Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Ensuring Database Security: Solutions and Best Practices

Verified

Added on 2019/12/03

AI Summary

Database security is a significant challenge for companies, particularly as data volumes increase. The study highlights various solutions to address these challenges, including Firewalls, Vulnerability assessments, and Framing of policies. Additionally, Auditing and regular monitoring are essential to identify gaps and loopholes, ensuring control and preventing potential threats.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Information
systems
management

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................1
Concept of Database Management Systems................................................................................1
Aspects of information storage and management........................................................................2
Need of Data Storage...................................................................................................................2
Threats related to Database management:...................................................................................3
Solutions for database security threats........................................................................................5
CONCLUSION................................................................................................................................7
REFERENCES................................................................................................................................8

INTRODUCTION
Database management has become a very key component of business efficiency. In the
present business environment, huge amount of data has been generated by the companies. So
concern about data security and data efficiency is increasing. The purpose of this report is to
analyse how firms are dealing with the security threats related to data. The study will help in
understanding how and why database systems are specified, designed, implemented, tested and
maintained. It will analyse the requirement for data storage and information gathering for firms.
Concept of Database Management Systems
It is evident that in the present context, companies are having large amount of data to
store and analyse. DBMS is a software tool which helps in organizing the data in a database in
an effective manner (Dhillon, 2007). The ultimate purpose of this tool is to store and transform
the data into information to support in making decisions. This concept has come into limelight
because it is really difficult for companies to store such high volume of data. Due to this, they are
facing many issues related to storage and security. DBMS consists of following three elements:
 Physical Database – It is a collection of files which contain the data
 Database engine – It is a software which ensures editing of the information (Eliasson,
2014)
 Database scheme – It shows the specification of the logical structure of the data stored in
the database
The system facilitates the users to create, edit and update data in the database files. There is a
concurrent access to the same database by multiple users. Security rules are determined in order
to access the rights of the users. Backup and recovery of data is possible constantly in case if a
problem occurs (Kovacich, 2013). The database structure and rules helps in improving the
integrity of data. A data dictionary offers a description of the data. It is to be noted that
development of the database is controlled by DBAs (Database Administrators). It ensures that
database structure is efficient and reliable. These people are also responsible for controlling
security aspects. For instance, different personnel within the company use databases in different
ways. Some of them just simply want to view the data and perform basic analysis (Maier, 2007).
However, other employees are actively involved in adding data to the database or updating the
existing data. It is required that administrators needs to set user permissions.
1

Aspects of information storage and management
 Data management – The first aspect of information management is the data management.
The raw data is in large volume and requires to be structured properly. At this phase the
information is then extracted (Medhi, 2013).
 Information delivery – This aspect is responsible for development of solution related to
management as well as delivery of the data. The DBMS possess the advantage of having
both real time and historic data manipulation. This makes the information delivery
process much faster (Shingo and Chong 2007).
 Information usage – The use of the data depends upon the nature of the information. It
could be used for business analytics or business intelligence. All things must be handled
by using a specific system.
Need of Data Storage
Today all are living in an information-centric world. As a part of society, all have an
increasing reliance on development and consumption of data. It is considered important because
there is a need to complete wide range of activities (Milne and Witten, 2013). In the present
context, data storage and management has become the activity which has to be pursued by every
organization. Information management is many times harder as compared to data analytics.
There is no need to collect the data which has no value for the companies. They are carrying out
more and more analytics on data in order to gain a better understanding of their clients or
customers and also to gain a higher share in the market (Yates and Paquette, 2011). The collected
information aids in finding solution, solving issues and selling more products or services. It is to
be noted that analytics has become a widely recognized trend in the industry facilitating cross-
pollination of the data. Many of the firms are now making millions from simply collecting and
selling information. For instance, store cards collect the shopping habits of the customers
(Becker, Greve and Albers, 2009). A business can use this data to understand which products are
popular and which ones are not. Further it can be tracked what time of the day and what days of
the week are popular for shopping.
As companies are growing an expanding across the world, the need for instant and
effective communication of data is also increasing. It has become essential for the success. One
2

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

of the most important aspect of data storage is its legal ramifications (Bruce and Ho, 2009). If
firms are storing client information, their private and personal details, then it is to be assured that
information is protected at all the time and only the right people have access to it. Installation of
firewalls, passwords and certain systems helps in providing protection to the client’s data
(Katerina and et.al., 2009). Further the storage has become essential for the purpose of taking
critical business decisions. It is evident that decision making is a very critical and complex
process. Sometimes there is a requirement of high volume of data for fulfilling the above
purpose. If the data are stored appropriately then it becomes easier to recognize the trends and
patterns. Hence in this manner, sound business decisions can be made.
Threats related to Database management:
 Disgruntled employees - Internal attacks are one of the biggest threats faced by the
systems of a company. People of the IT team with knowledge and access to networks,
can serious damages internally. The people who work at the data centres could be
responsible for data theft (Mendling, Recker and Reijers, 2010). It is also difficult to
identify this kind of people as they are within the company. It is essential for the business
to do a complete check on the background of its employees at regular intervals
 Failing to choose a secure password – Another a very common database threat is the
failure to choose a secure password. It is very easier for the hackers to crack a password.
Due to this many security experts recommends the use of a pass phrase, rather than a use
of password (Petkovic, 2010). Many of the information leak issues arise due to breaching
of password in a very easy manner. Pass phrases are to be used because they are several
words long, at least three and are far more secure than passwords.
 Mobile Devices – Another factor responsible for security breach is the availability of
gadgets such as pen drives, mobile, tabs etc. with the people within the company. Data
theft is at high vulnerability when employees are using mobile devices to share data,
access business information etc. (Sosinsky, 2010). According to recent reports, mobile
security breaches has affected about 68% of global companies in last 12 months. It is
very easy to store or transfer a file in couple of second through these gadgets.
 Poor emailing standards – In the business world, email is considered as the most private
and confidential tool for communication. They are available to a number of people other
than the recipient. Any kind of technical error may lead to passing of any confidential
3

email to any other recipient (Holtshouse, 2013). This could be a leak of any private data
related to the business. The communication platform for the people within the company is
required to be strong and effective.
 Third party service providers - Due to increasing complexity of the technology, business
firms are relying on outsourcing services in order to offer support and maintain systems.
The third party service providers are making use of remote access in order to connect
with the company’s network but they do not always follow the security best practices
(Dhillon, 2007). Many of the expensive breaches has occurred due to stolen of the log in
credentials.
 Limited Security expertise and education – Internal security controls are not updated with
the data growt6h and many companies are ill-equipped to deal with a security breach.
This occurs due to lack of expertise needed to implement security controls, enforce
policies etc (Khalili and Maleki, 2011). Before implementing a particular processes, it is
essential to gain full expertise and knowledge about it. The ways to handle and operate
the processes are to be learned so that it becomes easier to run them. The expertise and
education requires appropriate training and guidance under experts. It will help in
avoiding the issues related to security breach. Further it is to be promoted among other
people (Quality risk analysis. 2009).
 Lack of consistency within databases – Another threat which brings all the vulnerabilities
together is the lack of consistency. It is more of an administrative issue rather than
database technology problem (Shingo and Chong, 2007). The administrators are required
to develop a consistent practice in looking after their database, staying aware of threats
and also making sure that vulnerabilities are taken care of.
 Storage media exposure – Backup storage media is often completely unprotected from
the attack. As a result, several breaches have involved the theft of database backup disks
and tapes. Along with that, data can be at risk in case if there is failure in auditing and
monitoring the activities of administrators who have low level access to the sensitive
information (Milne, and Witten, 2013). Hence it is essential to adopt appropriate
measures for the protection backup copies of sensitive data and for monitoring the
activities of highly privileged users. It is not only a best security practice but is also
mandated by many regulation.
4

 Incorrect usage – Another big threat associated with the database security is the incorrect
usage of data. Leaked information can go into the hands of wrong individuals. This could
create some problems and may also lead to some serious consequences (Yates and
Paquette, 2011). Many cases have been seen where some hackers have disclosed some
crucial things related to the company’s business. It is a serious loss the company’s
reputation and image.
Solutions for database security threats
Different types of measures and techniques can be adopted in order to deal with the
database security threats:
Firewall – It is a network security system which is capable of monitoring and controlling the
incoming and outgoing network traffic based on predetermined security rules. It has the potential
to establish a wall between trusted internal network and another outside network (Becker, Greve
and Albers, 2009). For instance, internet which is assumed to not be secure or trusted. This
protection is applicable in terms of both hardware as well as software and even the combination
of both. All messages entering or leaving the intranet passes through firewall which examines
each message and also blocks them. At present next generation firewall are available for use
which blends the features of a standard firewall with quality of services. It offers smarter and
deeper inspection (Bruce and Ho, 2009)
Vulnerability assessment – It is a process under which vulnerabilities are identified, quantified
and prioritized within the system. This aspect has many things in common with the risk
assessment. The assessments are performed according to the following steps in the typical
manner
 Cataloguing of assets and capabilities within a system
 Allocating quantifiable value and importance to those resources (Mendling, Recker and
Reijers, 2010)
 Recognizing the vulnerabilities or potential threats to each resource
 Removing the most serious vulnerabilities for the most valuable resources
Framing of policies – Companies can also maintain a distance with security threats through
framing strict rules and policies related to information management. It is essential to keep an eye
on the activities of employees to make sure that they do not leak anything. A complete check on
their background is to be made (Khalili and Maleki, 2011). Rules are instructed to be followed
5

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

strictly as it is a matter of company’s privacy. For instance, employees should not be allowed to
carry gadgets in data centers, administrative sections etc. They are to be instructed what they
have to do and what not. Actions can be taken against the people who are found to be guilty of
data theft. It could be a lesson for other individuals.
Setting secure password – Most of the time the security breach occurs due to easy cracking of
passwords by the hackers. It is very important for the companies to keep their log in credential of
complex nature. In fact, many security experts have recommended that use of a pass phrase is
more effective rather than just a password (Yates and Paquette, 2011). Pass phrases are several
words long and are far more secure as compared to passwords. Company must choose a secure
password which has 0% chances of being cracked.
Information platform – Another important solution is to keep a common information platform
where the inflow and outflow of data can be made. In this way all the messages will be passed
through a single platform not allowing any external information to enter. It will also make the
communication strong and effective within the employees (Becker, Greve and Albers, 2009).
Third party service provider – As discussed earlier it is one of the biggest theft for data
security. Companies are taking services of other firms for the purpose of analysing their data.
Here the users are required to be alert of the outsourcing firms. They need to validate the
existence of any third party (Shingo and Chong, 2007). For example these firms will use the
same default password in order to get remotely connected with the processes within business.
This increases the chances of security breaches and data theft. There is a need to disable the third
party when they are no longer needed. In this way they will not be able to steal any information
due to loss of connection.
Auditing & Monitoring – It is another effective solution for database threats. Auditing is
required to be done at regular intervals at all the working levels especially at data centres. It
identifies gapes and loopholes and the corrective actions which are to be undertaken. It also
becomes easy to identify the potential threats which may arise in the future (Milne and Witten,
2013). Auditing is done to represent how fair and true the reporting of the information has been
done. This will also bring control in all the aspects and will avoid issues.
6

CONCLUSION
From the above study it can be concluded that Information systems management is a very
complex activity. Database Management Systems offers automated methods to create, store and
retrieve information. The ultimate objective of this tool is to store and transform the data into
information to support making decisions. Further the study has concluded that companies are
facing several challenges related to database security. The challenges are also increasing because
the volume of data for analysis is also increasing. Different types of solutions such as Firewall,
Vulnerability assessment and Framing of policies are available in order to solve such issues.
7

REFERENCES
Books and Journals
Becker, J., Greve, G. and Albers, S., 2009. The impact of technological and organizational
implementation of CRM on customer acquisition, maintenance, and
retention. International Journal of Research in Marketing. 26(3). pp. 207-215.
Bruce, C. and Ho, K., 2009. An empirical study of the use of e‐security seals in e‐commerce.
Online Information Review. 33 (4). PP.655 – 671.
Dhillon, G., 2007. Principles of information systems security: text and cases. John Wiley &
Sons.
Eliasson, G., 2014. Firm Objectives, Controls and Organization: The Use of Information and the
Transfer of Knowledge within the Firm-Volume 8. Springer Publishing Company,
Incorporated.
Holtshouse, D. K., 2013. Information technology for knowledge management. Springer Science
& Business Media.
Katerina D. and et.al., 2009. Measuring e‐commerce‐quality: an
exploratoryreview", International Journal of Quality and Service Sciences. 1 (3). PP.271 -
279.
Kovacich, L. G., 2013. The Information Systems Security Officer's Guide: Establishing and
Managing an Information Protection Program. Springer.
Maier, R., 2007. Knowledge Management Systems: Information and Communication
Technologies for Knowledge Management. Springer.
Medhi, D., 2013. Network Routing: Algorithms, Protocols, and Architectures. Morgan
Kaufmann.
Mendling, J., Recker, J. and Reijers, H. A., 2010. On the usage of labels and icons in business
process modeling.International Journal of Information System Modeling and Design
(IJISMD). 1(2). pp. 40-58.
Milne, D. and Witten, I. H., 2013. An open-source toolkit for mining Wikipedia. Artificial
Intelligence. 194. pp.222-239.
Petkovic, I., 2010. CRM in the cloud. Intelligent Systems and Informatics (SISY), International
Symposium. IEEE.
Shingo A. and Chong S. H., 2007. Managing Next Generation Networks and Services. Springer
Science & Business Media.
8

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Sosinsky, B., 2010. Cloud computing bible. John Wiley & Sons.
Yates, D. and Paquette, S., 2011. Emergency knowledge management and social media
technologies: A case study of the 2010 Haitian earthquake. International Journal of
Information Management. 31(1). pp. 6-13.
Online
Khalili, A. H. and Maleki, A., 2011. Project Risk Management Techniques in Resource
Allocation, Scheduling and Planning. [PDF]. Available through: <
http://www.waset.org/journals/waset/v59/v59-59.pdf> [Accessed on 12th November
2015].
Quality risk analysis. 2009. [Online]. Available through:
<http://www.mypmps.net/en/mypmps/knowledgeareas/risk/qualitative-risk-
analysis.html> [Accessed on 12th November 2015].
9

1 out of 11

+13062052269

info@desklib.com

Ensuring Database Security: Solutions and Best Practices

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Controlling Access to Sensible Data

Data Modelling and SQL Language

Data & Information Management

Database and Information Management - Assignment

Data Modelling and Sql Language - Assignment

Database Security Threats and Countermeasures