Lecture 5 of course IT security is about Database Security, En. Mohd Zaki has started the lecture by explained the meaning of database security and their importance. According to En.Mohd Zaki, database security is the system, processes, and procedures that protect a database from unauthorized usage. Unauthorized usage includes data access by database users who should have access to part of database but not all parts. He also told us that a good database security management system must have the features of data independence, shared access, minimal redundancy, data consistency, data integrity, privacy and availability.
Furthermore, we have been told that there are four levels of enforcing database security which includes physical security, operating system security, DBMS security and data encryption. After listened to En. Mohd Zaki’s explanation, I understand that physical security is safekeeping of database storage, OS security is about access control matrix and capability list, DBMS security is about protection mechanisms and query modification while data encryption is about RSA scheme. These four levels of database security are important to control the disclosure of raw data, sensitive data, and confidential data and resolve data integrity problem.
En. Mohd Zaki told us that the most important part in the topic of database security is basic security requirements for database. Therefore, he had divided our class into group to discuss the 6 basic security requirements, and each group is required to write out their understanding of basic security requirement on white board. The result of class discussion is as below:
Physical database integrity
Backup. The data of a database is immune to physical problems, such as power failures and it is possible to reconstruct database if it is destroyed.
Logical Database Integrity
Design to reduce the redundancy, normalization. A modification to the value of one field does not affect other fields.
Element Integrity
Field check (input validation). To ensure data contain in each element is accurate.
Access Control
User privileges. User is allowed to access only authorized data and different users can be restricted to different modes of access.
User authentication
Username and password in database to verify the identity of someone to access database.
Availability
For distributed system or database, backup. User can access database in general and all the data for which they are authorized.
As the conclusion, database security is important to protect and secure information from hacker.
Furthermore, we have been told that there are four levels of enforcing database security which includes physical security, operating system security, DBMS security and data encryption. After listened to En. Mohd Zaki’s explanation, I understand that physical security is safekeeping of database storage, OS security is about access control matrix and capability list, DBMS security is about protection mechanisms and query modification while data encryption is about RSA scheme. These four levels of database security are important to control the disclosure of raw data, sensitive data, and confidential data and resolve data integrity problem.
En. Mohd Zaki told us that the most important part in the topic of database security is basic security requirements for database. Therefore, he had divided our class into group to discuss the 6 basic security requirements, and each group is required to write out their understanding of basic security requirement on white board. The result of class discussion is as below:
Physical database integrity
Backup. The data of a database is immune to physical problems, such as power failures and it is possible to reconstruct database if it is destroyed.
Logical Database Integrity
Design to reduce the redundancy, normalization. A modification to the value of one field does not affect other fields.
Element Integrity
Field check (input validation). To ensure data contain in each element is accurate.
Access Control
User privileges. User is allowed to access only authorized data and different users can be restricted to different modes of access.
User authentication
Username and password in database to verify the identity of someone to access database.
Availability
For distributed system or database, backup. User can access database in general and all the data for which they are authorized.
As the conclusion, database security is important to protect and secure information from hacker.
No comments:
Post a Comment