This sample will let us guide you about:
- Explain security risks in database systems
- Discuss database terminology and categories of control
Task -1
Understand the broad range of information security controls to protect the databases.
1.1 Explain security risks in database systems
- SQL injection attacks - SQL injection is the main risk and this attack is executed by entering a query into a SQL form, and if the database interprets the result as âtrue' it permits the access to the database (Nasereddin and et. al., 2023). These sort of attacks commonly targets relational database management systems (RDBMS) which is based on the SQL programming language. A successful attack would offer an attacker free hand for everything which is the part of database.
- Malware - One of the main security risks for the database system is malware which is designed to target vulnerabilities on a network, providing permit to a database, or causing damage to it. These sort of vulnerabilities relate to the unprotected endpoints on a network which can be ruined through range of various attacks. It is very important to determine the attack surface of a network for IT teams to protect against malware attacks. The attack surface referred to the number of network vulnerabilities that can be targeted by the cybercriminal.
- Poor Auditing- The lack of auditing practices or poor auditing can present a open opportunity to the cybercriminals, rendering the database non-compliant with regulations of data security. Organisations are necessarily to register all events that take place on a database server and makes sure that auditing should be conducted regularly. A failure of application effective auditing procedures intensify the chances of a successful cyber attack. However it is also essential that any automated software of auditing does nit effect the overall performance of the database.
- Misconfiguration - Due to the misconfiguration databases remains unprotected and these attacks of misconfiguration generally caused because of unprotect databases when certain parameters and accounts remain unchanged from their initial default settings (Shen, 2023). By utilising these defaults, an attacker who have advance knowledge and experience can gain access. This is the main reason why businesses need to ensure their databases must managed correctly. An expert should conduct the database management, whether this is an in-house professional or an external cyber security organisation. you can take Economics Assignment Help.
1.2 Evaluate the effectiveness of information security concepts and tools in protecting databases.
The concepts of information technology are confidentiality, integrity and availability. These concepts are related to protecting the databases such as information, authorization and non-repudiation. These concepts helps in protecting the databases and are explained below:
- Authentication - This is considered as a process of confirmation that whether the user login only in accordance to the provided rights to them in order to perform the activities of database. A specific user can login only up to the privilege he/she have but cannot access to the other sensitive data. By using authentication, the privilege to accessing the sensitive data will be restricted.
The tool of information security to protect the data are:
- Firewall - Firewall is the first line of defence and it protects the unwanted traffic, including the viruses from entering the system or network. Firewalls can also protect ports which are accessible, bounding the attack surface that a fraud or hacker can have if they manage to breach
- Data loss prevention -This tool keep the record of servers, network and workstations as well to assure that information which is sensitive is not removed, moved or copied (Jadhav and Chawan, 2019). It will also record the person executing the action so there is greater insight in to be in charge to breach the company firewall.
Task 2
Understand kinds of database categories of control
2.1 Discuss database terminology and categories of control
The database terminology is the various terms utilised to help understand the processes and parts of a database. There is terminology associated to the database structure which consist of tables, columns , rows and others. The terminology is explai