Data Security Policy
There are instances when not all information in a database is open for access to a user. Hence, there is the data security policy that controls the level of access a user has. According to Oracle Corporation Online,
Data security includes the mechanisms that control the access and use of the database at the object level. Your data security policy determines which users have access to a specific schema object, and the specific types of actions allowed for each user on the object.
Generally data security is based on how sensitive information is (Oracle Corp.). Important and confidential information is always necessary to be accessible only to a limited number of users.
User Security Policy
This policy defines how users will be allowed to access a database. The most common user security elements are password security and access privileges of users. To maintain a secured access to database and to lessen illegal database access, the database must feature periodical change of passwords. For instance, users will be asked by the system to change their password every quarter of a year. Encryption of password is another useful user security policy. In cases when there is an unauthorized access to user account information, password data is still secured because what is stored in the database is not the real password but its encoded form.
User security may also involve the definition of specific areas in a database where a user is allowed to access. This privilege management policy is important especially if a database services many users. Database roles can be created to implement this policy.
Auditing Policy
It is common that databases are audited to check the reliability of information it contains. However, there are also activities in a database that must be restricted to auditors. A database administrator must properly set database auditing procedures...
Otherwise, the problem of information misuse will never be solved.
In many business sectors, along with the obligation of maintaining database security policy is the implementation of different hardware and software that can protect databases from unauthorized access. Several of these are the following.
Antivirus Software
Antivirus softwares are typically installed in the computer system and should always be enabled to allow constant protection from viruses. The software and hardware requirements depend on the antivirus product being used.
Network Firewall
Products of this type protect a network from unauthorized database access and any information within the network.
Above all the database security policies and software and hardware protections, the most important procedure to prevent data loss should the database security fails is the process of maintaining a periodic backup of the database. With a backup, it can be said that a database is secured whether in times of database security problems or in times when the database is secured.
Bibliography
Jucan, George. Database Security: Beyond the Password.
Retrieved on June 06, 2005, from Oracle Technology Network. http://www.oracle.com/technology/pub/articles/jucan_security.html
Establishing Security Policies.
Retrieved on June 05, 2005, from Oracle Corporation Online. http://www-rohan.sdsu.edu/doc/oracle/server803/A54641_01/ch19.htm
