­
Database Security Framework & Best Practices - All Articles - CISO Platform

Database Security Framework & Best Practices

For database security following framework can be adapted by any organization to ensure database security system established within organization. This has been written by Prakash Sharma.

Database Security Framework

8669823693?profile=original

8669824880?profile=original

Quality Assurance will need to be performed for all the processes defined above

 

Best Practices

  1. Physical Access Control needs to be established
  2. Installation sites need to be secured
  3. Lock and expire all default database accounts
  4. Change default passwords
  5. Lock and expire all default user accounts
  6. Enforce password management
  7. Enable data dictionary protection
  8. Grant least privilege to maximum number of users
  9. Enforce access controls
  10. Restrict operating system access
  11. Restrict network access
  12. Apply security patches periodically
  13. Enable SSL to provide mechanism for data integrity and data encryption
  14. Set up certificate authentication for client and servers
  15. Restrict privileges to listener which acts as a database gateway to the network
  16. Restrict physical access to network
  17. Use Firewalls
  18. Never keep vulnerable ports open (example 1521)
  19. Prevent unauthorized administration of Listener
  20. Encrypt Network traffic
  21. Harden the Operating System by disabling unnecessary services
  22. Ensure Audit trails enabled where ever security threats foreseen

Data Base Security Terms and Definition

Data base Security

  • Data base Security is a mechanism to protect database against intentional or accidental threats. Security controls are established to mitigate the risks emerging due to threats pertaining to critical assets in the organization.  Database is a critical asset for any organization hence organizations need to invest budget for data base security requirements

What is a threat?

  • Any intentional or accidental event that may adversely affect the system

Database Threats

Theft

  • An unauthorized resource gets into an organization with a pen drive and  copies organization data and moves out of premise. Someone intentionally decides to store database backup on a public storage system

Fraud

  • Any tampering to data and changing the content without authorization is a fraud

Confidentiality compromise

  • Any data or data base if available for public purview leads to confidentiality compromise unless an an organization intentionally decides to publish data for public.

Privacy compromise

  • Any personal information if available for public purview leads to privacy compromise unless an organization intentionally decides to publish data for public

Integrity compromise

  • Any tampering to data and loss of data and its audit trail leads to integrity compromise

Availability compromise

  • Any data should be available to its intended user always and if the data base is not available or data base gets corrupted then it is an availability compromise

 

 

Examples of Threats

  1. Using another person’s log-in name to access data
  2. Unauthorized copying of data
  3. Illegal injections by hacker
  4. Viruses
  5. Data Alteration

 

Security Controls

Authorization

  • User-Access Policies needs to be defined for database access.

Authorization is a mechanism to grant privileges to enable user to access the system.

Authentication

  • Authentication is a mechanism to verify whether the right user logs in to the system. System Administrator is responsible for providing user rights to individual users who can access the system.

Views

  • Whenever there is a need to perform queries on multiple related tables, it is important for creating views and granting privileges to users to ensure user is not aware of existence of any columns or rows which are missing from the view.

Backup and Recovery

  • The backup and recovery processes are vital for organization to ensure a copy of database and log file is stored on an offline storage media. It is important to test the tapes by recovering the data to ensure backup is performed successfully.

Integrity

  • Integrity of data base systems can be maintained by securing the database from virus and malicious code attacks and preventing data from becoming invalid.

Encryption

  • It is a concept to use special algorithms to render data unreadable by any program and you need to have decryption key to read the data. Performance degradation exists when there is a need to encrypt too many data columns

RAID Technology

  • RAID stands for Redundant Array of Independent Disks. RAID is implemented on a hardware system where the database is installed to ensure DBMS continue to function even if one of the hardware components fails.

Privileges

  • Privilege is a right given to user to access the database and its relevant data. Read, Write, Read-Write access given to the database or data base tables or rows or columns of a table.

 

Votes: 0
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events