Security & Integrity
By Richard Ngu
Martin, IS Security 1991-1999. In today's society, information is a critical resource not only in the fields of industry, commerce, education, or medicine, but also in the fields of military, diplomacy, or governments. Some information is extremely important as to have to be protected. For example, data corruption or fabrication in a hospital database could result in patients' receiving the wrong medication. Disclosure or modification of military information could endanger national security.
Privacy Ethical and legal rights that individuals have with regard to control over the dissemination and user of their personal information
Database security Protection of information contained in the database against unauthorized access, modification or destruction
Database integrity Mechanism that is applied to ensure that the data in the database is correct and consistent
A good database security management system has not only the following characteristics: data independence, shared access, minimal redundancy, data consistency, and data integrity but also the following characteristics: privacy, integrity, and availability.
Privacy signifies that an unauthorized user cannot disclose data
Integrity ensures that an unauthorized user cannot modify data
Availability ensures that data be made available to the authorized user unfailingly
Copyright ensures the native rights of individuals as a creator of information.
Validity ensures activities to be accountable by law.
With a strong enforcement and management of these, it is said that the database system can effectively prevent accidental security and integrity threats from system error, improper authorization and concurrent usage anomalies. In addition to have an efficient system, it should have prevention on malicious or intentional security and integrity threats where computer system operator can bypass security as well as programmers as hackers.
There are certain security policy issues that we should recognize, where we should consider administrative control policies, decide which security features offered by the DBMS is used to implement the system, decide whether the focus of security administration is left with DBA and whether it is centralized or decentralized. Besides, one should decide on ownership of shared data as well.
When we talk about the levels of security protection, it may start from organization & administrative security, physical & personnel security, communication security and Information systems security which is illustrated in the following discussions.
Physical Security The site or sites containing the computer systems must be physically secured against armed or surreptitious entry by intruders.
Encryption The encryption is done while the data is being transferred or transacted between the client and server to reduce the possibility of being tracked data and obtain information easily.
Transaction Control Program User must be authorized carefully to reduce the chance of any such user giving access to an intruder in exchange for a bribe or other favours for instance login, menus with controlled functions provided to each different user.
Application Since almost all database systems allow remote access through terminals or networks, software-level security with the network software is as important as physical security, both on the Internet and networks private to an enterprise.
DBMS User Views The database SQL should provide adequate depth and width of view to each specific user so that user will only view or update certain data with same command line entered.
Operating System No matter how secure the database system is, weakness in operating system security may serve as a means of unauthorized access to the database.
Encryption This encryption is done to the data intend to store permanently with integrity assured to the information. Only correct decryption can reverse the process back and regenerate the original data stored.
Database Some database system users may be authorized to access only a limited portion of the database. Other users may be allowed to issues queries, but may be forbidden to modify the data. It is the responsibility of the database system to ensure that these authorization restrictions are not violated.
Security at all these levels must be maintained if database security is to be ensured. A weakness at a low level of security allows circumvention of strict high-level (database) security measures. It is worthwhile in many applications to devote considerable effort to preserving the integrity and security of the database. Large databases containing payroll or other financial data are inviting targets to thieves. Databases that contain data pertaining to corporate operations may be of interest to unscrupulous competitors. Furthermore, loss of such data, whether via accident or fraud, can seriously impair the ability of the corporation to function.
Read more articles here
About Richard Ngu
Find out more at http://nextlevel.com.my/tutor/richy.
Copyright Notice
This article is copyrighted by Richard Ngu. You are allowed to reprint
this article on your web site as long as you include the full article text, the
author profile information above and this Copyright & Reprint Notices.
|
Change Currency