Introduction
A database is basically a collection of tables that hold the data in an organized manner. It is used in companies where data usage is integrated and shared. Most companies use databases to record all kinds of information that is confidential to outside parties. Databases make data management more efficient and effective. It provides an integrated view of the organization’s operations and reduces the probability of inconsistent data. Hence, it is of great importance to keep these databases secure and safe from outside intrusion.
Discussion
There are a number of factors that need to be considered when designing databases. The design of the database is important as it eliminates unwanted data redundancy and the errors generated due to misinterpreted data.
As the director of security of a computer software company, the security and integrity of the database hold significance as the information and data regarding the programs is one of the essential assets. There is an enormous risk of physical or internet intrusion into the database; therefore, it is important for the security director to ensure that the company data is safe.
Database attacks are the cause of most fraudulent activities that damage the internal as well as external structure of the companies. If the database is not secure enough, it may be intruded on, and the information may be hacked and used in an adverse manner which may badly affect the company. The computer software industry is one that is flourishing and expanding rapidly, there is immense competition and innovation in the market of computer software, and hence, it is important to be private about the developments taking place within the company. The designing of specialized programs requires a great deal of time and effort, and all the advancements are recorded and saved within the company database for continuation or future references.
Intrusion into the database systems of the company could result in the loss of precious data, and the advancements made by the company may be gone astray. This illegal act of intrusion or infringement is increasingly common in competing industries. The computer software company is highly susceptible to intrusion and is likely to be hacked and manipulated. More importantly, a company’s database contains sensitive information which in case of an intrusion, can be revealed to external sources. Hence, it is important to have a powerful and well equipped, and updated security control over the entire data and information of the company.
The database of the company is at risk from physical intrusion as well as intrusion through the internet. Physical intrusion can be carried out by gaining illegal access to the accounts of the system manually through existing employees or tapping into the system. The accounts can be accessed through the end-user or through the system administrator. Internet intrusion is more common, and it can be carried out from any source. The password can be hacked, and if the data is not encrypted, it may be retrieved through illegal methods. Once the database is accessible to an outside source, the data and information present, if not completely encrypted, may be used in an unfavorable manner that may hurt the company. The programs may be copied and sold in the market. Also, critical information regarding the company assets and future plans may be disclosed to outside parties. Intrusion allows the attacker to induce system crashes, service failure, or asset damage to the company.
Encrypted data may also be retrieved through methods of decoding. Hence, it is of great importance to have a regular security audit to assess the degree to which the data is secure and to check for any loopholes in the security measures.
Intrusion into the system is carried out for a number of different reasons. The system database may be intruded on in order to embarrass or mortify the organization. It may be carried out with the financial motive of selling the acquired information into the market. Intrusion into company profiles may also allow bad publicity of the company. However, whichever intended reason is followed, the company would be harmed with the loss or exposure of its information and valuable data.
The act of intrusion is carried out by first gaining comprehensive information about the company, its network organization, application, and operating systems. The extensive information is gathered and scanned for important data such as firewall configuration and other vulnerabilities. The network can also be accessed through ports. The next step for intruders is to access vulnerabilities. These can be through passwords, web applications, network switches and hubs, and a number of different sources. Finally, the intruders maintain access to the information through the ports or viruses. One virus commonly known as a Trojan creates a backdoor into the system, thus making the system susceptible to external intrusion. Moreover, mostly the attackers cover their tracks by altering their logs or by converting channels so as to remain a user of the accounts without being spotted by the company. Security breaches can result in server failure. The hackers can send a large number of requests to the server that blocks access to the company users. Session hijacking can allow the attacker to access critical company data as it takes over the user session. Furthermore, illegal security break-ins can be caused by weak security measures that allow the hackers to pierce through the authentication and authorization checks of the system and make way to critical company files (Hansen, 2001).
As the director of security, the aspect of risk management is a vital part of precautions measures. Risk assessment, mitigation, and evaluation are important for the company to check its vulnerabilities and loops holes in the system in order to be secure from intrusion at all times. Risk management would allow the IT system and data of the company to be secure. Moreover, it is important to update security systems from time to time. The security policy needs to be well thought out. Security firewalls need to be created to avoid intrusion. Also, having backups and safeguarding those backups is also imperative (Stoneburner, Goguen, and Feringa, 2002).
Conclusion
Protecting company data, records and information is a major security problem and needs to be dealt with immense magnitude. Company databases and accounts, if breached, can cause uproar in the performance of the organization. Another major aspect of this breach is the customer records, once revealed, will give the company a very image, thus damping the chances of those customers returning to do business with the company. Hence, the security systems and the IT security team need to be given significant importance by the upper management.
References
- Hansen, J.V (2001).Internet commerce security: Issues and models for control checking. The journal of operational research society, 52, 1159-1164.
- Stoneburner, G, Goguen, A, & Feringa, A (2002). Risk management guide for information technology systems.