is critical to database security.
It is not sufficient for modern, sophisticated
database systems. The evolution of modern database management systems demands additional data protection levels. Gertz &
Jajoda (2008) have an argument
that while inside the database data needs to get protected
against compromise of its most
critical features
confidentiality, integrity, and
availability. There is a model designed
to offer guidelines for
database security in an organization.
Data confidentiality
Data
confidentiality is a set of rules
that controls unauthorized access of data. It is equivalent to secrecy. However, confidentiality should allow
the legitimate people to have unlimited
access to information.
Data integrity
Data
integrity is certainty that data is trustworthy
and accurate. It maintains accuracy,
consistency, and trustworthiness of data while in storage or transit.
Steps should be taken to ensure that data
does not get tampered with by
both unauthorized and authorized people.
Data availability
Data
availability is the reliability
of data access by the authorized parties. Data availability should get ensured by the protection
of the components in which data gets stored.
These are the servers and other computer
system components.
Vulnerabilities
to database security
Database security
is not just protection of
database. Focusing on the
database alone is not sufficient.
Database security needs to focus on all parts
of the system including the network,
the database, and the operating system.
It should get noted that the
building that houses all these
database components is a component
as well. It offers physical security
to the database. Even the individual who
access the data
need protection.
Vulnerabilities that threaten database security are either accidents or intentional
as illustrated by Hoffer, Prescott, & McFadden
(2005)
Accidental data loss
The
accidental loss includes human errors.
Data may be lost accidentally
while in storage or transportation. Some of the events
through which data loss may occur
during software installation, maintaining
of hardware, and user access authorization process. Operating procedures should be established to
prevent this happening.
Theft and fraud
Theft
and fraud are not accidental. They are caused to happen by ill-intentioned
people. It occurs
electronically. The risk has
two outcomes; it may alter the data, or
it may not alter. Theft and fraud
happen by utilizing a physical security lapse. Therefore, physical security should get established to limit access to buildings
which houses servers, computers, database system facilities, and computer files.
Any other places
where sensitive data gets stored
or can easily get located should also get provided
with physical security.
Firewall is such one measure.
It prevents access to parts of the database that are unauthorized
through outside communication
links. These measures will discourage people intent on theft
and fraud.
Loss of secrecy
Secrecy
is both privacy and confidentiality. Loss of privacy is the loss
of individual data protection. Loss of confidentiality is a loss of protection of critical company’s data whose value to the company
is strategic. Loss of secrecy leads to blackmail
and public embarrassment.
It is a requirement by the law for
some organizations to create and communicate
policies that will ensure protection of privacy of client data.
Data security policies and procedures
An organization
that has identified threats and risks to database security needs to have policies and
controls in place. Policies and procedures
are meant to protect against loss from both human
errors and accidents.
The guidelines should, therefore,
be a cut out from the
vulnerabilities that an organization
faces currently or possible threats in the future. There are policies and controls
that apply to all database systems infrastructures no matter the
complications associated with
it (Sharma & Garg, 2012)
Personnel control
An organization
should have and follow adequate personnel
controls. It should get noted that
the greatest vulnerability to
an organization emanates from
within the organization rather than from outside the organization. The hiring process for
employees should be a careful
and validated process that unearths their backgrounds and capabilities. The employees monitoring should be
a daily process and get training
in the aspects of security. They should be made aware of standard
security and data quality measures.
Physical data access control
Physical
data control is regulating access to some particular areas
near a building that houses database and database components. Use of proximity access
cards is a better way to limit access
to secure areas. Comprehensive and detailed record of access should get into storage. All the guests
should get escorted to the secure areas.
Equipment should get an alarm attached to notify the security
personnel of an authorized entry.
Maintenance control measures
Maintenance
control measures protect threat of accidental data loss. Maintenance helps to maintain data quality and availability though it is an overlooked factor of control procedures and policies.
There should be a regular review
of maintenance of hardware and software external agreement. It ensures
an appropriate response. An agreement should be reached between
the organization and software developers to enable the organization gets
access to source code for regular
maintenance.
Data privacy control
There is a growth
of data collected and exchange hands daily.
There is data about organizations
and individuals collected that need to be stored. Data collected should be offered adequate protection
and use of that
data for legitimate purposes. It will enable organizations that need that data
to access them and have the quality
that get replied. The parties from whom
the data has been collected need
to have an opportunity to direct who access
the data relating to them. Their wishes must
be enforced. The enforcement of these rules will be more reliable if they
will get based on their privacy
wishes and the
same developed by an organization staff.
Conclusion
Database security
is not a one-off procedure. It
is a process that is continuous
and needs getting
done on a regular basis. Threats and
vulnerabilities are changing every
day and should the database security. Security needs treatment
just like any other organization asset. In any case, it
is the most vital component of a business. As such
it should get accorded the respect
and attention it needs.
Works Cited
Gertz, M., & Jajoda, S. (2008). Handbook of
Database Security: Applications and Trends. New York: Springer.
Hoffer, J. A.,
Prescott, M. B., & McFadden, F. R. (2005). Modern Database Management.
Upper River Saddle, NJ:
Prentice Hall.
Sharma, N., &
Garg, P. (2012). Security Policies in Modern Database System. International
Journal of Computer Applications
.
No comments:
Post a Comment