SS3 First Term Data Processing Lesson Note – Database Security

The content is just an excerpt from the complete note for SS3 First Term Data Processing Lesson Note – Database Security. Check below to download the complete DOCUMENT

TOPIC:  Database Security

CONTENT: 

1. Introduction to database security
2. Types of Database Security Control

SUBTOPIC 1: Introduction to database Security

Database management systems are increasingly being used to store information about all aspects of an enterprise. The data stored in a DBMS is often vital to the business interests of the organization and is regarded as a corporate asset.

Database Security

Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks.   OR

Is the means of ensuring that data is kept from corruption and that access to it is suitable controlled? Thus, data security helps to ensure privacy. It also helps in protecting personal data. Data security is part of the larger practice of Information security.

Data is the raw form of information stored as columns and rows in our databases, network servers and personal computers.

Objectives to be considered

There are three main objectives to consider while designing a secure database application.

1. Secrecy: Information should not be disclosed to unauthorized users. E.g. a student should not be allowed to examine other students’ grades.
2. Integrity: Only authorized users should be allowed to modify data. E.g. students may be allowed to see their grades, yet not allowed (obviously!) to modify them.
3. Availability: Authorized users should not be denied access. E.g., an instructor who wishes to change a grade should be allowed to do so.

To achieve these objectives, a clear and consistent security policy should be developed to described what security measures must be enforced. In particular, we must determine what part of the data is to be protected and which users get access to which portions of the data.

Next, the security mechanisms of the underlying DBMS (and OS, as well as external mechanisms such as securing access to buildings and so on) must be utilized to enforce the policy. We emphasize that security measures must be taken at several levels. Security leaks in the operating system or network connections can circumvent database security mechanisms.

To gain full access to the note: DOWNLOAD FILE