Saturday, 20 January 2018

0

Database security issues

January 20, 2018Prof. Brijendra Singh

DATABASE SECURITY ISSUES
Database security is a very broad area that addresses many issues, including the following:
(i) Legal and ethical issues regarding the right to access certain information. Some information may be deemed to be private and cannot be accessed legally by unauthorized persons.
(ii) Policy issues at the governmental, institutional, or corporate level as to what kinds of information should not be made publicly available, for example credit ratings and personal medical records.
(iii) System-related issues such as the system levels at which various security functions should be enforced, for example whether a security function should be handled at the physical hardware level, the operating system level or the DBMS level. 
(iv) The need in some organizations to identify multiple security levels and to categorize the data and users based on these classifications, for example top secret, secret, confidential and unclassified. The security policy of the organization with respect to permitting access to various classifications of data must be enforced.
Threats to databases result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentiality.
Loss of integrity: Database integrity refers to the requirement that information be protected from improper modification. Modification of data includes creation, insertion, modification, changing the status of data and deletion. Integrity is lost if unauthorized changes are made to the data by either internal or accidental acts. If the loss of system or data integrity is not corrected, continued use of the contaminated system or corrupted data could result in inaccuracy, fraud or erroneous decisions.
Loss of availability: Database availability refers to making objects available to a human user or a program to which they have a legitimate right.

Loss of confidentiality: Database confidentiality refers to the protection of data from unauthorized disclosure. The impact of unauthorized disclosure of confidential information can range from violation of the Data Privacy Act to the National Security Act. Unauthorized, unanticipated or unintentional disclosure could result in loss of public confidence, embarrassment, or legal action against the organization.

0 comments:

Post a Comment