The database security deals with the use of wide ranges of information security prevention to secure databases that generally include the data, the database systems, database applications or stored functions, the associated networks links and database servers against the misuse of the integrity, availability, and confidentiality of these mentioned factors. The various types of controls are used such as procedural, technical and physical control methods. This database security is a specific topic within the boundaries of information security, computer security, and risk management.
The security risks to the database systems might include malware infections that lead to the incidents such as leakage or disclosure of personal or organizational information, unauthorized access, delete or damage of the data or programs, denial or interruption of unauthorized access to the database, unexpected failure of the database and attacks on other systems. It might also include unintentional and disallowed action or misuse by database administrators, authorized database users, system/network managers, by hackers and unauthorized users.
For example inappropriate changes to the database programs, inadequate access to sensitive data, structures or security configurations, metadata or functions within databases. It might as well include the performance constraints, overloads and the ability problems that result in the capacity of authorized users that use that database as desired. The physical damage to database servers caused by computer room overheating, fires or floods, lightning, static discharge, accidental liquid spills, obsolescence and electronic breakdowns/equipment failures.
It might also include the programming bugs and design flaws in databases and the associated programs and systems, creating data loss or corruption, various security vulnerabilities such as unauthorized privilege escalation and performance degradation. The data corruption or injury that is caused due to entering of invalid data or commands, criminal damage, sabotage, mistakes in database or system administration process is also included among these threats.
There are few layers and types of information security which are equally crucial to the databases. These are Access control, Authentication Auditing, Integrity controls, Encryption, Application security, Backups and Database Security applying Statistical Method.