DATABASE SECURITY - Database Design and Development: An Essential Guide for IT Professionals

Database Reference

In-Depth Information

travel companies cannot survive even a single day without their database systems.

Any type of destruction of or unauthorized access to the database system has serious

impact. Obviously, an organization must ensure that its database system is ade-

quately guarded against accidental breaches of security or theft, misuse, and destruc-

tion through malicious intent.

Every organization must protect its database system from intentional and unin-

tentional threats. To do so, it must employ both computer-based and other types of

controls. The DBMS must include a proper security system to protect the database

from unauthorized access.

SECURITY ISSUES

What are we trying to protect by ensuring database security? What levels of infor-

mation need to be safeguarded and how? What are the types of problems and

threats that deserve special attention? Can we distinguish between threats from

outside and internal threats? Do these require different types of protection mech-

anisms? What are the solution options? How is protection of privacy related to

database security?

Let us address these broad questions before getting into specific access control

techniques. Many organizations are opening up their database systems for access

over the Internet. This openness results in great advantages but, at the same time,

makes the database system vulnerable to threats from a much wider area. Web

security demands special attention.

Goals and Objectives

Specifically, what are we trying to protect? How are we planning to protect? These

questions form the basis for discussions on database security. Let us consider the

primary goals and objectives. Figure 16-1 provides an overview of the security

system for a database.

Note the following three broad goals of database security highlighted in the

figure.

• Denial of access to the database by unauthorized users

• Guarantee of access to all authorized users

• Protection of privacy of data

In a broad sense, you understand database security and what protection means.

However, let us get into specific objectives. What are the particular objectives

to deal with individual types of threats? Here is a list of specific objectives of a

security system:

Shield from destruction. Shield the database from fire or any other such disaster.

Safeguard from theft. Safeguard the database from malicious schemes of competi-

tors or profiteers to steal the data content.

Search WWH ::

Custom Search

Home