This is the reason for the increased importance to this issue by many corporations. In an effort to protect vital information which would be within the systems of these organizations database security over the years has become more stringent. With information such as personal details on employees, customers, and other individuals, their financial information or transactions, trade information, e-mails; videos, software, and loads of other information if access by the wrong persons can be detrimental to that individual and the organization also. The degree of the consequence to each situation will differ, however it does not derail the fact that database security is necessary.
In an effort to protect this information the system known as security controls are referred to. These systems are implemented to deter detect and respond to any threats which may ensue. The basis of a corporate strategy for information security is that of confidentiality, integrity and availability of information. Confidentiality refers to the protection of data against unauthorized disclosure; integrity is that of the prevention of unauthorized and improper data modification, whereas availability is the prevention and recovery from hardware and software errors and from malicious data access denials which make the database system unavailable[2]. As exampled in this Bertino article the situation of payroll is analyzed. Such information like salaries should not be accessed by unauthorized persons since the scenario of modifications can be made with authorization; these situations are the ones which would need to be secured. Similarly in my field of work, certain artwork is secured so as not to be manipulated or copied. Payroll within my enterprise is not a big deal of security since it is not such a complex enterprise that these stringently monitored, however, processes are put in place for the proper allocation of funds and ensure the privacy of individuals despite the company’s size.
In essence these objectives to be achieves through confidentiality, integrity and availability of information help with avoidance of any harm occurring by protecting information systems; prevention is better than cure essentially. With these methods put in place, the likelihood of a major loss or harm being realized diminished.
[1] Thomas J. Smedinghoff Information Security Law: The Emerging Standard for Corporate Compliance, IT Governance Publishing, 2010, at 3-4
[2] E. Bertino et al. “Database Security—Concepts, Approaches, and Challenges” (2005) 2 IEEE Transactions on Dependable and Secure Computing 2, at 18.