Introduction
Recently, using computers has become a necessity in the business world and are used to store sensitive organizations data. Database security has, therefore grown a lot of concern as the amount of data stored by different companies keeps increasing. Attackers, on the other hand, keeps coming up with new ways to gain illegal access to these data. This, therefore, calls for database security mechanisms to ensure consistent, controlled access and protection to database contents while preserving the general quality of the data. The main objective of database security is providing legal users to access database systems at the right time and perform authorized activities. Mechanisms for securing data in computer systems include topics in physical and network security, authentication as well as encryption. Database technologies are thus a vital component of any computer system since they allow information to be stored and exchanged via electronic methods. This paper aims to discuss the lessons learnt from the project in creating a database security culture.
Lessons Learnt
Some of the things learnt from this project is that as long as database systems exist there will always be vulnerabilities to these systems that can lead to possible intrusions or unauthorized access to any organizations’ sensitive information. According to Ali (2011), “There is no database that can be created that will keep out every attack. We also know that attackers will always try to gain access to any company” (p. 26). For instance, technology has advanced lately, and this creates a need for internet and file security. There is also increased use of computers by most business firms which implies that huge sizes of information are stored some of which are confidential and sensitive hence should not be exposed to unauthorized access. It is, therefore, necessary for business organizations to take precautions by ensuring that various security measures are taken by users within and out of the company to protect the databases. The reason why database security measures need to be considered is to minimize the risks that a company can be exposed to in case of possible attacks. It is therefore very significant for organizations to maintain an attack free environment. Ali also says in his article that “Companies should recommend providing their employees with the best firewalls available to their employees working outside the office” (p. 26). Not just for employees that work away from the office but to maintain a sustainable database security culture organizations should provide their workers with the best firewalls in their computers to prevent any intrusion.
Database attacks do not only mean using the technical means to gain access into databases, but more straightforward ways like social engineering can also be used. Social engineering refers to a malicious act that can be achieved through human interactions. It involves the act of using psychology into tricking users into disclosing sensitive organization information. Some of the other threats related to databases include computer viruses, hacking of passwords, and identity theft. Murray (2010) states that “Database security is built upon a framework encompassing three constructs: confidentiality, integrity and availability” (p. 63). This, therefore, implies that any database security measure should aim protective the three aspects of data that is integrity, confidentiality and availability.
Maintaining a database security culture in an organization involves creating employee awareness and training them on matters concerning database security. Employees should be prepared to develop security practices like using strong passwords, backing up of system information, and using antiviruses (Ali, 2011). Another strategy used to maintain security culture is by performing assessment tests on database systems. Ilic et al. (2011) stated that “In order to achieve high-rated secure systems, a flawless penetration testing must be performed” (p.476). The web environment is very prone attacks presently (Hariton et al., 2011), and considering the fact that most database systems are deployed on the web, it is essential to evaluate the vulnerability of a database system. An example of an attack that is common on databases accessed via the internet is SQL injection which can be counteracted by means of input validation.
Also learnt were how important system auditing is an essential practice in ensuring a database security culture. Database audits using log files and audit tables proved to be necessary for identifying the users that gained access to a database, the actions they performed and modifications made. Additionally, various access control mechanisms are critical to ensuring database security culture is maintained. Saini and Garg (2013) support this by saying that “A stable identification system is a critical component in several applications that contribute their services correctly to genuine users.” A database access control is achieved by limiting its access to specific users based on their roles and job positions and granting or revoking access rights and privileges.
Conclusions
In conclusion, no database system is in good shape, and that cannot be subjected to malicious attacks. This means that a database security culture is vital for any organization. Various ways of ensuring a sustainable database security culture are maintained by training employees on means of maintaining the security of their systems like using strong login passwords, backing up information and many others. Organizations also need to create continuous database security through performing audits, assessments and access control strategies. All these mechanisms will lead to better and well-sustained database security culture.
