Potential Threats to the Database and Their Mitigation - Term Paper Example

Table of Contents Introduction 1 Database Security 2 Potential threats and their mitigation 2 Other Security issues 4 Conclusion 5 Bibliography 6 Introduction Nowadays enterprise database infrastructure is subject to an overwhelming variety of threats regarding security point of view. However, technological advancements permit corporations to be efficient as well as linked in ways that were not probable in the past. This augmented connectivity brought a lot of benefits, however has as well made businesses increasingly vulnerable to intimidation from outsiders and entities inside their business. As an effect of these challenges, businesses struggle to defend their intellectual property as well as stop the remediation costs as well as harm to brand that result unintended exposure of employees and customers data. In this scenario, database security becomes necessary to defend the business against security threats. In addition, security threats vary from state to state for instance, illegal access to the computer, storage rooms to destruction through fire, flood, earthquake and hurricane. Moreover, present researches focus on defending databases from unauthorized or accidental access, alteration, disclosure or destruction of data (Loch & Carr, 1992) and (Guimaraes et al., 2007). This research is about the potential threats to the database and implementation of database security. This research will discuss various security threats that can create problems for the databases. Database Security A database is a most precious asset for a corporation which is necessary to run its business. Therefore, security of this asset is very necessary. Here, database security means the guidelines, activities, and actions that can be used to stop illegal access or modification, theft, and physical damage to database (Turban et al., 2005, p.51) and (Laudon & Laudon, 1999, p.502) . Dawson, Vimercati, Lincoln, & Samarati (2001) stated that despite the advancements in current years in the database systems and technologies, nowadays information repositories continue to be vulnerable to data association attacks and inference that cause severe information leakage. If some effective security techniques are not applied to secure the database, sensitive business information can be used by bad people for wrong purposes. The capability to defend information disclosure beside similar offensive outflow would be of huge benefit to public, governmental as well as private institutions. However, these require more security nowadays and require making sure than data is accessible to only authorized people (Dawson et al., 2002). Potential threats and their mitigation In this section I will discuss potential threats to databases and ways that can be applied in establishing the database security: Accidental losses, as well as human error, software and hardware caused breakings: In any effort that involves human beings, a small number of losses or errors are probable on the other hand cautiously designed procedures and strategies can reduce the amount and severity of losses and errors. On the other hand, non-accidental threats are more dangerous for the businesses. Creating security measures such as user approval, standardized software installation activities, and hardware repairs programs are examples of procedures that can be adopted to deal with threats from accidental losses (Hoffer, et. al, 2007), (Beaver, 2009) and (Shulman, 2006). Theft and fraud: these are very serious issues for the people and come from electronic sources; however these may or may not change data. To deal with these issues, physical security should be implemented with the intention that unauthorized people are not able to access the rooms where computers, telecommunications facilities, servers, or database files are placed. In addition, the physical security can be offered for worker offices and any other locations where important and useful data and information are kept or without problem accessed. The most useful solution is to implement a firewall to protect data from unauthorized entities to unsuitable components of the database via external communication links is another instance of a security technique that will hinder people who are intent in theft or fraud (Shulman, 2006) and (Hoffer, Prescott, & McFadden, 2007). Loss of data integrity: Because of loss of data integrity, data will become unreasonable or useless. Additionally, if an organization does not take database backup and recovery actions to save data, then it may face serious losses or take wrong and inappropriate decisions based on the dirty data (Hoffer, Prescott, & McFadden, 2007). Loss of availability: Data can be lost due to problems in hardware, PCs, networks, or applications which can cause unavailability of data to users. And it may produce cruel working problems. In addition, these problems happen due to viruses’ intended to damage data or software to cause to be system unusable. However, this issue can be resolved by installing the most up-to-date antivirus software, and an organization should train its staff on the basics of viruses (Hoffer, Prescott, & McFadden, 2007) and (Shulman, 2006). Platform Vulnerabilities: Another main threat regarding the security point of view of database is vulnerabilities in basic operating systems such as UNIX, XP, Windows 2000, Linux, etc. and various other applications installed on a database server can cause illegal database access, denial of service (DoS attack) or data corruption. There is an example of “Blaster Worm”, which took advantage of a Windows 2000 weakness to produce DoS attack circumstances (Shulman, 2006). It is necessary to make secure database assets from opening system based platform attacks; however it can be done by implementing a mixture of standard software updates such as patches and Intrusion Detection Systems (IDS). Furthermore, to handle these issues vendors offer updates those can be used to get rid of vulnerabilities found in database and operating system platforms over time (Shulman, 2006). Other Security issues There are various sources that can create problems for the databases security. In many cases the workers managing the databases system are the major security threat for the databases. In this scenario, different categories of people create different databases security problems. For instance, the user of a database can get un-authorized access by using another person's username and password. In the same way, various people can work as hackers and create viruses to harmfully affect the functioning and operation of the databases system. In some cases, database designers and programmers can also create database security threats. In addition, a displeased database manager can also create problems by not implementing an adequate and dominant security policy (Beaver, 2009), (Gregory, 2008), (Ponemon, 2007)and (Hoffer et al., 2007). There are various other causes of the databases information and security issues. Some important cause can be: (Hoffer et al., 2007) and (Computingstudents, 2009): Hardware based- databases system threats: Intentional equipment damage Unforeseen/accidental equipment damage Equipment failure Equipment theft Power failure Software based- databases system threats (Shulman, 2006): Extreme privilege abuse Weak audit trail Database platform vulnerabilities Privilege increase Backup data exposure Legitimate privilege abuse DSN (Denial of Service attack) Weak authentication Conclusion Though business and corporate databases information is vulnerable to the outsider and insider attacks, it is probable to noticeably decrease risk by putting attention on the majority critical threats. In addition, by addressing the risks as some of them outlined in this research business and organizations can be able to achieve their goals as well as risk mitigation requirements of the majority regulated businesses in the world. This report has discussed various issues that can create security problems to the databases. This report has also presented the ways to overcome these issues. Bibliography Beaver, K. (2009). Database security threats include unruly insiders. Available at: http://searchsqlserver.techtarget.com/tip/0,289483,sid87_gci1261129,00.html [Accessed 03/05/2010]. Computingstudents. (2009). Database Security Threats and Countermeasures . Available at: http://www.computingstudents.com/notes/database_systems/database_security_threats_countermeasures.php [Accessed 03/05/2010]. Dawson, S., Vimercati, S.D.C.d., Lincoln, P. & Samarati, P., 2002. Maximizing Sharing of Protected Information1. Journal of Computer and System Sciences, 64, pp.496-541. Gregory, A., 2008. Conserving customer value: Improving data security measures in business. Journal of Database Marketing & Customer Strategy Management (2008) 15, , p.233 – 238. Guimaraes, M., Murray, M. & Austin, R., 2007. Incorporating database security courseware into a database security class. In Proceedings of the 4th annual conference on Information security curriculum development. Kennesaw, Georgia, 2007. ACM New York, USA. Hoffer, J.A., Prescott, M.B. & McFadden, F.R., 2007. Modern Database Management, Eighth Edition. Pearson Education, Inc. Laudon, K.C. & Laudon, J.P., 1999. Management Information Systems, Sixth Edition. New Jersey: Prentice Hall. Loch, K.D. & Carr, H.H., 1992. Threats to Information Systems: Today's Reality,Yesterday's Understanding. MIS Quarterly, 6(2), pp.173-86. Ponemon, L., 2007. Database Security 2007: Threats and Priorities within IT Database Infrastructure. Independently Conducted by Ponemon Institute LLC. Shulman, A., 2006. Top Ten Database Security Threats. Imperva, Inc. Turban, E., Leidner, D., McLean, E. & Wetherbe, J., 2005. Information Technology for Management: Transforming Organizations in the Digital Economy. New York: Wiley. Read More