Database Reference
In-Depth Information
to be followed, and disciplinary action in the event of noncompliance with policy
and procedures.
Computer-Based Techniques
Now let us turn our attention to the types of
countermeasures that are executed through the use of the computer system includ-
ing the DBMS. Here is a list of the major techniques:
Authorization of users.
Includes authentication of authorized users and granting of
access privileges to them.
Tailoring authorization through views.
Defining user views to have the ability to
authorize users for specific portions of the database.
Backup and recovery.
Creation of backup copies of the database at regular
intervals and also testing and implementing recovery procedures.
Protection of sensitive data.
Use of encryption technology to protect sensitive data.
All DBMSs have security systems to guarantee database access to authorized
users. Commonly, these security mechanisms are referred to as discretionary and
mandatory security mechanisms. Let us define the scope of this division:
Discretionary security mechanisms.
Used for granting and revoking data access
privileges to users for accessing specific parts of a database in any of the access
modes of read, update, add, and delete.
Mandatory security mechanisms.
Used for establishing security at multiple levels
by classifying users into distinct groups and grouping data into distinct segments
and, thereafter, assigning access privileges for particular user groups to data
segments.
From our discussions so far, you must have concluded that database security is
critical but also difficult. You must look toward enforcing database security at dif-
ferent levels. Security mechanisms must exist at several layers such as within the
database system itself, at the level of the operating system, the network, the appli-
cation, the hardware, and so on. Figure 16-3 clearly illustrates the layers of control
for database security.
Privacy Issues
Businesses and government agencies collect and store large volumes of information
about customers, suppliers, distributors, and employees. Data privacy concerns those
kinds of information that relate to individuals and external organizations that are
part of the company's database. Who owns this information—the company that has
the database or the individuals and organizations to whom the information relates?
Who can access this information? Can this information be sold to others? What are
the regulations?
Data privacy fits into data security in an unorthodox manner. Data security is
generally thought of as the protection of a company's data from unauthorized
access. Who authorizes access, and who decides on how and to whom access must
Search WWH ::
Custom Search