Abstract
Data is one of organisations most important assets, therefore steps need to be taken to protect it. Security generally has three aspects to it: physical security, software security and procedures. With physical security the main issue is how to protect the servers and infrastructure from damage or loss. This may range from a catastrophic event affecting the data centre through to someone stealing the actual server. It also includes how to recover operations if there is a major incident. A more recent physical security threat has emerged from the increase in use of mobile devices. Loss and theft of these devices which may contain sensitive information or have the ability to automatically connect to sensitive systems has been a growing problem for some time. Software security is the more important security consideration on a day to day basis. Many databases have internet access to them, although this is usually through another server. It is however where most threats come from. Keeping virus checking and firewall software up to date will prevent most external attacks but internal abuse of user privileges also needs to be considered. The final aspect is the procedures which are in place. These will also have an impact on how physical and software security is implemented and maintained. Questions to ask are what procedures are in place, are they adequate and how are these audited. A major component of this is a risk register which needs to be regularly updated and reviewed.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ComputerWorld UK (2013) Loss and theft of mobile devices costs the BBC over £750,000 in three years. http://www.computerworlduk.com/news/mobile-wireless/3441452/loss-and-theft-of-mobile-devices-costs-bbc-over-750000-in-three-years/. Accessed 28/07/2013
Kost S (2007) An introduction to SQL injection attacks for Oracle developers. Integrity white paper. http://www.integrigy.com/files/Integrigy_Oracle_SQL_Injection_Attacks.pdf. Accessed 30/07/2013
Oracle Corp (2012a) Oracle® database security guide 10g Release 2 (10.2) B14266-09. Available on line at docs.oracle.com/cd/B19306_01/network.102/b14266.pdf. Accessed 02/05/2013
Oracle Corp (2012b) Oracle® database security guide 11g Release 1 (11.1) B28531-19. Available on line at http://docs.oracle.com/cd/B28359_01/network.111/b28531.pdf. Accessed 28/07/2013
Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on computer and communications security, pp 199–212. Available at http://www.cs.cornell.edu/courses/cs6460/2011sp/papers/cloudsec-ccs09.pdf. Accessed 15/05/2013
Scalet SD (2009) 19 ways to build physical security into a data center. http://www.csoonline.com/article/220665/19-ways-to-build-physical-security-into-a-data-center. Accessed 09/04/2013
Shinder D (2007) 10 physical security measures every organization should take. http://www.techrepublic.com/blog/10-things/10-physical-security-measures-every-organization-should-take/. Accessed 28/07/2013
Further Reading
IBM (2013) Database ACL settings. Available online at http://publib.boulder.ibm.com/infocenter/sametime/v7r5m1/topic/com.ibm.help.sametime.imlu.doc/st_adm_security_usertypeacl_c.html. Accessed 02/05/2013.
LSoft Technologies (2013) Active@ Kill Disk—Hard Drive Eraser. http://download.cnet.com/Active-Kill-Disk-Hard-Drive-Eraser/3000-2092_4-10073508.html?tag=mncol;2. Accessed 28/07/2013
SQL Server (2012) Security and protection (database engine). Available on-line at http://msdn.microsoft.com/en-us/library/bb510589.aspx. Accessed 28/07/2013
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag London
About this chapter
Cite this chapter
Lake, P., Crowther, P. (2013). Security. In: Concise Guide to Databases. Undergraduate Topics in Computer Science. Springer, London. https://doi.org/10.1007/978-1-4471-5601-7_12
Download citation
DOI: https://doi.org/10.1007/978-1-4471-5601-7_12
Publisher Name: Springer, London
Print ISBN: 978-1-4471-5600-0
Online ISBN: 978-1-4471-5601-7
eBook Packages: Computer ScienceComputer Science (R0)