Analysis of Database Security - Annotated Bibliography Example

Database security: of Scime, A. . Database Security: What Need to Know. Journal Of Information Technology Education, 23(9), 132-172. The journal states that database security is a major concern that has been evident in many reported cases whereby massive data has been lost due to exposure of data to unauthorized people. Considering the increased usage, collection and sharing of data through electronic media, the author suggests that it is very important to ensure that the data is secured to prevent its loss. Through database security systems, data is restricted only to authenticated people who are responsible, and have the right to perform activities using it. However, all other users are restricted from tampering with the data using the database security systems. Data security systems incorporate the protection of data’s disclosure to increase its safety, protection from unauthorized personnel, and the accessibility and recovery of data after malicious activities. The author states that the Defense Information Systems Agency of the US Department of Defense provide that all the information that is secured through the database securities is protected from every unauthorized access, protected from any threats, assured of quality maintenance, and in the end, its integrity is maintained. The best way to ensure protection of data is by limiting is access maximally through creation of passwords and usernames. Additionally, one can also limit data access through defining access controls of specific resources only to specific and authorized persons. The journal also advocates for increased security systems for databases since most of that databases are found in the internet, hence prone to attacks. Consequently, there is a great need to condense the vulnerability of the threats, especially the SQL injection, which is normally tricked to perform unauthorized commands. Consequently, limiting access to this information would be done through a password and username system whereby only the authorized user is allowed to login into the site or database. However, the author also suggests that database auditing is also an important way to ensure data security since it is able to monitor all activities done in the database. Auditing tracks all the changes made to the database, the time, and the person who accessed the information, however, it is not able to prevent any breaches that occur. The source is credible since the author is an excellent Professor in Kennesaw State University, working t the department of Computer science and Information Systems. Additionally, she is determined to ensure that all the IT problems are solved and has an experience of thirty years in this field. Chen, Y., & Chu, W. (2014). Database Security Protection via Inference Detection1 (1st ed.). Los Angeles, CA: Computer Science Department. The authors are determined in establishing a perfect framework that assist in preventing malicious actions by unauthorized users on databases. Consequently, the best database to use in this case is referred to as the Inference Framework, which denies unauthorized access of sensitive information and detects any attack by an unknown individual. The Inference Framework incorporates three important modules that consist of semantic inference model (SIM), detection systems that assists in maintaining security and information accusations. All the security systems are interrelated through the semantic inference models whereby, a Semantic Inference Graph is then drawn while determining the entities of the semantic inference model. The Semantic Inference Models have the semantic, dependency and schema links that represent the relationship of related attributes whereby, the semantic link join links from different attributes but containing the precise relations. Additionally, schema links are effectual in joining foreign keys to the primary keys whereas dependency links are useful while connecting attributes with interrelated entities. The detention system will be effective in ensuring that the security of data is maintained to the later, through posing queries, which are then examined to determine if they are viable or not. The book also ensures that the data security for all databases is maintained to prevent loss or alteration of data at all costs. Additionally, the book lists all the threats that are prone to attacking the databases, basing on the past attacks. In general, database security is very useful in realms of risk management, information security, and computer security, which is used to minimize the risks that are involved in activities carried out. Sandhu, S. (2003). Data and Database Security and Controls. Book of Information Security Management. Fairfax, VA. This book states that data security is subdivided in to three parts, which include secrecy of the data, its integrity, and denial of its availability in order to ensure that it is secure. Secrecy is defined as the failure to disclose any information to any unauthorized personnel whereas integrity is the modification of data in an inappropriate manner. Additionally, the security systems ensure that any unauthorized personnel cannot access the data that is restricted to him or her in any case. The book further explains that the key purpose of the security systems is to detect any problems that may be identified to alter with the information and prevent any cases that breach the data’s security. However, specialists prioritize prevention since it ensures proper safety of this information preventing it from total access by unauthorized personnel. Detection is also important as it prevents more access of data as it is able to identify the changes and information accessed by any restricted person. When ensuring database security, it is always advisable to check the security from the network perspective and then check it from the server itself as this ensures that accurate measures are put in place to prevent any cases of insecurity. Gertz, M., & Jajodia, S. (2008). Handbook of database security (1st ed.). New York: Springer. This book is effective in providing information that assists in providing methods that help in securing, auditing, and monitoring various databases, and the numerous attacks that are vulnerable to this information. The book gives an example of a condition whereby information that is open to the employees, customers and other staff members is at a high risk of getting attacked hence ensure that security is maintained to the maximum. Additionally, it causes much loss and inefficiency once a security breaches the databases of an individual since hackers among other restricted people access most of the data. This book supports for the use of Database activity monitoring that performs analysis on the database to identify if there were unknown individuals who did perform anomalous activities or breached the policies. The Database activity monitoring is also essential because it provides a broad database trail, which is useful in regulating restricted users from accessing data. For example, all the users are who try to start any unauthorized activity or behavior is quarantined immediately whereas time is always limited for every user to ensure that risks are minimized maximally. Additionally, Native Audits are also very useful while protecting data as the book states since they always maintain security where the administrators cannot access the databases at the time. However, they are not very effective since they do not allow for duty separations hence proving that the network module level is the best while administering data protection due to high levels of preservation, confidence, and security of databases. The book also states that it would be useful to use figure print detections while accessing sensitive data to prevent any case of intrusion by unauthorized personnel since it is the most appropriate. Jodia, S. (2013). Database Security. Journal Of Information Technology Education, 6(13), 154-198. This book states that all access control units should be expressive and simple to use because it will ease the management tasks of maintaining the security specifications, which in the end is advantageous. The access control units must also be expressive since they must specify different ways through which security is enhanced on different data. The book also outlines the features that the access control system should poses in order to be effective in securing databases from all kinds of threats. The access control systems must combine different policies since most of the information is contained in many different policies. The policy combination policies are in most cases supported by the administration to ensure that a large-scale policy composition. Additionally, anonymity is also an important feature of the access control units that ensure that privacy of all the users is maintained through hiding their real identity. However, the digital certificates are able to approve the attributes of the user in all cases to ensure that they are performing the correct and authorized activity at the correct time. The book also explains about the derivations and the aggregations stating that they are very vital since they play a most important role in the on-line analytical processing (OLAP) services. However, there are many challenges that are associated with this method. However, the book explains many ways that can be used to reduce the risks involved. Additionally, the author explains that it is a great threat to organizations that store all their information, vital or not vital, to the on-line analytical processing since they are prone to threats that would lead to great financial loses to the company since the company significantly depends on this data in their data processes. A method of data protection such as data sanitization has been proven insufficient in protecting the data effectively since it is very prone to attacks. Additionally, the data is prone to indirect inferences of protected data whereas the systems used while protecting the data are also not very effective since they use the detect and remove approach. McAfee Database Security. (2009). Real-time protection for business-critical databases, and compliance. New York: Penguin Books. The book outlines that all governmental institutions, private, large, and small institutions among others depend largely on computerized information, which is stored in large databases in order to carry out their activities in an organized manner. The book clarifies that operating systems are not efficient at providing security compared to the database security systems since the Data Base Management Systems have a high protection level for many types of malfunctions since it protects the files at a file level hence ensuring maximum security. Additionally, the Data Base Management Systems have many object types compared to the operating systems that increase the data security. The databases contain many objects that include the tables, attributes, indexes, tuples, metadata, among others, whereas the operating systems contain of a file only. The Data Base Management Systems are also advantageous since they ensure a better data interrelationship between the logical objects with the complex semantic interrelationship. The Data Base Management Systems obtain their data through dynamic methods compared to the static methods used by the operating systems. The Data Base Management Systems are also very advantageous since they assist the users by guiding them effectively compared to the operation systems, which either give access or deny them access to the files and data. Many advantages are achieved after one uses the Data Base Management Systems to protect their data since one is assured of better performance since the data is well protected. In addition to this, data can be viewed easily through other devices such as the mobile phones, Macintosh, and tablets. Maintenance is also made easy through the online table maintenance as the book suggests. Anley, C., & Koziol, J. (2007). The shellcoders handbook (1st ed.). Indianapolis, IN: Wiley Pub. McAfee is an example of a database security system that ensures that all the data in businesses and organizations is collected and organized in an orderly manner and consequently protected from attacks. The article states that through research, it has been identified that most of the databases are prone to attacks and due to this; almost 92% of breached records are those from the databases. Advantages of using the McAfee Database Security that includes; centralized management of the database security systems, maintenance of the regulatory is effective and efficient, and the visibility posture and security is fully guaranteed. Additionally, it is always easy to use the database security software with ease and align the type of administration policy of wish across all the management personnel and the database security systems. database security systems are very important since they are able to protect the organization databases from all types of threats both the internal threats and the external threats. It is also very easy to access the databases since McAfee Database Security ensures that performance is improved greatly. The system has been rated better since they allow the user to set the database protection features, ensure maximum protection of the database systems, monitor the activities carried out in the databases, and ensure security management services are maintained maximally. The McAfee Virtual Parching is advantageous since it minimizes the time used by the security management personnel in managing the databases. In this case, the Information Technology personnel teams are very privileged since their work is reduced greatly since McAfee Database Security system also ensures that there is an automatic distribution of updates that ensure that the security of the data is maintained maximally. Mcafee. (2010). S.l.: General Books. McAfee Database Security system also have monitoring advantages as the cite states that the system is protected from all sources of attacks either externally or externally. Additionally, all the sophisticated threats are eliminated maximally to ensure that all the databases are secured from all potential threats. Additionally, all the potential threats are eliminated from the database systems. McAfee Database Security system also ensures that there is a password fitted for every data file to prevent unauthorized personnel from using the database or interfering with the data stored. Through this protection method, all the systems are scanned to eliminate all kinds of data that could be infected by any virus. Klein, S., & Roggero, H. (2012). Pro SQL Database for Windows Azure: SQL server in the cloud. New York: Apress. There are many advantages of database security systems as the book cites. The Data Base Security Systems are useful in organizations since they control all the stored data, manage all the data and make it secure for retrieval. The most advantageous reasons for using the database management systems is that there is a minimal data redundancy since all the data is resided in a central database. Additionally, there is also data consistency maintenance since there is a reduced data redundancy, in spite of this; it is also advantageous since there is proper data integration. Data integrity is made possible since all the data is stored in one database. Data sharing is also made very easy; however, it is always done carefully to avoid exposure to unauthorized people in order to reduce the threats that could attack it. Standardization of data is also made easy since it can easily be enforced since all the data is stored in a similar position, hence, any set of program scan easily integrate into the other files. Additionally, development of the program is also made easier since sensitive issues are eliminated such as the security of the data, data integrity, and concurrent accesses. There is better control of activities since there is reduced maintenance of activities using the Database Management Systems, privacy and confidentiality of data is ensured maximally through passwords and usernames. Data quality and integrity is maintained maximally since any other user who tried to access the data without any authorization is blocked. Aaron, N. (2006). Practical Oracle security (1st ed.). Rockland, Mass.: Syngress Pub. Nathan Aaron states that most people value database security since they ensure that the data is secured, confidential, and maintains its integrity. He gives an example citing that lack of a proper security system in most cases lead to losses, for example, he says that any customer who trusts their online retailers with their credit cards are at risk of losing their money since there are very many hackers who try to obtain this information. Additionally, all the Database Administrators should be at toes to ensure that they monitor the security of information regularly. Database security is defined as data security and a system security whereby both of them ask questions that are related to the security of data. For example, the data security enquires on questions involving the data such as the actions to be audited by the user and the objects and data that the users have complete access to them. Consequently, systems security enquires on specific questions that ensure that the individual trying to access the data is allowed such as their password verifications and the database actions that they are allowed to perform. Aaron concludes that security is very crucial for all databases stored as they ensure that data remains secured and only the right people are able to access it whenever they need it. However, for this to happen appropriately, it is essential to assess the network persistently, access the servers, test the file systems, and ensure that all the databases are protected. Read More