Consequences of Security Threats in Database Management Systems
Security is the most important concern which should be considered seriously and it is the basic requirement for designing a database. Security issues may occur due to different reasons like design flaws, programming bugs, etc. There are many security risks to database systems like unauthorized access, malware infections, physical damage, data corruption, etc. In this paper some examples of assumptions in quantitative research are provided. Moreover, the paper reveals the purpose of the study, its background, methology and more.
Background and Purpose for the Study
The database contains the most valuable, explicit, government, banking, and economic information. It is very critical to protect the database against all possible security threats. According to the latest research paper, Various techniques have been proposed to preserve a certain degree of confidentiality and solve the downstream database scenarios by still allowing them to execute SQL queries efficiently. Security is an important attribute that must be considered as a fundamental requirement in information systems development and database design. Therefore security in Database systems, as a further quality property of software, must be tackled at all stages of the Software development life cycle. Any proposed security model should permit the classification of information based on confidentiality, and provide mandatory access control.
The main assumption of this study is to provide a brief description of the challenges related to security in the database management system. Because database security is most important for both large scale and small scale organizations, lack of security may result in giving chance to hackers to unauthorized access to the database. But the fact is hackers do not care about the organization whether it is large or small they just focus on the vulnerabilities to exploit. Small organizations that lack security knowledge do not focus on security which results in poor security practices that allow hackers to exploit.
Research assumption: 'What are the consequences of security threats in Database management systems?'
Limitation and Delimitation for the Study
I don’t have prior experience in the topic which I have selected is one of the limitations which I face because it consumes a lot of time to complete my work Collecting topic related data is tough as many of them will not have access to all the resources. And few of articles do not have in-depth information that is needed for research.
I used to browse the internet searching for my topic and learn the things from the internet and the latest news related to my topic so that I will have an overview of the topic as it is compared to real-time examples. When searching for the topic in the booth library I used keywords that help me to find the articles easily. The research focuses on the methods used to provide security to the database to prevent data loss which is considered a serious problem nowadays.
Nature and Significance of the Problem
The protection of databases from intentional or unintentional threats is really important. These threats may be from hackers as well as insiders. Compromising in security will leads to data loss which would affect the day to day operation of the organization and performance of the organization. Unavailability of databases due to data loss for a few minutes may result in serious losses to the organization. For example, an unprotected server containing over 400 million records of Facebook users was identified by giving access to hackers which reveled user id, phone numbers, names, gender, locations.
Meanings of the main definitions of the study:
- Authentication: security in database management systems includes authentication. It is a process of verifying the user credentials from the stored information in the database and permitting only authorized users access to the data, networks and database platform.
- Encryption: database security can include access restriction protocols, secure management, protection of encryption system keys and management of secure, off-site encryption backup.
- Access: access controls authenticate the valid users and applications, limiting what they can access in your database. It includes designing and granting valid user attributes and roles in limiting organizational privileges. A primary outcome of security in database management is an effective limitation of access to the data.
- Backups: data backup is a major aspect of your database security protocol and it makes duplication of data and stores in a different system. In the case of hardware failures, data corruption, theft, hacking or natural disasters, database backup can be used to recover the lost data.
- Application Security: application security framework and database measures can help protect against commonly known attacks that can evade SQL injection and access controls.
- Database Auditing: auditing helps to detect, prevent and reduce the overall impact of unauthorized access to a relational database management system. Auditing as part of a database security protocol delivers centralized oversight of the database.
Methodology and Theoretical Framework
This study uses a similar contextual analysis as a methodology. Also, this exploration uses the benefits connected to the utilization of relative contextual investigations in the discussion of the subject, Security issues in database management. Information dealing with this research topic is in abundance. The way that this research previews other preceding researchers gives it an added advantage. It finds out various data set forward, which manages Security in Database management systems. Qualitative Research is an exploratory strategy that can understand human behavior, groups or individuals. Cambra-Fierro and Wilson have considered that qualitative studies can create a substantial result through a well-documented information collection and research process. In this way, a qualitative method was suitable for my study, since I used a multicase study structure and talked with members to explore the information security to addresses the research question.
Quantitative researchers analyze relationships between test theories and variables. Goertz and Mahoney showed that probability and statistics are the basic components of quantitative research. The success of quantitative research based on the study of statistical data and the extent to which the findings are generalizable.
The main security issues in database management systems are data quality, data masking, inconsistent data, protecting data, data confidentiality and storage of data. These are mediating variables and below is the description that explains each mediating variable.
- Inconsistent Data
Maintaining accurate data is the biggest problem for companies. Consistency is an important property for databases. The presence of inconsistent data may lead to a negative effect on the results To achieve this, usage of data cleaning tools plays a key role in maintaining data consistent .so that these tools help to detect and remove the inconsistent data if possible. The rank-based strategies are used for cleaning inconsistent data in spatial databases. Business owners, managers need to access the database very frequently So they should ensure regular database cleaning and maintenance.
- Protecting Data
Database security is a serious problem faced by many organizations. To protect the sensitive data against any threats data should be stored in encrypted form. Encrypting data mainly aims to make data unreadable to unauthorized readers and it should be extremely difficult to decrypt when attacked. Encryption keys management is also an important factor to be considered while ensuring database security. There are two solutions to data encryption one is encrypting data using DBMS and encrypting data outside DBMS using dedicated cryptographic servers. The database contains the most important valuable personal data and it is very critical to protect data against all potential risks. Crypt DB is a new database management system to protect data confidentiality while preserving it by efficiently executing some SQL queries.
- Data Confidentiality
The theft of private information is a serious problem for online application .maintaining data confidentiality is the most important factor. Sensitive data can be leaked from online repositories. An ideal solution to satisfy the goals of maintaining data confidentiality is to enable a server to compute over encrypted data without the server to decrypt the data to plaintext.
Assumptions and Description of Participants
For this research, I have noted that research assumptions are elements out of a researcher’s control, but considered by the researcher as relevant to the study and true but unverified. Six assumptions were made in my study. The first assumption was that the technology department dedicated resources to the design, implementation, and enforcement of security controls to minimize security issues in the database. Secondly, I assumed that some database systems lacked the best practices to minimize data breaches for increased performance. The third assumption was that systems theory was an appropriate method for business users to understand and incorporate technology operations to prevent data breaches. Lastly, I assumed that patterns and themes emerging from the data analysis would assist in addressing the research question.
I have used purposive sampling for this research. According to Smith, Colombi, and Wirthlin, purposive sampling enhances a researcher to discover the participants who will provide the data to answer the research question. Utilizing purposive sampling enabled me to select participants with an understanding of the research subject area. In qualitative research, a researcher uses the sample size to assure the richness of the information, and the number of participants depends on the topic and availability of resources. Sampling two technology executives and five technical staff in each case was appropriate for this study and provided enough data to achieve data saturation.
Technology executives and technical staff are key stakeholders in the design, implementation, and enforcement of data security in database management systems. Furthermore, technology executives and technical staff are responsible and accountable for the security of organization data. I have selected a bank as one of the cases because banks’ executives face significant data security threats and increased adoption of online and mobile banking technologies.
Data Collection, Timeline and Discussion
As a researcher, I was the primary data collection instrument. As the primary data collection instrument, the researcher collects data in a natural way which assists in performing data analysis that is inductive and deductive to establish patterns and themes. I utilized a few open-ended questions within the data collection instrument. According to Qu and Dumay, semistructured interview formats allow participants to provide an in-depth understanding of a research topic. To ensure credibility and reliability, I posed the same interview questions to each participant, and I avoided bias by not asking leading questions. I also utilized available security and privacy policy statements from each of the institution's Internet website for methodological triangulation. When a researcher analyzes data from archival documents together with interviews and observations, they reveal research themes. I applied member checking during the interview process as a method of achieving research validity and reducing bias.
The research took around 8 weeks for me to gather and analyze data from different internal and external sources. Approximately ten percent of the time is spent to evaluate and construct a problem statement. Forty percent of the time is spent on research and explore the collected information, approximately ten percent of the time is spent on the articles, literature and the rest forty percent of the time is used in writing and formatting of the research paper.
Finally, to conclude, security threats may occur from internal or external intentionally or unintentionally. Studies stated that most of the security threats are caused by internal resources. According to my research, protecting data from unauthorized access is the biggest challenge for an organization and it is important to maintain a company’s reputation and trust. Many organizations develop their own standards to ensure data security. Some of the cybersecurity threats are difficult to detect. Organization also must ensure users with restricted access to database systems and applications.
Practicing security methods to protect data in database management should be done frequently. If it is not done regularly an organization may face many circumstances.
References
- Allwood, M. C. (2012). The distinction between qualitative and quantitative research methods is problematic. Qual Quant, 46, 1417-1429. doi:10.1007/s11135-011-9455-8
- Boicea, A., Ghita, V., Radulescu, F., &Sarbu, A. D. (2010). Encryption Strategies in Databases. Annals of DAAAM & Proceedings, 165–166.Retrieved from:https://proxy1.library.eiu.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=a9h&AN=55674541&site=ehost-live
- Brisaboa, N. R., Rodríguez, M. A., Seco, D., &Troncoso, R. A. (2015). Rank-based strategies for cleaning inconsistent spatial databases. International Journal of Geographical Information Science, 29(2), 280–304. https://doi-org.proxy1.library.eiu.edu/10.1080/13658816.2014.965711
- Cacchione, P. Z. (2013). Tips on Ensuring Quality Data Management: Instrument Design. Clinical Nursing Research, 22(1), 3–6. https://doi-org.proxy1.library.eiu.edu/10.1177/1054773812473813
- Cambra-Fierro, J., & Wilson, A. (2011). Qualitative data analysis software: Will it ever become mainstream? Evidence from Spain. International Journal of Market Research, 53(1), 17-24. doi:10.2501/IJMR-53-1-017-024
- Dayıoğlu, Z. N., Kiraz, M. S., Birinci, F., &Akın, İ. H. (2014). Secure Database in Cloud Computing: CryptDB Revisited. International Journal of Information Security Science, 3(1), 129–147.Retrieved from :https://proxy1.library.eiu.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=a9h&AN=116233335&site=ehost-live
- Denzin, K. N. (2012). Triangulation 2.0. Journal of Mixed Methods Research, 6, 80-88.doi:10.1177/1558689812437186
- Fernández-Medina, E., & Piattini, M. (2005). Designing secure databases. Information & Software Technology, 47(7), 463–477. https://doi-org.proxy1.library.eiu.edu/10.1016/j.infsof.2004.09.013
- Goertz, G., & Mahoney, J. (2013). Methodological Rorschach tests: Contrasting interpretations in qualitative and quantitative research. Comparative Political Studies, 46, 236 –251. doi:10.1177/0010414012466376
- Hoe, J., & Hoare, Z. (2012). Understanding quantitative research: Part 1. Nursing Standard, 27, 52-57. Retrieved from http://nursingstandard.rcnpublishing.co.uk/
- Loomis, D. (2019). Data Quality Matters. KM World, 28(4), 28.RetrieveRetrievedFromd from:https://proxy1.library.eiu.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=a9h&AN=137671169&site=ehost-live
- Marshall, C., & Rossman, B. G. (2010). Designing qualitative research. Thousand Oaks, CA: Sage Publications, Inc
- MOSKWA, L. S. (2015). Is Your Data in Good Order? Journal of Pension Benefits: Issues in Administration, 23(1), 49–50.RetrievedFrom:https://proxy1.library.eiu.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=bsh&AN=109480968&site=ehost-live
- O’Reilly, M., & Parker, N. (2012). Unsatisfactory saturation: a critical exploration of the notion of saturated sample sizes in qualitative research. Qualitative Research, 13,190–197. doi:10.1177/1468794112446106
- Popa, R. A., Redfield, C. M. S., Zeldovich, N., & Balakrishnan, H. (2012). CryptDB: Processing Queries on an Encrypted Database. Communications of the ACM, 55(9), 103–111. https://doi-org.proxy1.library.eiu.edu/10.1145/2330667.2330691
- Qu, S. Q., & Dumay, J. (2011). The qualitative research interview. Qualitative Research in Accounting & Management, 8, 238-264. doi:10.1108/11766091111162070
- Smith, R. A., Colombi, M. J., & Wirthlin, R. W. (2013). Rapid development: A content analysis comparison of literature and purposive sampling of rapid reaction projects. Procedia Computer Science, 16, 475-482. doi:10.1016/j.procs.2013.01.050
- Yin, R. K. (2013). Case study research: Design and methods (5th ed.). Thousand Oaks, CA: Sage