Logical and Physical Database Security - Essay Example

?Introduction All the organizations deal with information of the products to be developed sold and or people working in the organization. As the higher management utilizes the information for making informed decisions, therefore, it is one of the crucial assets of the organization. Keeping in view the importance of the information and its enduring usage, it is required that the information needs to be secured and accurately stored in reliable database sources. “Information is an organizational asset, and, according to its value and scope, must be organized, inventoried, secured, and made readily available in a usable format for daily operations and analysis by individuals, groups, and processes, both today and in the future.” (Neilson and Parui, 2009) The database security is one of the non-functional requirements which would only be fulfilled after completing all the functional requirements of the database. One of the reasons for not implementing secured databases is the improper design that does not act in accordance to organizational security policies. This document presents the importance of database security and critically reviews the various reasons for improper security implementation. Moreover, the document provides comprehensive analysis of the techniques and strategies are being utilized to overcome the database security issues (Abramov, Anson, Dahan, Shoval and Sturm, 2012). Database Security The database security is concerned with the unauthorized access or misuse of the authorized user which leads to the leakage of personal or potential information. A database is said to be a reliable data storage source if it does not compromise on confidentiality (data security), integrity (the correctness of data) and availability. The integrity of data is dependent on the data gathering and storing process, moreover, if the database could be accessed by unauthorized users can influence the correctness of data. Therefore, it can be stated that the database security is one of the critical factors to be achieved in developing a dependable database. There are many techniques could be utilized for developing a secured database (Kayarkar, n.d) includes: the access control (implementing data access rights to the users), database monitoring (to review the actions performed on the database), authentication (identifying the accurate user) and encryption (data encoding). Moreover, the data can be made secure by the application security and database integrity controls (Oracle, 2003). Logical and Physical Database Security The Elmasri and Navathe in 2004 a methodology have been introduced for developing a database design. The database designing methodology has following three (3) main phases include: the Conceptual database design, Logical database design, and Physical database design. As the objective of this document s to present a review of the database security concerns for avoiding illegal access, therefore, the document limits the discussion to the logical database design phase. In order to implement the security policies, the logical database design is the most critical phase. The database security can be implemented while designing the database and developing the software application. There are certain techniques need to be implemented for the development of a secured database. One of the techniques is the general security specification technique that can be implemented using Unified Modeling Language (UML) use cases. In order to implement the user privileges the database designer needs to implement the access control specification technique. One of the limitations of these techniques include these methods do not have provisions to tackle the organizational security policy. Keeping in view the limitations, a new security model has been suggested in which the database designers can implement the organizational security policy patterns which would be implemented while application development. In the design phase the database designers can develop security constraints following organizational policy. The implementation phase deals with transforming the data model in the Structured Query Language (SQL) with already developed security constraints (Abramov, Anson, Dahan, Shoval and Sturm, 2012). There are various principals identified and needs to be followed for protecting the data from the illegitimate access of users. The first principal converses for gathering the information about the data to be stored in the database. In order to comply the principal several questions need to be answered and these include: what, whose, why and how the personal data are being processed by the data controller. It would help the data controller to know whether the data under processing is sensitive or not. It is worthwhile to identify and nominate the data protection officer to fix responsibilities and accountability. The second principal states about analyzing the data to investigate whether the data is gathered obeying the laws, moreover, it identifies the criterion for legitimacy. The third principal presents the implementation techniques while maintaining compliance with the principals. It is pertinent to know privacy statements, secret company documents, and scripts. The fourth principal guides to develop a strong relationship with the staff (who has access the personal data), moreover, developing relationship with data processors (an employee for processing data). In the last, the data transfers and data exports should be done while complying the Data Protect Directive and Data Protection Act. The study guides to protect data from the physical unauthorized access while developing relationships with the staff (Room, n.d). Conclusion The correct decisions made on accurate information may lead the organization to success, whereas, the organizations cannot make a correct decision on the faulty information. The database designers are used to develop simply incorrect design just for fulfilling the requirements of the database; however, the designers should also consider the complicated processes of an organization along with security policies. The data should be secured logically as well as conforming to organizational policies and this can be done while designing the database. The document presented various techniques for implementing security features in a database which can lead an organization to have a logically secured database. Moreover, the data should be kept safe from the physical theft threat on the database. There are several counter measures to avoid the physical data theft vulnerability include: the installation of security cameras, alarms, electronic access control implementation on the doors and allocation of security guards (Gergi, 2010). Moreover, there are diverse guidelines and principals to avoid physical data theft which have been discussed in the document. Reference List Abramov, J., Anson, O., Dahan, M., Shoval P., and Sturm, A., 2012. A methodology for integrating access control policies within database development. Computers & Security, SciVerse ScienceDirect, Elsevier Ltd. Elmasri, R., and Navathe, S. B., 2004. Fundamentals of Database Systems. Addison Wesley, pp 58 - 97 Gergi, R. (2010). Logical and Physical Security – What the major Differences Are ? [online] Available at: [Accessed 18 April 2013] Kayarkar, H., n.d. Classification of Various Security Techniques in Databases and their Comparative Analysis. Navi Mumbai: M.G.M’s College of Engineering and Technology Neilson, P., and Parui, U., 2009. Microsoft SQL Server 2008 Bible. CrossPoint Boulevard, Willey Publishing Incorporation Oracle., 2003. Database Security. [online] Available at: [Accessed 17 April 2013] Room, S., n.d. Data Protection and Compliance in Context. Viva, the British Computer Society Read More