Discussion – Database Security
Databases store information that is used by organizations, individuals, and governments. Information in a database is intended for use by authorized personnel (Gahlot et al., 2017). Therefore, information must be protected from unauthorized persons by implementing certain security controls. To protect data in a database, possible security risks must be documented and mitigated. For example, database attacks and threats must be prevented. Database attacks include active and passive attacks. An active attack is carried out by altering the contents of a database (Gahlot et al., 2017). This would be dangerous, especially when the data is used to support decision-making processes. In a passive attack, attackers see the contents of the database but do not tamper with it (Gahlot et al., 2017). Database threats include excessive privileges, privilege abuse, platform vulnerabilities, SQL injection, denial of service, and backup exposure (Gahlot et al., 2017). Excessive privileges might compromise data security because database users who have more rights than required might gain access to confidential information. With excessive rights, users could cause data security breaches as a result of privilege abuse. Platform vulnerabilities occur when a database is hosted on a platform that is more vulnerable to security risks (Gahlot et al., 2017). Through SQL injection, attackers can send SQL queries and have them executed to cause the database to behave in a particular manner. The denial of service attack is where attackers cause database resources to be unavailable to authorized database users (Gahlot et al., 2017). Backup exposure is when the database backup is inadequately reinforced, and the attackers are able to exploit it. If the above threats and attacks are mitigated, there would be fewer chances of database insecurities. Therefore, this research will detail how to prevent database exploitation with respect to the mentioned database attacks and threats.
To maintain data confidentiality in a database, access controls must be implemented (Jain & Chawla, 2020). The controls would ensure that authorized users can only access the data they require. Consequently, the problem of excessive privilege would be solved. For example, in an organization, customer service staff would access different data compared to finance department staff. This would ensure that users do not access data they do not require for their job function. Another control would be to ensure that only authorized persons can change or update the contents of the database (Jain & Chawla, 2020). Those not authorized to change content could be assigned reading rights that would enable them to conduct their job. Users should have unique usernames and passwords that allow them to log into the database (Gaikwad & Raut, 2014). They should also be educated on the importance of keeping their passwords a secret by not sharing them with colleagues. A policy should be implemented to always remind staff what is required of them when using the database (Gahlot et al., 2017). It should also outline the penalties for not observing the required control measures. With such controls in place, an organization would be one step closer to securing data in its database.
SQL injection attacks could be avoided by evaluating SQL syntax to avoid the execution of harmful SQL queries (Jain & Chawla, 2020). The positive SQL scripts could be marked to ensure that the harmful ones are easily identified. This would be efficient in blocking SQL injection, which could give full database control to attackers. Data could also be evaluated based on their source (Jain & Chawla, 2020). For example, data provided by the system could be flagged as safe compared to data provided by users. Therefore, all data provided by users should be evaluated to ensure no SQL injection scripts are provided or executed. The evaluation could include checking for grammar in user-provided data (Jain & Chawla, 2020). Anything that resembles SQL scripts could be flagged and then evaluated. This would be necessary, especially when a user does not have the privilege to write or provide SQL scripts for the database. For example, when a user only has read privileges but tries to bypass the privileges through issuing scripts. According to Jain and Chawla (2020), evaluating data before it is used in the database has been an effective way of avoiding SQL injection attacks. Therefore, this should be employed in all databases.
Data encryption is another mechanism that could be used to protect data in a database (Jain & Chawla, 2020). It converts plaintext into coded text. This ensures that data cannot be read by unauthorized persons. The key used to encrypt data is required to decrypt the data. Therefore, only persons who have the decryption key can understand the data. For example, passwords would be unsafe if they were stored in plaintext. Anyone could see them and know what the password of a certain user was, as opposed to when the passwords are stored in coded text. Backup data could also be encrypted to ensure that it is not tampered with and that whenever the data is required for database recovery, it would be available (Jain & Chawla, 2020). Such data could be stored on a physical external hard drive or the cloud. Different data storage systems could have distinct data encryption to ensure that if one storage is compromised, the other is still secure (Jain & Chawla, 2020). Organizations are required by law to uphold data confidentiality; therefore, encrypting data would help an organization avoid lawsuits. The use of database data by third parties should also be regulated to protect data confidentiality. For example, service providers could be required to sign documents that bind them to uphold data confidentiality.
Figure 1: Database Security Model
The above figure illustrates how database security can be implemented. A user is required to log into the database. His credentials are authenticated, and privileges are assigned. For example, a user could have read or write privileges. A user with read privilege can only view the contents of a database. The one that has write privileges could read and write into the database. When a user writes into the database, the data is evaluated for SQL injection before it is executed. After execution, the data is encrypted and stored in the database. Such a model would ensure that only authorized persons access the database. The authorized persons would only use the database based on their privileges. SQL injection would be avoided because data would be evaluated before execution. All data stored in the database would be encrypted to ensure that unauthorized persons cannot read it. With such a model, it could be possible to see the activities of all database users and take action where needed.
References
Gahlot, S., Verma, B., Khandelwal, A., & Dayanand. (2017). Database Security: Attacks, Threats and Control Methods. International Journal of Engineering Research & Technology (IJERT), 5(10), 1-4. https://www.ijert.org/research/database-security-attacks-threats-and-control-methods-IJERTCONV5IS10011.pdf
Gaikwad, T. R., & Raut, A. B. (2014). A Review on Database Security. International Journal of Science and Research (IJSR), 3(4), 372-374. https://www.ijsr.net/archive/v3i4/MDIwMTMxMjc3.pdf
Jain, S., & Chawla, D. (2020). A Relative Study on Different Database Security Threats and their Security Techniques. International Journal of Innovative Science and Research Technology, 5(1), 794-799. https://www.researchgate.net/publication/339324563_A_Relative_Study_on_Different_Database_Security_Threats_and_their_Security_Techniques
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Discussion – Database Security
Considering the importance of data in an organization, it is absolutely essential to secure the data present in the database. What are the strategic and technical security measures for good database security? Be sure to discuss at least one security model to properly develop databases for organizational security. Create a diagram of a security model for your research paper.
Your paper should meet the following requirements:
Be approximately 4-6 pages in length, not including the required cover page and reference page. (Remember, APA is double spaced)
Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
Support your answers with the readings from the course and at least two scholarly journal articles to support your positions, claims, and observations addition.
Be clear and well-written, concise, and logical, using excellent grammar and style techniques. You are being graded in part on the quality of your writing.
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.