DBMS Security it Is Unrealistic

DBMS Security

It is unrealistic to assume that all levels of management, including all functional areas of any organization can have in-depth expertise in application security and development. Instead of relying on a few security experts to ensure application- to DBMS-level security is achieved, guarding against inbound security attacks through Web-based interfaces of applications and websites, companies need to create a Governance, Risk and Compliance (GRC) strategy. This GRC strategy must encompass risks by each management level within the company, with specific attention paid to the application development processes in the company. The GRC strategy must extend past the Multifactor Security Model mentioned in the reading and define security standards and tests to ensure programming based on JavaScript, J2EE development tools, and Web 2.0 applications. The purpose of the GRC strategy is to also define regression and security testing of each new application before it is released onto the website or for external use.

Further, the GRC strategy must also define continual security standards in terms of internal training and learning. Instead of responding to each threat the GRC strategy must also focus on planning an agenda of deterrence and control over threats. This aspect of the GRC strategy would lead to the development of programming standards that would audit all new applications to make sure they were impenetrable by SQL Injections and other threats. The knowledge gained from these security tests would in turn be used to refine and more precisely target potential security threats, becoming part of the GRC strategy over time. Database security needs to be part of a broader GRC strategy to alleviate risk while ensuring system agility so it can be used as a competitive advantage over time. Only by defining security strategies by level of management and functional area can the intricacies of database security be effectively managed over the long-term in any company.