Database Security
Journal of Information Technology Education:
Innovations in Practice
Volume 9, 2010
Database Security: What Students Need to Know
Meg Coffin Murray
Kennesaw State University, Kennesaw, GA, USA mcmurray@kennesaw.edu Executive Summary
Database security is a growing concern evidenced by an increase in the number of reported incidents of loss of or unauthorized exposure to sensitive data. As the amount of data collected, retained and shared electronically expands, so does the need to understand database security. The
Defense Information Systems Agency of the US Department of Defense (2004), in its Database
Security Technical Implementation Guide, states that database security should provide controlled, protected access to the contents of a database as well as preserve the integrity, consistency, and overall quality of the data. Students in the computing disciplines must develop an understanding of the issues and challenges related to database security and must be able to identify possible solutions.
At its core, database security strives to insure that only authenticated users perform authorized activities at authorized times. While database security incorporates a wide array of security topics, notwithstanding, physical security, network security, encryption and authentication, this paper focuses on the concepts and mechanisms particular to securing data. Within that context, database security encompasses three constructs: confidentiality or protection of data from unauthorized disclosure, integrity or prevention from unauthorized data access, and availability or the identification of and recovery from hardware and software errors or malicious activity resulting in the denial of data availability.
In the computing discipline curricula, database security is often included as a topic in an introductory database or introductory computer security course. This paper presents a set of sub-topics that might be included in a database security
Innovations in Practice
Volume 9, 2010
Database Security: What Students Need to Know
Meg Coffin Murray
Kennesaw State University, Kennesaw, GA, USA mcmurray@kennesaw.edu Executive Summary
Database security is a growing concern evidenced by an increase in the number of reported incidents of loss of or unauthorized exposure to sensitive data. As the amount of data collected, retained and shared electronically expands, so does the need to understand database security. The
Defense Information Systems Agency of the US Department of Defense (2004), in its Database
Security Technical Implementation Guide, states that database security should provide controlled, protected access to the contents of a database as well as preserve the integrity, consistency, and overall quality of the data. Students in the computing disciplines must develop an understanding of the issues and challenges related to database security and must be able to identify possible solutions.
At its core, database security strives to insure that only authenticated users perform authorized activities at authorized times. While database security incorporates a wide array of security topics, notwithstanding, physical security, network security, encryption and authentication, this paper focuses on the concepts and mechanisms particular to securing data. Within that context, database security encompasses three constructs: confidentiality or protection of data from unauthorized disclosure, integrity or prevention from unauthorized data access, and availability or the identification of and recovery from hardware and software errors or malicious activity resulting in the denial of data availability.
In the computing discipline curricula, database security is often included as a topic in an introductory database or introductory computer security course. This paper presents a set of sub-topics that might be included in a database security
References: (2009). The 2009 data breach investigations report. Verizon Business. Retrieved January 31, 2010, from http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf Bertino, E., Byun, J., & Kamra, A. (2007). Database security. In M. Petkovic & W. Jonker (Eds.), security, privacy, and trust in modern data management (Data-centric systems and applications) (pp Bertino, E., & Sandhu, R. (2005). Database security—concepts, approaches, and challenges. IEEE Transactions on Dependable and Secure Computing, 2(1), 2-18. Defense Information Systems Agency. (2004). Database security technical implementation guide, 7(1). Department of Defense. Retrieved January 31, 2010, from http://www.databasesecurity.com/dbsec/database-stig-v7r1.pdf Guimaraes, M. (2006). New challenges in teaching database security. Proceedings of the 3rd Annual Conference on Information Security Curriculum Development, Kennesaw, GA, USA, 64-67. Jaquith, A. (2007). Security metrics: Replacing fear, uncertainty, and doubt. Redwood City, CA: AddisonWesley Professional. Knox, D. C. (2004). Effective Oracle database 10g security by design. New York: McGraw-Hill/Osborne. Phifer, L. (2010). Top ten data breaches and blunders of 2009. eSecurity Planet, February 10. Retrieved from http://www.esecurityplanet.com/features/article.php/3863556/Top-Ten-Data-Breaches-andBlunders-of-2009.htm Ponemon, L. (2009). Fourth annual US cost of data breach study. Poneomon Institute sponsored by PGP Corporation Steinke, M., Huk, T., & Floto, C. (2003). Helping teachers developing computer animations for improving learning in science education Education International Conference, Chesapeake, VA, 3022-3025. Yang, L. 2009. Teaching database security and auditing. Proceedings of the 40th ACM Technical Symposium on Computer Science Education, Chattanooga, TN, USA.