Database Systems: Threats and Mitigation

The primary threats to a database system are-

  • Internal threat
    • Intentional (sabotage), and
    • Inadvertent (carelessness/accident)
      • Phishing
      • Social engineering
  • External threats
    • Password crackers
    • SQL injections
    • Malware
    • Dumpster diving
    • Physical and natural disasters

Mitigation techniques for data at rest (stored in the database, not in transit over the network) are having policies and procedures for-

  • Encryption
  • Access Control
  • Secure server management
  • Updates and patch management of the server OS and database
  • Antivirus on the server
  • Backup