TOPIC: DATABASE SECURITY.

Specific objectives: by the end of the lesson, you will be able to do the following;
1. Define data security;
2. List at least two importance of data security;
3. Explain risk assessment;
4. List four ways of physically securing data;
5. List and explain the types of security control on the data;
6. State at least four roles of database administrator.
 Data Security
Data security is the means of ensuring that data are kept safe from corruption and that
access to it is suitably controlled.
In simple terms, data security is the practice of keeping data protected from corruption
and unauthorized access.

Data security is a major issue for businesses, organizations and even homes. Ensuring that
your data is secured is becoming more important everyday and vital to business operations.
Data security helps to ensure the following;

1. Prevent data loss to unauthorized users like hackers etc.

2. Prevent data loss to natural disasters like fire, flood, hurricane
etc.
3. It helps to ensure smooth running of an organization because
organizations rely solely on data for their daily running.
Risk Assessment
This is the process of identifying the traits or risks that can be faced and what could happen
if valuable data are lost. Things to consider when assessing risk

1. Who have access and to what data.

2. Who uses the internet, e-mail systems and how they access it.
3. Who will be allowed access and who will be restricted.
4. Whether or not use passwords and how they will be maintained.
5. What type of firewalls and anti-malware solutions to be put in place?
6. Training the staff properly and enforcing data security.
Physical ways of securing data

Once you draw up a plan and access your risks, it is time to put your data security system
into action. Some data can be compromised in many ways, the best security against misuse
or theft involves a combination of technical measures, physical security and a well-educated
staff. Here are things to do;

1. Protect your office or data counter with alarms and monitoring systems.
2. Keep computers and associated components out of public view.
3. Enforce restrictions on internet access.
4. Ensure that your anti-malware solution is up to date.
5. Ensure that your operating system is up to date.
6. Fight off hacking attacks with intrusion detection technology.
7. Utilize a protected power supply and backup energy sources.
Types of security control on the data

Access control: this is the selective restriction of access to a place or other resources. Most
users need to access only a small part of the database to carry out their tasks. DBMS should
provide mechanisms to control access to data. Authorization is the permission to access
resources.

Database auditing: this is the act of observing database users. The database administrators
and consultants set up auditing for security purposes. For example, ensuring that those
without permission to information will not have access.

Authentication: authentication is another part of data security that we encounter with every
day computer usage. Things like password, smart card, fingerprints etc. can be used for
authentication purpose.
Encryption: a DBMS can use encryption to protect information in certain situations where
the normal security mechanisms of the DBMS are not adequate. For example, an intruder
may steal tapes/hard disk etc. containing some data or tap a communication line. By storing
and transmitting data in an encrypted form, the DBMS ensures that such stolen data is not
intelligible to the intruder. The basic idea behind encryption is to apply an encryption
algorithm, which may be accessible to the intruder but the original data is not without the
encryption key.
Roles of database administrator

1. Installing and upgrading the database server and application tools.

2. Modifying the databases’ structure based on the information given by the developers.
3. Controlling and monitoring user access ft the database.
4. Monitoring and optimizing the performance of the database.
5. Planning for backup and recovery of database information.
6. Maintaining archived data.
7. Backing up and restoring database.
8. Contacting database vendor for technical support.
9. Ensuring compliance with database vendor license agreement.
10.Enrolling users and maintaining system security.