Based on what you've learned, imagine that you need to create a maintenance and security plan for the your database.
In a 2-3 page document, explain at least 3 measures you would put in place to safeguard this database against internal and external threats discussed in this module.
Explain in detail how each measure safeguards or minimizes each threat. Security is one of the most important issues facing database administrators. The fact that databases contain data that is considered private and used to make important business decisions makes it attractive to those who wish to use it to do harm.
When it comes to security, the following should be considered:
Confidentiality - Is the data kept private and secured? Integrity - Is the data accurate and protected from unauthorized modification and/or destruction?
Availability - Is the data accessible whenever needed by the organization and protected from events that affect availability, such as power outages or crashes? These days, we rely so heavily on the Internet to communicate and share information, but it also makes companies, consumers, and end users highly vulnerable to various threats. Threats can be categorized into 2 categories, external and internal.
Some examples of external threats include: Hacking by someone who has programming knowledge and experience to exploit vulnerabilities in the application.
Some hackers do this for personal gain, while others are motivated by a desire to do harm. Physical threats refer to those when a building or locked location is vulnerable, or if a logged in computer is left unlocked. Examples of internal threats include: Any employee with access to an application or system can be considered a threat because they can do intentional damage, share unauthorized information, or misuse a system.
Power outages or failures. Equipment failures. Natural disasters, such as fires, floods, tornados, hurricanes, and so on. A database administrator must maintain security and functionality of the database, while protecting it from internal and external threats. The first step is awareness of all possible threats within the environment. Some perform annual risk assessments to ensure that no threats are overlooked. Risk assessments involve researching various possible risks to the database and system, and ranking each on a specific scale, such as 1 to 10, 1 being low, and 10 being the highest possible risk.
Once all categories have been assessed, the administrator must determine the risks with the highest scores and prioritize them. Once they are prioritized, a plan must be created to address each item and minimize the risk level as much as possible. One possible item that may come up during a risk assessment is the ability to quickly recover from one or more of the internal and/or external threats discussed earlier. If the risk value is high, then the administrator must determine a plan to minimize the risk of these potential threats affecting every day and long term business.
For example, if an employee must be granted access to specific parts of the database, a way to minimize risk is to limit access as much as possible, but at the same time just enough so the employee can perform the task needed.