

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The importance of database security, the risks involved, and various types of controls to mitigate these risks. Topics include access control, auditing, authentication, encryption, data integrity, backups, application security, and statistical database security. Database security is crucial to prevent unauthorized access, malware infections, performance issues, physical damage, design flaws, and data corruption.
Typology: Lecture notes
1 / 3
This page cannot be seen from the preview
Don't miss anything!


Database security concerns the use of a broad range of information security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links) against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security, information security and risk management.
Security risks to database systems include, for example:
Ross J. Anderson has often said that by their nature large databases will never be free of abuse by breaches of security; if a large system is designed for ease of access it becomes insecure; if made watertight it becomes impossible to use. This is sometimes known as Anderson's Rule.[1]
Many layers and types of information security control are appropriate to databases, including:
Access control
In the fields of physical security and information security, access control ( AC ) is the selective restriction of access to a place or other resource. [1]^ The act of accessing may mean consuming,
entering, or using. Permission to access a resource is called authorization.
Database Audit
Database auditing involves observing a database so as to be aware of the actions of database users. Database administrators and consultants often set up auditing for security purposes, for
example, to ensure that those without the permission to access information do not access it.
Authenticaton
Authentication (from Greek: α 1 F 5 0θεντικός authentikos , "real, genuine", from α 1 F 5 0θέντης authentes ,
"author") is the act of confirming the truth of an attribute of a single piece of data claimed true by an
entity. In contrast with identification, which refers to the act of stating or otherwise indicating a claim purportedly attesting to a person or thing's identity, authentication is the process of actually
confirming that identity. It might involve confirming the identity of a person by validating their identity documents, verifying the authenticity of a website with a digital certificate, [1]^ determining the age of
an artifact by carbon dating, or ensuring that a product is what its packaging and labeling claim to
be. In other words, authentication often involves verifying the validity of at least one form of identification.
Encryption
In cryptography, encryption is the process of encoding a message or information in such a way that
only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor. In an
encryption scheme, the intended information or message, referred to as plaintext, is encrypted using
an encryption algorithm – a cipher – generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated
by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required.
An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users.
Data Intigrity
Data integrity is the maintenance of, and the assurance of the accuracy and consistency of, data
over its entire life-cycle, [1]^ and is a critical aspect to the design, implementation and usage of any
system which stores, processes, or retrieves data. The term is broad in scope and may have widely different meanings depending on the specific context – even under the same general umbrella of
computing. It is at times used as a proxy term for data quality, [2]^ while data validation is a pre-
requisite for data integrity. [3]^ Data integrity is the opposite of data corruption. [4]^ The overall intent of
any data integrity technique is the same: ensure data is recorded exactly as intended (such as a database correctly rejecting mutually exclusive possibilities,) and upon later retrieval, ensure the
data is the same as it was when it was originally recorded. In short, data integrity aims to prevent
unintentional changes to information. Data integrity is not to be confused with data security, the discipline of protecting data from unauthorized parties.
Backup
In information technology, a backup , or the process of backing up, refers to the copying and archiving of computer data so it may be used to restore the original after a data lossevent. The verb form is to back up in two words, whereas the noun is backup. [1]