Database Security Framework & Best Practices

For database security following framework can be adapted by any organization to ensure database security system established within organization. This has been written by Prakash Sharma.

Database Security Framework

Quality Assurance will need to be performed for all the processes defined above


Best Practices

  1. Physical Access Control needs to be established
  2. Installation sites need to be secured
  3. Lock and expire all default database accounts
  4. Change default passwords
  5. Lock and expire all default user accounts
  6. Enforce password management
  7. Enable data dictionary protection
  8. Grant least privilege to maximum number of users
  9. Enforce access controls
  10. Restrict operating system access
  11. Restrict network access
  12. Apply security patches periodically
  13. Enable SSL to provide mechanism for data integrity and data encryption
  14. Set up certificate authentication for client and servers
  15. Restrict privileges to listener which acts as a database gateway to the network
  16. Restrict physical access to network
  17. Use Firewalls
  18. Never keep vulnerable ports open (example 1521)
  19. Prevent unauthorized administration of Listener
  20. Encrypt Network traffic
  21. Harden the Operating System by disabling unnecessary services
  22. Ensure Audit trails enabled where ever security threats foreseen

Data Base Security Terms and Definition

Data base Security

  • Data base Security is a mechanism to protect database against intentional or accidental threats. Security controls are established to mitigate the risks emerging due to threats pertaining to critical assets in the organization.  Database is a critical asset for any organization hence organizations need to invest budget for data base security requirements

What is a threat?

  • Any intentional or accidental event that may adversely affect the system

Database Threats


  • An unauthorized resource gets into an organization with a pen drive and  copies organization data and moves out of premise. Someone intentionally decides to store database backup on a public storage system


  • Any tampering to data and changing the content without authorization is a fraud

Confidentiality compromise

  • Any data or data base if available for public purview leads to confidentiality compromise unless an an organization intentionally decides to publish data for public.

Privacy compromise

  • Any personal information if available for public purview leads to privacy compromise unless an organization intentionally decides to publish data for public

Integrity compromise

  • Any tampering to data and loss of data and its audit trail leads to integrity compromise

Availability compromise

  • Any data should be available to its intended user always and if the data base is not available or data base gets corrupted then it is an availability compromise



Examples of Threats

  1. Using another person’s log-in name to access data
  2. Unauthorized copying of data
  3. Illegal injections by hacker
  4. Viruses
  5. Data Alteration


Security Controls


  • User-Access Policies needs to be defined for database access.

Authorization is a mechanism to grant privileges to enable user to access the system.


  • Authentication is a mechanism to verify whether the right user logs in to the system. System Administrator is responsible for providing user rights to individual users who can access the system.


  • Whenever there is a need to perform queries on multiple related tables, it is important for creating views and granting privileges to users to ensure user is not aware of existence of any columns or rows which are missing from the view.

Backup and Recovery

  • The backup and recovery processes are vital for organization to ensure a copy of database and log file is stored on an offline storage media. It is important to test the tapes by recovering the data to ensure backup is performed successfully.


  • Integrity of data base systems can be maintained by securing the database from virus and malicious code attacks and preventing data from becoming invalid.


  • It is a concept to use special algorithms to render data unreadable by any program and you need to have decryption key to read the data. Performance degradation exists when there is a need to encrypt too many data columns

RAID Technology

  • RAID stands for Redundant Array of Independent Disks. RAID is implemented on a hardware system where the database is installed to ensure DBMS continue to function even if one of the hardware components fails.


  • Privilege is a right given to user to access the database and its relevant data. Read, Write, Read-Write access given to the database or data base tables or rows or columns of a table.


Views: 793

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform


CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20, 2020. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us


Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */