Database Security Requirements
Database Security requires the following:
1. Ethical and social culture of the employees of the organization should forbid an individual from obtaining something by unfair means and forcibly entering into an organizations computing facility. Legislation and security laws that make it illegal to obtain unauthorized access to an organization’s computer systems should be implemented.
2. Computers and terminals should be kept locked and their access should be limited to authorized users. Physical storage devices such as magnetic tapes and disk drives should be secured both within the organization and while they are being sent from one location to another.
3. Usernames and passwords should be kept confidential. The database administrator determines whether a user should be given the privilege or not and if yes, what privileges should be given.
4. The operating system should have some built-in safety features such as the identification and authentication of users. It avoids direct access to data in primary files, memory access as well as resource management including thread synchronization.
Protection of Hardware equipment is another important step towards enhancing security. Following are some of the measures to be followed in this direction:
1. Highly critical hardware components such as magnetic tapes, etc. It must be placed in locked and secure rooms.
2. Physical access to computers, network equipment and data storage areas should be limited.
3. Database servers should be kept in a separate room and be made accessible only to the Database Administrator (DBA).
4. Data transform media should be kept covered and protected to ensure that they can’t be tapped.
5. Organizations storing databases in workstations should keep a spare computer for use in an emergency. The backup computer may be an additional CPU or the complete computer system goes down due to any unforeseen reasons.
6. Provision for auxiliary power supply such as UPS (Uninterrupted Power Supply) that can be called upon if mains power fails, must be made.
7. Arrangements must be made for fire extinguishers within the vicinity of the computer system. All people should be trained to operate fire extinguishers.