Database Security

Author: Janet Peter

Abstract

Numerous organizations are executing computerized electronic systems in their operations. These computer systems possess databases that store crucial and confidential information regarding the organization and its operations that necessitates the security of the data in the database. The procedures an organization undertakes to prevent unauthorized access to the data and malevolent attack is database security. There are many tactics that an organization can apply to accomplish database security. The essay evaluates the application of data management practices to secure the data in databases. It assesses the components and procedures of data management and how the database system can apply these procedures to ensure the safety of and confidentiality of the data in the database. The paper provides a descriptive explanation of the application of these components in database security.

Introduction

The advances in the world have progressed to a phase where it utilizes computer technology to sustain most of its operations. The use of this technology is rising rampantly with applications such as database technology that is a primordial element in numerous computing systems. Organizations apply the computing systems to store and share the data electronically. These systems contain vital data on institutions and individuals as such it is inherent to an entity to seek out methods that ensure the integrity of the data and protect the information from unprecedented access. The collective procedures applied to deter the unauthorized use or a malevolent attack on databases is database security. The paper discusses the aspects of database security and provides more insight into the concept of database security.

The development of successful database security systems can be uneventful if one does not comprehend the threats to the database. The data in the databases is vulnerable to attacks from many external sources that is hackers, social engineers, computer users, network and database administrators and misleading applications among other factors. Comprehension of the type of intruder allows the security professional to decipher between friend and foe (Basta& Zgola, 2011). If there is little or no limit to access to the database, the data might be vulnerable to security, integrity, and privacy issue. On the other hand, if the organization firmly restricts access to the database, the users might become frustrated and derail the performance of the users (Basta& Zgola, 2011). Therefore, the database security should balance the level of protection of the data. It requires a good understanding of the factors that cause insecurity to the database (Basta& Zgola, 2011).

One viable method of securing the information within the database is active data management. As stated earlier the function of a database is to retail and share reliable information (Park, et al., 2011). As such application of the components of data management is applicable in sustaining security. Data management entails a collection of processes used to refine data in the database (Park, et al., 2011). Some of the concepts applied in data management include data entry and validation, data backup and storage and data analysis and screening among others. A data management plan is crucial for the security of the database. It entails all the details necessary for the development of an effective database including the security of the system (Basta& Zgola, 2011). Developing a data management plan allows the engineers to take into consideration all the aspects that might affect the database including the vulnerability of the data to malicious attacks and unauthorized access. The establishment of the data management plan integrates all the aspects needed to develop a functional database. As such the procedures for database security get added to the procedures of data management (Basta& Zgola, 2011).

Data management ensures that the accessibility of the data in the database is limited to the correct persons (Park, et al., 2011). There are many methods of deterring the illegitimate use or malicious threats to data; however one of the primordial concepts is a limitation to access (Park, et al., 2011). Database security accomplishes this task through the use of authentication, endorsement and access control. The three elements applied in limiting the access to data have varying attributes. However, the procedures of database security apply them jointly to provide effectual protection to the data (Park, et al., 2011). Database systems use varying types of authentication to limit access to the database; moreover, the users of the database have the authorization to access the information in the database up to a particular level. The function of access control is to refine the process of authentication and authorization (Park, et al., 2011). It allocates privileges to specific data objects and data sets. It confines action on these data objects and datasets to a specific user. The database system should integrate the concepts of database security with data management to establish a secure electronic storage system (Park, et al., 2011).

One of the important components of data management is data entry. The database expert must suitably and appropriately input the data into the database system. The entry of the data must relate to the security alarm database and the access control database (Park, et al., 2011). These two are part of the data limitation components that is authentication, authorization, and access control. When data in the database gets correctly entered, it eliminates the development of loopholes that result in a breach of the database (Park, et al., 2011). For example, if the identification of an individual is incorrectly input such that they input the identification number of another person. The individual can access data objects and datasets that the database should not authorize. In such a case, there will be a violation of the organization's database where an unauthorized individual illegitimately accesses unauthorized access levels. The relevant entity utilizing the database should ensure that the data input is detailed and relevant (Gordon& BCS, 2007).

Another component of data management applicable to data security is consistent monitoring and evaluation of the database (Ben-Natan, 2005). The information in the database should undergo constant review that helps identify any fluctuations in the database. The database constantly receives data from external sources and also shares data to other sources (Ben-Natan, 2005). Errors might occur in the process of entering the data that might cause vulnerability to the data in the database. Therefore, constant monitoring of the data in the database helps identify the errors and make rectifications before any unprecedented event occurs. There are other occurrences that mandate a frequent assessment of the systems (Ben-Natan, 2005). There might be inconsistencies and missing data in the datasets. Thoroughly assessing the data in the database frequently also helps avoid misinterpretations and oversights in the datasets and the data objects (Ben-Natan, 2005). As such monitoring of the information in the database should be recurrent and comprehensive. The engineers responsible carrying out the analysis of the database should compare the data to check for errors such as duplication or insertion in the system. These errors may allow unauthorized individuals to access the data in the database (Gordon& BCS, 2007).

Database systems should update their information as well as the programs in their systems. The updates ensure that the information in the database is relevant to the current state of the subject of interest. It also provides room for the analysis of the data in the database (Ben-Natan, 2005). Updating the data in the database is necessary since it allows the database to accommodate changes in the data that might affect the security of the organization (Ben-Natan, 2005). For example if a person leaves the organization, the information should reflect in the database. It prevents the individual from accessing the organization’s database. Updating the programs that run the database is wise as it sets the hackers off balance. Changing the database systems authentication regularly increases the security level of the database as it reduces the chances of hacking or illegitimate access to the data. Updating the system also allows upgrading of the database system to occur (Ben-Natan, 2005). Upgrading of the system creates new alarm system databases and access control databases frequently that reinforce the defense of the database against external attacks. It deters potential malevolent attacks by hackers, worms and social engineers among others (Gordon& BCS, 2007).

Database systems can apply data storage and backup as a form of database security. The main objective of the database is to store information for reference in the respective entity. Malicious attacks from external sources such as hacking, worm attacks, human error and computer failure among others may result in the destruction of the information in the computer. Therefore, the database developers should develop backups for the information in the database (Dittrich& Geppert, 2001). The database system can store the information in the database in a completely different area that serves as a backup for the information in the database. It is mandatory that the information in the database is similar to that of the backup (Dittrich& Geppert, 2001). The information should also get regularly updated as the data in the database gets updated. The backup information is applicable if the data in the database gets destroyed in the event of an attack on the system. The engineers should thoroughly test the backup procedures to make sure that the records remain uncorrupted, and the organization can use them to restore lost files (Dittrich& Geppert, 2001).

A database can also apply the reduction of the number of entry points. The database should not apply different procedures to sign up different subjects of the same category. The database should execute strategies that ensure that there aren’t regular changes made to the database (Cattell, 1994). It reduces the chances of committing an error in the change process. However; changes can occur to the database when mandatory. These changes must undergo scrutiny to avoid making errors or impacting the system. The audit reduces the vulnerability of the database system due to the erroneous data to internal or external attacks (Cattell, 1994). The databases can also apply data cleaning tactics to eliminate the errors found in the database and also in the data before inputting to the database (Cattell, 1994). It is important because the presence of incomplete data means that there are missing values in the database. Data cleaning is also important as it identifies and rectifies errors of extreme values in the system (Cattell, 1994).

Conclusion

It is imminent that the world has evolved to an era where most organizations are applying computerized information systems in their routine functions. The databases in these computer systems possess confidential and crucial information that is critical to the organization. As such it is mandatory to develop systems that are secure from malicious attacks and unauthorized access to the data in the database. Database management is one among the many strategies that the organization can apply to increase the security of the data in the database through the thorough application of the components of data management. The components of data management ensure that the data in the database applies to the organization and in the process they eliminate any form of suspicious content. These components also ensure that the database is in a top form that reinforces and protects it from malevolent attacks. A good database has an effective security system as well as procedures that maintain the system’s ability to store confidential organizational information. The progress in the field of information technology makes it difficult for the database to secure the information due to external attacks from hackers and the like. Therefore, the organization must adapt and find ways to sustain an effective database.

References

Basta, A., & Zgola, M. (2011). Database security. Boston, Mass: Course Technology.

Ben-Natan, R. (2005). Implementing database security and auditing: A guide for DBAs, information security administrators, and auditors. Burlington, MA: Elsevier Digital Press

Cattell, R. (1994). Object data management: Object-oriented and extended relational database systems. Reading, Mass: Addison-Wesley Pub. CO.

Dittrich, K. R., & Geppert, A. (2001). Component database systems. San Francisco: Morgan Kaufmann Publishers.

Gordon, K., & British Computer Society. (2007). Principles of data management: Facilitating information sharing. Swindon: British Computer Society.

Park, J., Lopez, J., Yeo, S., Shon, T., & Taniar, D. (2011). Secure and Trust Computing, Data Management and Applications: 8th FIRA International Conference, STA 2011, Loutraki, Greece, June 28-30, 2011. Proceedings. Berlin, Heidelberg: Springer-Verlag GmbH Berlin Heidelberg.

Carolyn Morgan is the author of this paper. A senior editor at Melda Research in custom research paper service if you need a similar paper you can place your order for a custom research paper from nursing writing services.