Page 144 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 144
Information Security and Privacy
Notes is such; though, the database administrator (DBA) has to carry out many security function. This
unit will scrutinize the primary security areas that fall inside the field of the DBA, who then has
to create database familiarized solutions.
10.1 Database Security
You must understand that security is a voyage, and not the final target. We cannot suppose a
method is completely secure, we may not be alert of fresh/new attacks on that method. Many
security vulnerabilities are not even available as attackers want to postponed a fix, and
manufacturers do not want the harmful publicity. There is an ongoing and uncertain discussion
over whether highlighting security vulnerabilities in the public field encourages or assists
avoidance of further attacks.
The safest database you can visualize must be found in a most firmly locked bank, or nuclear-
proof bunker, installed on a standalone computer devoid of an Internet or network connections,
and under protector for 24×7×365. Though, that is not a probable scenario with which we would
like to function. A database server is to continue with services, which frequently enclose security
problems, and you should be practical about probable threats. You must suppose failure at some
point, and never amass truly sensitive data in a database that illegal users may easily penetrate/
access.
A main point to think here is that most data loss appears due to social exploits and not technical
ones. Therefore, personnel procedures may more than encryption algorithms require to be
looked into.
You will be able to build up an effective database security, if you understand that securing data
is necessary to the market reputation, productivity and business objectives.
Example: As personal information like credit card or bank account numbers
are now usually obtainable in many databases; so, there are more opportunities for identity
theft.
As per estimation, more than half of all identity theft cases are devoted by employees who have
access to large monetary databases. Banks, companies that take credit cards services outwardly
must place greater stress on safeguarding and scheming access to this proprietary database
information.
10.1.1 Levels of Database Security
Securing the database is a basic principle for any security workers while mounting his or
her security plan. The database is a compilation of useful data and can be considered as the
most essential constituent of an organization and its economic enlargement. As a result, any
security effort must remember that they need to offer the strongest level of control for the
database.
As is accurate for any other expertise, the security of database management systems is based on
many other systems. These chiefly comprise the operating system, the applications that use the
DBMS, services that interrelate with the DBMS, the web server that makes the application
obtainable to end users, etc.
!
Caution Be aware that most prominently, DBMS security is based on us, the-users.
138 LOVELY PROFESSIONAL UNIVERSITY
