Research Paper
Spencer Zindel
Liberty University Online
BMIS 325
8/01/2015
Abstract
Database security is vital for any and every organization which uses databases. Without proper security, the databases can be breached and the breaches can lead to confidential information being released. This has happened to many organizations whether they are large or small; for example, in the past few years Target and Sony both fell victim to database breaches. To make matters worse both Target and Sony were actually warned about the flaws in their security, but neither took any action to resolve the flaws. Looking into these breaches and how they were handled could lead to designing better databases. Organizations should also look within themselves to assure all employees know good security practices. Simply following regular procedures such as installing antivirus software and firewalls can help create more secure databases. An organization should look at all of their databases to ensure the same top level security is established for all of their databases. Introduction
With advances in technology constantly happening, it can be hard to keep up with all of the latest trends. If organizations cannot keep up with the latest trends, it can lead to flaws in their security. Any flaws in security can have a detrimental effect on an organization’s database. Almost every organization has some sort of database, whether it is for maintaining customers, inventory, or vital information.
Because technology is consistently growing and changing, preventative measures must include flexibility to allow for change and growth. Without these considerations, a business could jeopardize themselves by restricting the ability to expand or even update the systems with necessary security patches. Preventative measures should include future growth. As technology grows, risks increase. Protection mechanisms will change as new threats are introduced to business as well as new legislations. Many security standards are based on data protection regulations and as laws change or new laws are introduced, information technology is the most costly element in ensuring compliance. There could be costly ramifications with poor planning.
The departments of a company that are holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).
Confidentiality and information security are the key aspects for an organisation. So an organisation must make sure that it preserves these along with integrity. Any information even if it is a little one, if lost can lead to the non-existence of the organisation.
Data security; affinion security center augments data breach solution. (2012). Information Technology Newsweekly, , 91. Retrieved from http://search.proquest.com/docview/926634711?accountid=458
Upon analyzing the security risk for each new requirement, we used the value points ranging from 1, 2, 3, 5, 8, 13, 20, 40, and 100 of the asset in the database table. We then determined the ease points using criteria for easiest to hardest to attack. With ease of attack values and values of asset, we could determine which requirement was more vulnerable calculating the
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.
There are many ways an organization can make sure they are implementing efficient security. My recommendations for protecting our information include issuing security certificates and other stored data, encryption of health information that is being exchanged across the networks, and check the authentication of the users that are accessing our information on the exchange.
Firstly I will like to talk about the Microsoft SQL Server. According to Vincent (July 2010) Microsoft SQL Server is a relational database managing software developed by Microsoft. Since many years back (1989) the SQL Server has been experiencing a lot attacks. For example
Now a day, companies are focusing and investing more on IT security, where the company’s and customers’ personal and financial information managing and storing. Certainly, more cost involves in this process. Companies who failed in security breach prevention paid and paying huge amount. Example for this is Target. This multinational grocery stores company’s data breached in 2013 this affecting its business. Furthermore, by 2015 nearly 1000 Target employees lost their jobs and the company is facing legal suits from bankers and customers.
As technology grows and information has become a critical asset companies currently are devoted their resource and money to protect their data as important as their finance and human resource assets.
While all of these technologies have enabled exciting changes and opportunities for businesses, they have also created a unique set of challenges for business managers. Chief among all concerns about technology is the issue of information security. It seems to be almost a weekly occurrence to see a news article about yet another breach of security and loss of sensitive data. Many people will remember high profile data breaches from companies such as T.J Maxx, Boston Market, Sports Authority, and OfficeMax. In the case of T.J. Maxx, a data breach resulted in the loss of more than 45 million credit and debit card numbers. In many of these incidents, the root cause is a lack of adequate security practices within the company. The same technologies that enable managers can also be used against them. Because of this, businesses must take appropriate steps to ensure their data remains secure and their communications remain
It is every company mandatory requirement to make sure sensitive data is protected from public access at all times. In large organization sensitive information such as employee salary and performance should be kept confidential from most of the DBA users. For this DBMS uses database security and authorization subsystems that is responsible for security to the portions of database or to restrict the access to the sensitive information.
Databases are normally used by businesses and schools to store their data. These databases are kept secure, and users can only access the information stored on the database they have been granted access to. Now data is added to, accessed, or remove from a database using languages such as SQL (Structured Query Language), MYSQL (My Sequel), etc.
Organizations, on the other hand, are prime targets for social engineering attacks. As technological changes moves at such a rapid rate, many companies, especially, small businesses struggle to keep pace, and policies and procedures are developed haphazardly, if at all. However, information security poses a great risk and must be addressed if organizations are to avoid a range of unpleasant side-effects and sometimes significant financial losses. A 2007 study conducted by the Ponemon Institute on security breach revealed that “average total cost per reporting company was more than $6.3 million per breach and ranged from $225,000 to almost 35 million”. Moreover, according to an article published in one of the leading Information Security Magazines “85% of organizations experienced a data breach in 2008” (Raymond.Al, 2009).
a significant amount of data security breaches are due to either employee oversight or poor business process. This presents a challenge for businesses as the solution to these problems will be far greater than simply deploying a secure content management system. Business processes will need to be examined, and probably re-engineered; personnel will need to be retrained, and a cultural change may be required within the organization. These alone are significant challenges for a business. A recent example of what is probably unintentional featured an Australian employment agency’s web site publishing “Confidential data including names, email addresses and passwords of clients” from its database on the public web site. An additional