3. Content
About Database Security
Security risk to database includes
About threads
Database security concepts
Confidentially
Integrity
Availability
Methods for securing the database
Security controls
Flow controls
Interface control
Access control
conclusion
4. Introduction
Database
It is a collection of information in computer
Security
It is being free from danger
Database Security
It is the mechanism that protect the database against intentional or
accidental threats/
Protection from malicious attempts to seat (view) or modify data.
5. Securityrisktodatabase
includes
Bank risk to database includes :
-> Bank Accounts
-> Credit card, salary, income tax data
-> University Admission, marks/grades
-> Land records, licence’s
6. Aboutthreads
What isThreats ?
Threats – Any situation or event, international or accidental,
that may adversely affect a system and consequently the
organization.
*Computer System
*Database
7. threads
Threats
Hardware: Fire/Flood/Bomb
Dara corruption due to
power loss
DBMS & Application s/w:
Failure of security mechanism
giving greater access theft of
program
Communication Networks:
Wire tapping breaking or
disconnection of cables
Database: Unauthorized
access or copying of data
Data corruption
8. Databasesecurity
concepts
Three main aspects :
*Confidentiality
*Integrity
*Availability
Threats to database ::
* Loss of Integrity
* Loss of Availability
* Loss of Confidentiality
9. Confidentially
No one can read our data / communication unless we want them to
It is protecting the database from unauthorized users.
Ensures that users are allowed to do the things they are trying to do.
For example :
The employees should not see the salaries of their managers.
Data
10. Integrity
No one can manipulate our data / processing / communication unless we want
them to
Protecting the database from authorized users
Ensures that what users are trying to do is correct
For example :
An employee should be able to modify his or her own information
Data
11. Availability
We can access our data / conduct our processing / use our communication
Capabilities when we want to
Authorized users should be able to access data for purpose as necessary
For example :
payment orders regarding taxes should be made on time by the lax law
Data
Availability
13. Securitycontrols
Type of Database Security controls :
1. Flow Control
2. Interface Control
3. AccessControl
Flow controls regulates the distribution (flow) of information among
accessible objects. A flow between object X andY occurs when a
statement reads values from X and writes intoY.
Interface control occurs when : a set X of data items to be ready by a user
can be used to get the setY of data.
Access control in information system are responsible for ensuring that all
direct accesses to the system object occur base on models and rules fixed
by protection.
14. Conclusion
The goal of database security is to protect our critical and confidential data
from unauthorized access.
Each organization should have a data security policy, which is a set of high-
level guidelines determide by:
User requirements.
Environmental aspects.
Internal regulations.
Governmental laws.