A.2.3 Describe How A DBMS Can Be Used To Promote Data Security. Database Security

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 3

A.2.

3 Describe how a DBMS can be used to promote


data security.

Database security
From Wikipedia, the free encyclopedia
Database security concerns the use of a broad range of information security controls to protect
databases (potentially including the data, the database applications or stored functions, the
database systems, the database servers and the associated network links) against compromises of
their confidentiality, integrity and availability. It involves various types or categories of controls, such
as technical, procedural/administrative and physical. Database security is a specialist topic within the
broader realms of computer security, information securityand risk management.
Security risks to database systems include, for example:

 Unauthorized or unintended activity or misuse by authorized database users, database


administrators, or network/systems managers, or by unauthorized users or hackers (e.g.
inappropriate access to sensitive data, metadata or functions within databases, or inappropriate
changes to the database programs, structures or security configurations);
 Malware infections causing incidents such as unauthorized access, leakage or disclosure of
personal or proprietary data, deletion of or damage to the data or programs, interruption or
denial of authorized access to the database, attacks on other systems and the unanticipated
failure of database services;
 Overloads, performance constraints and capacity issues resulting in the inability of authorized
users to use databases as intended;
 Physical damage to database servers caused by computer room fires or floods, overheating,
lightning, accidental liquid spills, static discharge, electronic breakdowns/equipment failures and
obsolescence;
 Design flaws and programming bugs in databases and the associated programs and systems,
creating various security vulnerabilities (e.g. unauthorized privilege escalation), data
loss/corruption, performance degradation etc.;
 Data corruption and/or loss caused by the entry of invalid data or commands, mistakes in
database or system administration processes, sabotage/criminal damage etc.
Many layers and types of information security control are appropriate to databases, including:

 Access control
 Auditing
 Authentication
 Encryption
 Integrity controls
 Backups
 Application security
 Database Security applying Statistical Method
Traditionally databases have been largely secured against hackers through network
securitymeasures such as firewalls, and network-based intrusion detection systems. While network
security controls remain valuable in this regard, securing the database systems themselves, and the
programs/functions and data within them, has arguably become more critical as networks are
increasingly opened to wider access, in particular access from the Internet. Furthermore, system,
program, function and data access controls, along with the associated user identification,
authentication and rights management functions, have always been important to limit and in some
cases log the activities of authorized users and administrators. In other words, these are
complementary approaches to database security, working from both the outside-in and the inside-
out as it were.
Many organizations develop their own "baseline" security standards and designs detailing basic
security control measures for their database systems. These may reflect general information security
requirements or obligations imposed by corporate information security policies and applicable laws
and regulations (e.g. concerning privacy, financial management and reporting systems), along with
generally accepted good database security practices (such as appropriate hardening of the
underlying systems) and perhaps security recommendations from the relevant database system and
software vendors. The security designs for specific database systems typically specify further
security administration and management functions (such as administration and reporting of user
access rights, log management and analysis, database replication/synchronization and backups)
along with various business-driven information security controls within the database programs and
functions (e.g. data entry validation and audit trails). Furthermore, various security-related activities
(manual controls) are normally incorporated into the procedures, guidelines etc. relating to the
design, development, configuration, use, management and maintenance of databases.

Process and Procedures[edit]

A database security program should include the regular review of permissions granted to individually
owned accounts and accounts used by automated processes. The accounts used by automated
processes should have appropriate controls around password storage such as sufficient encryption
and access controls to reduce the risk of compromise. For individual accounts, a two-factor
authentication system should be considered in a database environment where the risk is
commensurate with the expenditure for such an authentication system.

In conjunction with a sound database security program, an appropriate disaster recoveryprogram


should exist to ensure that service is not interrupted during a security incident or any other incident
that results in an outage of the primary database environment. An example is that of replication for
the primary databases to sites located in different geographical regions.

After an incident occurs, the usage of database forensics should be employed to determine the
scope of the breach, and to identify appropriate changes to systems and/or processes to prevent
similar incidents in the future.

Database Security applying Statistical Method

Unauthorized changes introduced by internal as well as external users directly in the database
without keeping any track are considered as biggest threat – algorithm based on cryptology and
other statistical methods is deployed to identify such events and report to owners. Such shield DB
approach maps large dataset into its small digital fingerprint which, is continuously updated with
every change in main database by registered applications. Desired fingerprints are then matched
with actual at preset intervals for identifying the changed location/s (rows and columns) in main
database, date and time of unauthorized changes, even made through privileged authority.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy