Free «Database Security Management» Essay Sample
Table of Contents
Today in the world of business there is the need to have a well-equipped database that performs its functions efficiently. Information in any business needs to be kept safely because it might entail details relating to the purchase, supply and production methods of a particular product. This system must also entail particular production or development databases that contribute to the success of the application used in the company. In order to facilitate this, there are several security measures that should be considered so as to ensure confidential data is not vulnerable to any unauthorized individuals. This paper will look into detail on how Oracle databases are useful in the company and how the issue of database security management is vital.
Project Identification and Business Environment
Database security management has a huge role to play in ensuring the security of the data in the business. Its responsibilities involve maintenance of the database production. For instance, there is planning, creation of new databases, design and making necessary alterations in old databases. In addition, the management ensures that the company’s data is controlled and managed in the required manner. These responsibilities should be taken seriously. An efficient database security manager will ensure regular checkup on the tasks, identifying any errors and resolving any issues that may arise (Fennelly, 2012).
In case of a security breach, there are particular ways of managing a security incident. First, after getting the information about the incident the security officer in charge of that unit needs to contact the head of the department or the management of the security system. From here then the security officer needs to collaborate with other responsible employees in order to establish whether there it is necessary to inform other staff of the breach. In another incidence, for instance, the theft of a laptop, the security manager should inform the police immediately.
The procedures for administration of the security policies and their maintenance involve the integrity of accessing an account, protection of data, investigation of any incorrect use of system logs, licenses and contracts, and system backup. If the administrators of the system control the access accounts, then every activity should be undertaken on time, for instance, the creation of new accounts and deletion of old ones (Fennelly, 2012). Upon termination of employment, all the access accounts may be removed, and the existing ones undergo regular review and checkup. When it comes to license and contracts, the administration should ensure that every license is valid, and no copyright is copied. System backup should always be checked and implemented in order to ensure efficiency of the system.
Architecture and Operating System
The specific architecture to be used in the business is the Oracle Database architecture. The Oracle Database entails group of data that is considered a unit. It is regarded as the initial database created for the purpose of enterprise grid computing (Fennelly, 2012). This is a very cost-effective and flexible manner in which information could be managed. The enterprise grid computing establishes several industry-standards and servers. From this architecture different systems can be provisioned from the components. There are the physical and logical structures that are separate. Therefore, in case the physical storage is in use, the logical one can still be accessed. Grid computing is important in the reduction of cost of the information systems. It also facilitates the connection of the different software and hardware elements depending on the demand. With this in place, it can meet the different requirements of the business. The grid style of computing is beneficial in solving the challenges associated with the enterprise IT (Fennelly, 2012). There are different problems that could be experienced when using the enterprise IT. For instance, the issue of monolithic, presence of disintegrated and fragmented information that the business may not exploit.
The architecture makes use of client server that forms a network in which a particular computer on the network could be either a server or a client. The various components of the client server are the servers, clients and the communication networks. The clients represent the different applications that operate on a computer. They mostly depend on the server to access files, processing power and particular devices. The servers, on the other hand, represent the particular processes that aid in the management of the networks resources. In this case, there are the disk drives, network traffic and others devices like the printers that serve as the print servers. The communication networks assist in the connection of the server and the client.
User Accounts and Password Administration
For every user to access the database there must be a specific user name that is recognized (Furht, & Escalante, 2011). The users should also have an account that has all the information regarding them kept in the data dictionary. In the creation of the user account, there are particular features to be put into consideration. For instance, there are the user name, default table space, user profile, and authentication method. There are different user accounts developed to allow for database administration. However, the users are under security administrators who ensure that data is not destroyed or no damage is made to the database infrastructure. The security administrator also ensures that the users have no difficulty accessing the database by implementing the database security policy.
There are account policies that apply to the definition of a password that is safe for use in the system. There should be password history insistence because this will monitor the rate at which already used passwords are reused (Furht, & Escalante, 2011). This policy allows the administration to restrict users from selecting old passwords whenever they want to choose a new one. Users need to stop changing their passwords frequently. The other policy to be enforced is that of the duration of password usage. It is recommended that passwords must be changed all the time to prevent cases of hacking. For more efficiency in terms of security, the passwords should be those of minimal periods. In addition, the policy should state clearly the required length of these passwords. In most instances, the suitable length is 8 characters. This is because the shorter ones sometimes are easier to hack. There is the need for encryption of the passwords.
Privileges and Roles
Most users are granted privileges whenever they want to use the database information. Development of schema objects is made possible by the availability of these privileges. In addition, they are given so that the users can do the tasks required of them. In other instances, the excess nature of the privileges could tamper with the security system that is used. The most obvious of these privileges are the object and system (Furht, & Escalante, 2011). The object privilege allows the user to take part in a certain action on a single schema object. There are separate objects privileges depending on the available schema objects.
Other schema objects do not necessarily have a close connection with objects privileges and are controlled using the system privileges. They include indexes, database links, and the triggers. On the other hand, the system privileges ensure the performance of an action on various schema objects. For instance, the privilege could be in the form of creation of table space. Sometimes a privilege needs to be revoked or granted, and whenever it is granted to roles, then one can utilize these roles in the management of the system privileges.
Oracle facilitates quicker management of privileges through the roles. The roles are just but the identified groups of privileges that are related and are given to users. They are used to support the administration of the object privileges (Kuhn, 2013). In most cases, administrators use the roles in the database application. The database administrator ensures that a safe application role is granted mostly to other roles. Additionally, to assure adequate security and no breach of the system by an unauthorized user, the administration can develop a role that is protected with the password. Most businesses use roles to control the privileges of a particular user group or that of database application. In this policy, objects privileges should be given to the database roles or to a database user.
Database Security Operations
Databases are essential in most organizations even though most of the database securities usually leave out some important information that could be easily traced by hackers. For this reason, database logging is critical in ensuring that this security is maintained (Kuhn, 2013). Compliance needs should be put into consideration whenever a business wants to configure its database or control logs. Logs ensure that there is a constant monitoring of every activity within the IT system and, especially, with the information. It will facilitate easier detection of when or what data is breached and by whom. In addition, logs help in identifying the hacker whether he/she is an inside individual, in this case, the employee or an outsider.
The business would mostly want to involve the following logs. There is the use of database system starts, restarts and stops, system errors and failures, privilege alterations, and user logouts and logins. Hackers usually device new ways of breaching a database of a particular company and accessing confidential information whereby its security system has malfunctioned. For this reason, not ever manager can secure the database from all the hackers and this is where logins come in (Kuhn, 2013). They facilitate detection of the breaches in minimal time and even know the time and method in which the breach was conducted. Database log management is crucial and is becoming popular especially in ensuring database security. Every business management should always be on the lookout and know the individuals who access its database.
It is essential that the location and the time the users are accessing the company’s data are known. In most cases, the log monitoring and control consist of various activities. First, there is the collection of data from the log, especially when accessed through an agent. The next is the alerts that should be granted to the administration in order to always be aware of the activities. Transferring of the data from the logs is vital and should be taken to the central server where they will undergo analysis and examination (Malcher, 2011). In addition, there is the issue of reporting of the results of the analysis and storing these logs if they are deemed useful.
Monitoring the activities of users in the database is what is referred to as database auditing. Using the Oracle Database architecture has various advantages because it allows for the auditing of these activities. The precise actions include the database startups, shutdowns, and the privilege connections. The database audit process involves various activities. For instance, it starts with the scanning of the system to identify the applications functioning and failures. Then the audit is conducted to examine the usage of the model features and identify any vulnerability. The third step is to check the access to the database, followed by the examination of the authentications in the application. In case there are any additional database storage applications, the audit is also carried out there to identify any leaks of data without authorized permissions. After that, the results from the collections are reported in a well-defined format so that the report is well understood by the clients and the developers of the system (Malcher, 2011). This will aid in the correction of the mistakes of vulnerabilities in the system.
Data Isolation Policies
Data isolation is the process in which the data owner is granted all the control over this information. Mostly, the service administration could control a particular resource that the data administrators cannot. For this reason, data isolation may not be achieved in a situation where a separate team heads the service administration. There are particular legal requirements of whenever data isolation is conducted. Therefore, in case a person has a data isolation requirement then he or she must choose whether it will be from data or service administrators.
Database views are just but subsets of most of the database that have been displayed in a specific manner. In the case of database triggers, Oracle facilitates the identification of procedures that should be undertaken whenever a UPDATE or INSERT term is placed against a corresponding table (Malcher, 2011). The procedures mentioned are also known as database triggers. They are associated with stored procedures. The examples of these triggers could be SQL statements. They play a significant role in Oracle because they improve its efficiency and ensure that database management system is capable of doing its tasks as required by the business. For instance, a trigger can allow the DML operations on a table but it does this only if they are facilitated in the normal business hours. Triggers are frequently used for the prevention of incorrect transactions and assuring of the right logging into the system.
Additionally, they play a role in the Oracle architecture by ensuring that efficient auditing is guaranteed, grant column values and collect information about articular table access. The Oracle triggers are, however, different from the database triggers because they consist of Oracle Forms application and their firing happens whenever a certain trigger spot is implemented. These triggers consist of several arts namely, the trigger event, restrictions and the trigger action. The trigger event allows the firing of a trigger and is usually in the form of a statement. Trigger restriction, on the other hand, identifies a logical term that should be right in order for the firing of the trigger to be initiated (Stavroulakis, & Stamp, 2010). Lastly, the trigger action is the activity that entails the SQL term to be used. Oracle database allows the use of stored procedures which consist of SQL statements that function on a particular activity.
Physical Environment for Secured Databases
The Oracle Database provides backup and recovery alternatives that consist of physical and logical data protection and analysis of the data recovery. Physical protection entails recovery manager and the Oracle secure backup. Their aim is to ensure data security in a matter of hours or days. Logical protection, on the other hand, allows for protection of data in duration of minutes and entails flashback technologies. Database security involves giving permission to users to access the data base or not (Stavroulakis, & Stamp, 2010). Oracle architecture utilizes the security domains or the schemas in order to manage or restrict access to information by users.
Database security management is a complex process that most businesses face in order to secure their data. Majority of the IT systems in most companies are very vulnerable, and there is the need to improve the security of the system. It is clear that hackers are coming up with new ways of accessing the confidential information. There is the need to equip the system with security mechanism either physical or other methods, for instance, use of passwords and logins for the users. Oracle Database architecture is useful for most businesses because it increases the efficiency of the IT system (Stavroulakis, & Stamp, 2010). It allows the use of client servers that facilitate the functioning of the computer. The server and client are linked by the use of communications networks.
Oracle offers an efficient system that guarantees the protection of the company’s information. In case of any security incident, the procedures taken assist in the determination of the individual who breached the system. Additionally, it is important that every business carries out data audit in order to ensure its safety. This is the reason why database security management responsibilities are essential and should be considered seriously. The use of passwords and logins is vital in ensuring that no breach is easily undertaken (Stavroulakis, & Stamp, 2010). Logins help in knowing who accessed the system accounts and at what time. Thus, in case a hacker tries to hack the system, then he or she may be identified quickly.