DBMS Database Management Systems Since

DBMS

Database Management Systems

Since the emergence of networks and the Internet, the security and safety of information particularly in use of information database, has been an issue that required critical attention in the area of information technology. Due to the advanced technology of information exchange in many of today's day-to-day business transactions, made convenient through electronic transfers utilizing the computer, the safety of information became vulnerable because of the diverse computing problems and crimes where illegal and malicious threat to databases, such as viruses and hacking of information, happen. This is especially a problem to information that is classified to be confidential.

To solve the problems that exist in database security, laws and legislations for the safety of information and databases were created to protect both the public and the private sectors that utilize the Internet for communication of information, as well as in the use of other electronics technology that contains important and confidential information. Aside from the laws that protect information databases, there are also many kinds of hardware and software products that were developed and that continuously grows in the it industry to protect information databases. Such includes antivirus software, firewalls, and different appliances for network security.

The problems that continuously exist regarding database security have caused an increased awareness in both the public and business sectors. Thus, the creation and support on policies that improve and guarantee database security have become an obligation to many to ensure the safety of their information. According to George Jucan, in his article Database Security: Beyond the Password,

Recently we've seen a dramatic increase in public and business awareness of safeguarding private and personal information. With specific legislation now in place in many countries, it is now not only a public relations matter but also a legal obligation to protect identifiable data about individuals.

Database Security Policies

There are many measures and security policies that can be implemented to prevent illegal access to private databases. Typically, every security policy is dependent on the other policies. It is important to note that security policies work best if all the policies embedded within have strong walls against unauthorized access. Otherwise, once one policy fails, there are tendencies that its vulnerability and failure to protect the network, database, or information, can affect the rest of the policies. Following are some of the common policies, as extracted from Oracle Server Administration Guide, that are applied by many organizations which utilize information technology methods for database and information safety and security.

System Security Policy

System security policy contains rules and procedures on how the system and database will be managed. This involves the following.

Database User Management

Managing who can access a database is the basic principle and step for securing a database. It is important that there is a database administrator that will handle the management of the database such as the role of granting privileges to users. Management of a database is a critical role because the most basic procedures for securing a database is dependent on the database administrator. Hence, it is necessary that a database administrator technically knowledgeable about database capabilities and disabilities.

User Authentication

Verifying the authenticity of the user, as to whether he is authorized or unauthorized to access database information is an important element in database security policies. This is usually done via user accounts that include username and password information. This policy is related to database user management in which it is the administrator who has the responsibility of maintaining the list of authorized users as well as the type of user access permissions.

Operating System Security

Among the vulnerable factors where security is usually attacked is through the operating system. Hence, along with database security, it is important that the operating system is also secured from unauthorized access.

Data Security Policy

There are instances when not all information in a database is open for access to a user. Hence, there is the data security policy that controls the level of access a user has. According to Oracle Corporation Online,

Data security includes the mechanisms that control the access and use of the database at the object level. Your data security policy determines which users have access to a specific schema object, and the specific types of actions allowed for each user on the object.

Generally data security is based on how sensitive information is (Oracle Corp.). Important and confidential information is always necessary to be accessible only to a limited number of users.

User Security Policy

This policy defines how users will be allowed to access a database. The most common user security elements are password security and access privileges of users. To maintain a secured access to database and to lessen illegal database access, the database must feature periodical change of passwords. For instance, users will be asked by the system to change their password every quarter of a year. Encryption of password is another useful user security policy. In cases when there is an unauthorized access to user account information, password data is still secured because what is stored in the database is not the real password but its encoded form.

User security may also involve the definition of specific areas in a database where a user is allowed to access. This privilege management policy is important especially if a database services many users. Database roles can be created to implement this policy.

Auditing Policy

It is common that databases are audited to check the reliability of information it contains. However, there are also activities in a database that must be restricted to auditors. A database administrator must properly set database auditing procedures to prevent problems in the use of a database, specifically between the activities performed by the auditor that may affect the activities performed by the users.