A 101 of Database Security Concepts

While speaking of database security, the first thing that comes to mind is to protect it from unauthorized users. However, the scope of database security is far wider than just protecting it from unauthorized users. Still, the database security is only a sub domain of the overall computer security. Computer security starts at the root of the individual data expanding to the database, and then to the network that finally expands to the individual computers on the network.

In other words, problems with individual computers or any network device can also corrupt your database. In addition, there are malicious users who can log on to the network and access your database to steal data, modify data, or even delete the entire database. In short, the database is at risk from several angles and any damage(s) can either be initiated due to the ignorance of the user or due to malicious intentions of any person who may or may not be authorized to use the database. While you have to make the database secure so that no one unauthorized can get into it, the accidental damages can be reduced by training the users and imposing penalties on breach of rules such as leaving a system unattended while being logged in.

It is not necessary that only people outside the organization are threats to the database. Even people using the database pose risk to the organization. Some may be selling off confidential data to the competitors for extra income. Others may be helping their colleagues in improving their statistics by altering the data in the database. When it comes to the question as who can be a threat to the database, the only answer is that literally everyone is a threat. Hence, encryption of data is an essential part of database security plans.

Before you create a database security plan, you need to understand the following equation: Important Data + Vulnerability= Threats. Hence, you have to check out the different vulnerabilities while creating a database security plan, some of which are mentioned above. While deleted data can easily be traced, if data is stolen or modified, it can do much damage to the organization before the error is discovered. Your database security plan should also focus on identifying modified data before it creates a disaster.

While there are several components that aid database security, including authentication, authorization, access restrictions, and auditing, we will focus on the primary database security concepts in the following sections. Based on these concepts, you can build the above mentioned aids for use with your database protection plan.

As the equation specified in section says, the importance of data combined with vulnerabilities is responsible for the extent of threats to the database. While some methods to counter such threats are briefed in the above section, they are not comprehensive. The best method is to check for possible vulnerabilities and create modules to further enhance the security of your database. To check these vulnerabilities, one needs to have an idea of security concepts that are divided into the following categories:

· System Security Concepts;

· Data Security Concepts;

· User Security Concepts;

· Password Management Concepts; and,

· Auditing Concepts.

Once you understand each concept, you will be able to create better methods for authentication, authorization, access restrictions, encryptions, and many more elements that should be incorporated into fool proof database security policies.

Every organization has one or more database administrators based on the size and number of its database(s). These administrators bear the responsibilities of the database security administrators and have overall access and all rights pertaining to the database. These security administrators create policies so that the database is used in a secure environment. Some of the policies decided and developed by the database security administrators are mentioned in the following paragraphs.

User Management Policy: Under this policy, the administrators have to create user groups so as to allow users to access the database. The policy should also include a good system of user authentication using one of the many secure methods. Besides, the user management policy should make sure that the users cannot create, modify, or delete data files that are not related to their logon. This can be achieved by restricting their access to the operating system and network file system.

Tips for Enhancing Security at User Management Policy: The database security administrators should keep a record of user activities. Hence, introducing a logging system is recommended per user. It is also recommended that the user login is deleted on the same day when the user leaves the organization. This needs active communication between the security administrators and the HR. A system of active communication among the different entities of the organization helps in achieving better results for implementing security plans.

The next page details the other modules of the Database Security Concepts at 101 Level.