This document discusses database security. It defines database security as protecting database data from intentional or accidental threats. It identifies security risks to databases like bank accounts and grades. It covers database security concepts like confidentiality, integrity, and availability. It also discusses threats, security controls like access control and flow control, and methods to secure databases like authorization and encryption. The goal of database security is to protect critical data from unauthorized access according to an organization's security policy.

1. ImportanceofDatabaseSecurity

2. Presented By
Md Nazmul Hoque Shourob
ID: 201002305

3. Content
 About Database Security
 Security risk to database includes
 About threads
 Database security concepts
 Confidentially
 Integrity
 Availability
 Methods for securing the database
 Security controls
 Flow controls
 Interface control
 Access control
 conclusion

4. Introduction
Database
It is a collection of information in computer
Security
It is being free from danger
Database Security
It is the mechanism that protect the database against intentional or
accidental threats/
Protection from malicious attempts to seat (view) or modify data.

5. Securityrisktodatabase
includes
Bank risk to database includes :
-> Bank Accounts
-> Credit card, salary, income tax data
-> University Admission, marks/grades
-> Land records, licence’s

6. Aboutthreads
What isThreats ?
Threats – Any situation or event, international or accidental,
that may adversely affect a system and consequently the
organization.
*Computer System
*Database

7. threads
Threats
Hardware: Fire/Flood/Bomb
Dara corruption due to
power loss
DBMS & Application s/w:
Failure of security mechanism
giving greater access theft of
program
Communication Networks:
Wire tapping breaking or
disconnection of cables
Database: Unauthorized
access or copying of data
Data corruption

8. Databasesecurity
concepts
Three main aspects :
*Confidentiality
*Integrity
*Availability
Threats to database ::
* Loss of Integrity
* Loss of Availability
* Loss of Confidentiality

9. Confidentially
 No one can read our data / communication unless we want them to
 It is protecting the database from unauthorized users.
 Ensures that users are allowed to do the things they are trying to do.
For example :
The employees should not see the salaries of their managers.
Data

10. Integrity
 No one can manipulate our data / processing / communication unless we want
them to
 Protecting the database from authorized users
 Ensures that what users are trying to do is correct
For example :
An employee should be able to modify his or her own information
Data

11. Availability
 We can access our data / conduct our processing / use our communication
Capabilities when we want to
 Authorized users should be able to access data for purpose as necessary
For example :
payment orders regarding taxes should be made on time by the lax law
Data
Availability

12. Methodsforsecuring
thedatabase
Authorization – Privileges, vies.
Encryption – public key / private key, secure sockets.
Authentication – passwords.
Logical – firewalls, net proxies.

13. Securitycontrols
Type of Database Security controls :
1. Flow Control
2. Interface Control
3. AccessControl
 Flow controls regulates the distribution (flow) of information among
accessible objects. A flow between object X andY occurs when a
statement reads values from X and writes intoY.
 Interface control occurs when : a set X of data items to be ready by a user
can be used to get the setY of data.
 Access control in information system are responsible for ensuring that all
direct accesses to the system object occur base on models and rules fixed
by protection.

14. Conclusion
The goal of database security is to protect our critical and confidential data
from unauthorized access.
Each organization should have a data security policy, which is a set of high-
level guidelines determide by:
 User requirements.
 Environmental aspects.
 Internal regulations.
 Governmental laws.