Running head: DATABASE SECURITY 1

Database Security

Onyango Hillary Valentine

Institution Affiliation
DATABASE SECURITY 2

Database Security

Summary

Information and data have proved vital in the Information technology age. Most systems

heavily rely on data compiled during system runtime. The data collected can aid in the complex

strategic decision-making, that influencing certain productivity aspects of an organization. Databases

are well-known repositories of the data collected from these systems.

The value of data is almost in comparison to monetary, putting data at risks of being breached.

Several cases have recorded over the years of hacked databases, extracting data to perform high profile

illegal activities or sometimes for other causes. These situations have brought about the need to secure

data within the databases.

In 2013, one of the most epic historic data breach case the Yahoo attack, reveals of nearly 3 billion

affected account details (Carlini, 2017). Attacks of this calibre on databases require apt measures put in

place to handle the situation. Various database security methods ushered and implemented, while others

are still being invented or innovated to suitability. Database security models implemented as one of the

measures to uphold the Confidentiality, Integrity and Availability (CIA) of data.

DATABASE SECURITY 3

Introduction

The dawn of the Information Technology age has led to the development of various Information

Systems to support the organizations collectively. The information Systems widely based on their

ability to gather, process and store data. Most business firms and organization today depend heavily on

Information Systems. The Information systems can aid in carrying out and performing management

duties like handling transactional interactions with organization customers and suppliers and helping in

the organizational strategy decisions. All the outlined activities carried out successfully through pulling

and pushing data into the system, bringing out the importance of data.

Specific researches on data suggest that the new age has proven of the actual value of data to be

nearly proportionate to monetary value. Data can impact a lot of features that strike development en-

catchment areas, making monetary values more liable in the situation. Data generally has an impact on

several aspects, be it social, political or economic features. Data classified in various categories

including personal data, transactional data, web data or sensor data, among others, but they are all

handled in the same manner. Normally data store in databases which exist within the computer

memories.

The information systems rely heavily on databases as the data stores. The Databases organize,

already processed and stored data stores. The databases are structured enough for the storage, retrieval,

modification and deletion of data in relations to various data-processing operations. Initially, most

systems databases were direct-access storage devices, but later on, several random access methods put

into implementation. The databases that could support this method included the Hierarchical databases,

network databases and relational databases.

Most implementation variations are SQL (Structured Query Language) for the relational

databases. The use of SQL databases has prompted the use of specialized attacks on these databases,

including SQL Injections, Privilege escalation or brute-forcing the passwords of the database system.
DATABASE SECURITY 4

The number on the database attacks every day is becoming overwhelming since systems in most

organizations implement limited database security measures. Recent reports reveal of recent attacks

that pulled off through genuinely simple tactics. The fact that organizations today handle a lot of

database configurations judging by the vast number of databases used today could be a great cause,

alternatively termed as laziness that most certainly end up in high calibre Cyber attacks on the systems.

Control Measures

Database security heavily relies on, supporting the database system configured to configure

and restrict access to Database Management Systems. Security at this level is accurately proportionate

configuration and monitoring, including system hardening, DBMS configuration, access and security

monitoring. Through this method, security protocols can be managed or controlled.

Performing system configurations and monitoring troll us a long way in terms of purging

database security issues (Bessen, 2014). System hardening and monitoring, as a technique, require the

database systems to be at consistent patching and hardening using the available security configuration

standards and constantly monitoring access and threats. The method helps aviate security

vulnerabilities within the database model.

DBMS configuration, the DBMS should frequently be check and updated with the best

configuration and hardening features. The configuration process can manipulate the readily available

security features, providing limited access to the DBMS. The repetitive action of the process engages

the monitoring of DBMS configuration while ensuring the appropriate changes in the control processes,

in turn, assuring configuration linearity.

Application-based security can also be incorporated into the systems to help with the

monitoring and the regular auditing of the database system features and configurations. Running the

sophisticated application security frameworks helps protect against attacks, eventually leading to other
DATABASE SECURITY 5

attacks. The method is not full-proof since it mostly relies on auditing processes based on already

existing information on threats.

Backing up of data on different memory drive locations is also an important step to secure data.

Database systems should incorporate auxiliary processes that can perform a timely back-up of the

database data on reliable data drives on different locations from the primary drive locations. In cases of

a data breach, data drives destruction initiates the recovery process to the secondary storage. Most

times, the process is futile when the secondary drives become non-reliable.

Security generally revolves around Confidentiality, Integrity and Availability, to support all

these various security models have put in place. The security models define the rules and policies that

govern confidentiality, integrity and availability of data. The security models include the Bell-

LaPadula, the Harrison-Ruzzo-Ullman, the Chinese Wall, Biba and the Clark-Wilson models. The most

intriguing model is the Clark-Wilson model.

Clark-Wilson Model

Clark-Wilson model tries to implement database security in terms of integrity. The model ensures that

only the authorized users in the system are allowed to make changes to the system features, to generally

impact the consistency of the internal and external data structure. The model supports the transaction

system or the well-formed transaction. Well-formed transaction principle implies the user is limited to

their capabilities to manipulate data, to preserve and uphold the integrity of data.
DATABASE SECURITY 6

Figure: Clark-Wilson model representation

The details of the model process show the model dealing with the Constrained data items

(CDIs) and the Unconstrained data items (UDIs). The transactions dealt with at this level are the

Integrity Verification Procedures (IVPs) and Transaction Procedures (TPs). IVPs verifies that TP result

from CDI is of valid states(Department of Homeland Security, 2017). The model ensures that only

certified TPs are permitted to perform manipulations on CDIs.

Conclusion

Database security should be considered first-hand as one of the security measures and not

assumed. Taking a step to act on database threats is a big step to safety generally like the new

Information Technology age where threats to our systems have become the daily trauma. Statistics have

already shown where ignorance and arrogance in terms of security on database systems have brought

us. Most of the threats posed to our organizational doorsteps are clear manageable with the right

mindsets and the right tools.

DATABASE SECURITY 7

References

Bessen, J. (2014, August 25). Employers Aren’t Just Whining – the “Skills Gap” is Real.

Harvard Business Review.

Bojanova, I., Vaulx, F., Zettsu, K., Simmon, E., Sowe, S. (2016, January 21). Cyber-Physical-Human

Systems Putting People in the Loop.

IT Professional.

Carlini, J. (2017, August 06). Preparing for Nanokrieg: Electronic Wars Being Won and Lost in

Microseconds.

Department of Homeland Security (2017). National Cyber Security Awareness Month October 2017

https://www.dhs.gov/sites/default/files/publications/NCSAM%202017%20Themes%20One

%20Pager-%20508%20compliant.pdf