The Privacy and Security Related Issues in Databases - Research Paper Example

 Abstract This research paper presents a detailed analysis of the privacy and security related issues in databases. This paper assesses the key aspects of the business databases security and privacy. This research will also outline the problems with the database privacy and security. In the last I will also present some useful and favorable solutions for the database security. Data are collection of unrefined facts representing events taking place in organizations or the physical environment prior to they have been structured and managed into a structure that people can recognize and utilize. On the other hand, information refers to data that have been transformed into a structure that is important and functional to human beings (Norton, 2001, p. 4) and (Laudon & Laudon, 1999, p. 7). “A database is a collection of data structured to serve several applications proficiently by centralizing the data and diminishing the unnecessary data” (Laudon & Laudon, 1999, p. 234). Security comprises the rules, actions, and technical measures used to stop illegal access or modification, theft, and physical damage to database (Laudon & Laudon, 1999, p. 502). Privacy refers to right of individuals and organizations to disallow or confine the compilation and utilizations of information about them. In the past, information privacy was uncomplicated to retain for the reason that information was kept in different locations. Each business had its own acknowledgment files. Each government agency kept detached records. Doctors kept their own patient files. On the other hand, at present, massive databases store this data online. A large amount of this data is private and secret and should be reachable only to approved users (Shelly, Cashman, & Vermaat, 2005, p. 591). The aim of database security is the safety of data from unintentional or worldwide threats to their reliability and utilization. The database environment has become more complicated, with dispersed databases positioned on client/server architectures, personal computers, and on mainframes. Use of data has turned out to be more open through the Internet and business intranets and from mobile computing devices. Therefore, applying data security efficiently has become more complicated and time taking. For the reason that data are a significant resource, all personnel in an association must be responsive to security issues and take actions to protect the data inside their fields. For instance, computer disks holding significant data should not be saved or placed on desktops. Data administration is sometimes accountable for creating on the whole procedures and actions to protect databases. Database administration is normally in charge for managing database security in a daily basis (Shulman, 2006), (Norton, 2001) and (Hoffer, Prescott, & McFadden, 2007, p. 499). Issues and threats to data security may be straight threats to the database. For instance, the persons who have illegal right of entry to a database may then peruse, modify, or even steal the data to which they have gained right of entry. Putting attention on database security only, on the other hand, will not make sure a secure database. All the components of the organization should be protected, comprising the database, the operating system, the network, the building(s) in which the database exists actually, and the employees who have any chance to use the system (Hoffer, Prescott, & McFadden, 2007, p. 500). Com Links External Links Figure 1: many of the possible locations for database security threats. Source (Hoffer, Prescott, & McFadden, 2007, p. 500) Achievement of this intensity of security involves cautious assessment, establishment of security actions and rules, and execution and enforcement of those actions and rules. The following issues must be addressed in a wide-ranging database security plan: (Hoffer, Prescott, & McFadden, 2007, p. 500) Accidental losses, as well as human error, software and hardware caused breakings: Developing operating actions for instance user approval, standardized software installation actions, and hardware repairs programs are examples of procedures that can be adopted to deal with threats from accidental losses. Because in any attempt that engages human beings, a few losses are expected however carefully planned actions and strategies can diminish the quantity and severity of losses. On the other hand, non-accidental threats are more dangerous (Hoffer, Prescott, & McFadden, 2007) , (Beaver, 2009) and (Shulman, 2006). Theft and fraud: these activities are becoming very dangerous for the people, quite possibly by means of electronic sources, may or may not modify data. Concentration here should be given on each of potential site mentioned in Figure 1. For instance, physical security should be applied so that illegal people are not capable to get access to rooms where computers, telecommunications facilities, servers, or computer files are placed. Physical security should also be offered for worker offices and any other places where significant data are kept or without difficulty accessed. Implementation of a firewall to save from illegal access to unsuitable components of the database through external communication links is an additional example of a security method that will obstruct people who are intent in theft or fraud (Shulman, 2006) and (Hoffer, Prescott, & McFadden, 2007). Loss of privacy or confidentiality: Loss of privacy is generally considered as failure of protection of data about individuals, while loss of confidentiality is generally considered as failure of protection of vital organizational data that may have strategic worth to the organization. Failure to manage privacy of information may direct to blackmail, bribery, or stealing of user passwords. Failure to manage confidentiality may lead to loss of competitiveness. State and national laws at the present exist to have need of various types of corporations to produce and communicate rules and actions to make sure privacy of consumer and client data. Security method should implement these rules and failure to accomplish can result considerable monetary and status loss (Hoffer, Prescott, & McFadden, 2007) and (Laudon & Laudon, 1999). Loss of data integrity: Due to loss of data integrity, data will be illogical or corrupted. If not data integrity can be reinstated by means of established back up and recovery actions, an organization may undergo serious losses or take wrong and inappropriate decisions based on the illogical data (Computingstudents, 2009) and (Hoffer, Prescott, & McFadden, 2007). Loss of availability: Damage of hardware, networks, or applications can be reasons of unavailability of data to users, which once more may direct to cruel operational problems. This type of threat comprises the beginning of viruses’ intended to damage data or software to cause to be system unusable. It is significant to respond to this threat by always installing the most up-to-date antivirus software, and educating staff on the basics of viruses (Hoffer, Prescott, & McFadden, 2007) and (Shulman, 2006). There are numerous sources those produce security threat for the databases security and privacy. Some time we think about people handling the databases system as the main threat for the system. Diverse categories of people can pose diverse databases security and privacy threats. Databases users can get un-authorized access by making use of another person's log in or privacy account. A number of users may work like hackers and produce viruses to negatively influence the working and performance of the databases system. Programmers can also produce related threats. An unsatisfied database administrator can as well reason problems through not imposing a sufficient powerful security policy (Beaver, 2009). There are huge areas of the databases information and security threats. Some of these more vital security threats are (Computingstudents, 2009): Hardware based- databases system threats: Deliberate equipment damage Unforeseen/Accidental equipment damage Equipment failure Equipment theft Power failure Software based- databases system threats (Shulman, 2006): Extreme Privilege Abuse Weak Audit Trail Database Platform Vulnerabilities Privilege increase DCP or Database Communication Protocol Vulnerabilities Backup Data Exposure Legitimate Privilege Abuse DSN or Denial of Service attack Weak confirmation Conclusion In this research I have presented a detailed analysis of the database privacy and security issues. In this research I have outlined the main security needs for the databases system. In this paper I have presented the detailed overview of different security and privacy threats and their soultions. This research has also outlined the potential solutions for the enforcing the security of the databases system and preserving the databases information and data privacy. This research will provide a better insight into the overall databases Security and privacy. References 1. Beaver, K. (2009). Database security threats include unruly insiders. Retrieved 09 18, 2009, from http://searchsqlserver.techtarget.com/tip/0,289483,sid87_gci1261129,00.html 2. Computingstudents. (2009). Database Security Threats and Countermeasures . Retrieved 09 18, 2009, from http://www.computingstudents.com/notes/database_systems/database_security_threats_countermeasures.php 3. Darkreading. (2009). Database security. Retrieved 09 18, 2009, from http://www.darkreading.com/database_security/security/management/showArticle.jhtml?articleID=217700639 4. Hoffer, J. A., Prescott, M. B., & McFadden, F. R. (2007). Modern Database Management, Eighth Edition. Pearson Education, Inc. 5. Laudon, K. C., & Laudon, J. P. (1999). Management Information Systems, Sixth Edition. New Jersey: Prentice Hall . 6. Norton, P. (2001). Introduction to Computers, Fourth Edition. Singapore: McGraw-Hill. 7. Privacyrights. (2009). A Chronology of Data Breaches. Retrieved 09 18, 2009, from http://www.privacyrights.org/ar/ChronDataBreaches.htm 8. Shelly, Cashman, & Vermaat. (2005). Discovering Computers 2005. Boston: Thomson Course Technology. 9. Shulman, A. (2006). Top Ten Database Security Threats. Retrieved 09 18, 2009, from http://www.schell.com/Top_Ten_Database_Threats.pdf Read More