Database Security

Overview For a cybercriminal, gaining access to a large database containing confidential information is like winning the lottery. A database provides not just one individual’s personal data but that of hundreds, possibly thousands of unsuspecting victims. With an entire database at his fingertips, there is no telling what a hacker would do. Are you aware that your own personal information is sitting in at least one database out there? Your checking and savings account numbers are in your bank’s database. Your MasterCard, Visa, or Discover card account number is in another. This makes it very convenient for you to call your credit card company and find out your current balance or report a stolen card. Your medical records might reside in your doctor’s database and can be looked up with a few clicks on the office computer. The ease of access provided by databases can be considered a double-edged sword. Follow the links provided below for details on how database break-ins have made personal data accessible to identity thieves and affected individuals’ credit ratings.

Database Break-ins You can read about CNET’s coverage of the widely publicized Choicepoint database break-in, which affected over a hundred thousand Americans, at www.pcworld.com/article/id,119790-page,1/article.html. Even university databases are at risk, as proven by the University of Texas incident, described at www.internetnews.com/dev-news/article.php/2110441. In this article, a student was convicted for hacking into the university database and stealing the social security numbers of over 55,000 students. One of the most recent database break-ins was at the Atlantis Resort in the Bahamas, affecting about 55,000 guests, with the details in this news report (www.computerworld.com.au/index.php/id;1748439805).

General Resources on Database Security How can the businesses and institutions that maintain your personal and financial data in their databases protect your privacy? GovernmentSecurity.org, which, in spite of its name, is not run by the government, provides several articles on tips for implementing database security at www.governmentsecurity.org.

 If you want to compare the security features and vulnerabilities of the most popular database management systems, such as DB2, SQL Server, and Oracle, look up www.databasesecurity.com. This site also provides titles of books and articles that can help you further your knowledge of each DBMS. More articles and resources, specifically about what a system or database administrator can do to secure database servers, are at this link (www.databases.about.com/od/security/Database_Security_Issues.htm). Several white papers on database encryption are provided at www.database.ittoolbox.com/topics/t.asp?t=371&p=371&h1=371#.

Government Regulations To gain a more in-depth understanding of the some of the government regulations that help protect you from database security breaches, you can look up the following: