Database Security
The focus of this study is that of database security. Databases and database technology are such that play critical roles in the use of computers whether it be in business, electronic commerce, engineering, medicine, genetics, law, education or other such entities requiring the use of computer technology. A database is quite simply a collection of data that is related such as a database containing customer information, supplier information, employee information, project databases, and the sort. Some databases are small while others are of a great size and quite complex. A database management system is "a general purpose software system that facilitates the processes of defining, constructing, manipulating, and sharing databases among various users and applications." (Oracle Security, 1998, p.1) Defining a database is reported to involve "specifying the data types, structures and constraints of the data to be stored in the database." (Oracle Security, 1998, p.1)
I. Database Security Plan
Securing the database system and its data requires several steps and the first step is the development of a security policy outlining and mapping the security plan enforcement. The security policy, contained within a security plan, assist with ensuring that everyone understands the needs and requirement of the company. A security policy that is firm ensures that employees understand what is expected, what the rules to using the system are, and how implementation of the requirements takes place. Limitations are defined clearly and guidance is consistent and set out for each user of the system.
II. Security Policy
The security policy must be enforceable and management at the highest level must be committed to enforcing the security policy. After it is determined what is required for the company security plan a-team of individuals should be formed. The team will be formed by those who will administer the system. The system administrator and the database administrator should have the same goals, which are ensuring the system is unable to be compromised.
III. Database Security Requirements
Following the team being assembled there is a need to conduct identification of the requirements of the organization relating to the system and database security. Requirements are likely to include but are not limited to the following:
A uniform approach to security across computer systems and databases
Identification of the form and style of authorization required to initiate the creation of an account
A determination of who will create user accounts on the operating system, within each application if necessary, and within the databases
How those accounts will be created
Whether a standard convention for usernames and passwords should be imposed and what it should be
Whether password aging will be enabled and in what time frame
A determination of access requirements on an application-by-application basis
Identification of how users will be tracked to ensure that as an employee's job description or location changes, the access to applications remains correct
Identification of sensitive information and an outline of steps to take for data protection
A determination of penalties to be enforced as a result of different levels of security breaches. (Oracle Security, 1998, p.1)
IV. Operating System Security
Operating system security mechanisms requires considering the native security mechanisms that may be used on each platform since most operating systems make a requirement that each user interacting with the system to have a username and password that is unique. User access on a UNIX or Open VMS system is likely to be under a requirement of a username and password that is unique as well. In addition there may be an additional restriction since users are likely to be divided into specific user groups. The groups are divided based upon what directories the group will be using on the system all of which is specified in the security plan. (Oracle Security, 1998, paraphrased)
A spreadsheet approach should be used in identifying the components that the security plan covers. Examples stated include the following:
(1) Each division within the corporation to be included in the policy
(2) Each platform within the division
(3) Each database housed on each platform along with its function (development, test, pre-production, or production)
(4) Each application supported within each database
(5) The "owner" of the application, or person responsible for authorization of users within the application
(6) Required security controls for each application, such as roles or grants required
(7) Username and password composition
(8) Type(s) of accessibility (Telnet, client server, external identification)
(9) What form of authorization will be accepted for that application (electronic authorization, verbal, email, hard-copy form, World Wide Web)
(10) Person authorized to create accounts for...
Database Security Plan and Requirements Definition for a University Department The database security plan and requirements definition were developed. The plan included, at the outset, the inclusion of major stakeholder at the University and described their roles in initiating, implementing, and maintaining the plan. Individuals responsible for daily and other periodic tasks were developed. A major consideration in planning the security was the policy that governs granting of access. The need-to-know,
With optimistic concurrency control, the database checks resources to determine if any conflicts have occurred only when attempting to change data. If a conflict occurs, the application must read the data and attempt the change again. Pessimistic concurrency, on the other hand, control locks resources as they are required, for the duration of a transaction. Unless deadlocks occur, a transaction is assured of successful completion 5.5 Audit Tracking Although auditing does
Database designers and administrators can work concomitantly with it professionals and researchers to implement the security measures necessary to mitigate risks to data. I have been a database user at my company for a number of years. As such, I am allowed access from only a limited number of locations; one static connection at home, one at work, and one laptop connection that I carry with me when traveling. Each
Strengths vs. Weaknesses The article 2007 Survey on Database Security; highlights the most pressing issues that could be facing an organization (someone from within who could have access to the data). Where, this strength points out a situation that many it managers are overlooking. However, the weakness of the article is that it points out the problem, while at the same time saying there is no effective solution. In many ways
Database Security Case Study Database Security: Case Study The objective of this study is to answer specific questions following have read the case study which is the focus of this work in writing including naming the concepts which are illustrated in the case study and why a customer database is useful for companies related in the case study under review. This work will additionally answer as to what would occur if the
Database Development The objective of this study is to recommend three specific tasks that could be performed to improve the quality of datasets using the Software Development Life Cycle (SDLC) methodology and to recommend the actions that could be performed to optimize record selections and to improve database performance from a quantitative data quality assessment. Finally, this work will suggest three maintenance plans and three activities that could be performed in
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now