1 Introduction

In this age of information, it is very important to keep it secure as well. The information is very important either for a person or for a corporation.  The real importance of information can be easily understand by thinking that all the business being done over the internet is only because of the information being provided by the customers. All the information about the customers and the products of an organization are kept in a database. The information of an organization is very important to be kept secret from intruders and unauthorized persons (Crews Jr. and Oberwetter). If the information of a corporation is leaked or stolen then the corporation may face a major loss in business. Therefore it is very important to keep the database of corporation to be totally secure.

With the advent of online business and easy access to information and database, it is very hard to keep all the information and database secure from intruders. It is the responsibility of network administrators to make security of database and information more secure so that it cannot be accessed by some unauthorized person. There have been number of attacks on the database and information of large corporations of the world that let them faces huge losses (Allen). Attacks on corporation’s database and information are increasing unstopping. Many organizations are doing their best for making their database and information secure so that it could be accessed of theft by anyone.

2 Issues related to research

There are number of issues related to the database and information security for a corporation. There are corporations who let the customers or users access their limited data. This opens a way for the intruders to access data and information that they use to hack websites. The corporation lets the users or the customers who are only authorized to access some of their information (Shulman). There is need to authenticate the number of users of persons who can easily data from their servers.

The information is stored in database of every corporation. The intruders always try to get access to data that the corporation needs to hide it from any unauthorized person. That specific information may contain future plans of the company or their product sale data. With the easy availability of information on websites it is quite easy for the intruders to access database of corporation. There is needed to look out for some security models that keep all the databases and information of corporation inaccessible from unauthorized persons.

When the corporation allows the user to access some part of information, on the other hand the corporation also requires that other part of information and database to be intact. The corporation needs to draw a line between data that he needs to display or not. How the corporation is going to identify which one of the users is authenticated to access the information and which one is not (Lesov). This is quite a complex mechanism with few solutions to it.

Making a list of authenticated users and securing database and information is enough for a corporation. There are number of security threads to database and information of corporation that needs to be figured out to make it totally secure. It is important to keep information of a corporation away from the attacks of hackers (Yun  and Xiangsheng, 2010). These are the main issues that a corporation is mostly facing making its information and database secure from unauthorized persons.

3 Specific research questions

This research is meant to solve out the main threats to the security of information of a corporation. Here is few research questions related to this research.

 

  1. What are the best ways to make database communication strong?
  2. What is the effect of excessive privilege abuse?
  3. How to stop legitimate privilege abuse?
  4. Is there any way to stop a person from privilege elevation?
  5. What are the procedures to stop unwanted SQL injection to database?
  6. Will making audit rail strong work?
  7. What precautions should be taken to stop denial of information?
  8. What is the best user authentication method?

4 Methodology

This research will be carried out with extensive research related to security of information and database inside a corporation. It may require a better understanding of database security methods that can be applied by a corporation to make it more secure. Information is the main asset of an organization and that is needed to be securing at any cost. Almost all the organization try to make their information secure and away from unauthorized access, but one way or the other, hackers are successful in getting that information.

Moreover, there is needed to look at the attacks on the information and database of different corporations in the past. There are certain organizations in the world that did their best to secure their information, but hackers were successful to find out the loop hole in their security. Looking at the cyber attacks on the information in the past will help in an effort to minimize loop holes in the security of information and database.

This research may also include some interviews with computer experts to know about making the information security even more high. These interviews will help in getting knowledge about attacks on corporations’ information and database.

5 Expected outcomes of the project

The basic motive of this research is to know about security threats to information and database of any corporation. With research and knowing all the threats it will be easy to create strong security to make information inaccessible from unauthorized persons (Horie et.al, 2008). This research will provide with number of ways in which the information of any corporation or any other organization will be intact from intruders. This will help in enabling database communication more strong and effective.

The security will be improved once we know about the effect of excessive privilege abuse and ways to stop it. It will be easy to stop a person from changing a person’s privilege from a standard user to administrator one. Intruders mostly try to change or add more information to database, once security level will be high then it will be difficult for intruders to inject unwanted information into SQL. Hackers also want to stop transfer of information to the user of member, once the information or database is secure, it will remove denial of information to the user.

6 Literature Review

The information is available to thousands of people on internet. Almost all major corporations of the world are providing some sort of information to the users or the members. But there is some information that is very confidential for the corporation and is kept intact from unauthorized persons. If the database is accessed from unauthorized persons, then it will let the corporation face millions of dollars. There are many examples which show the threat to a corporation, through data insecurity.  There is lot of material available on the importance of security of information. The threats that a corporation may face due to insecure information and database are also clear (Klein and Menendez, 1993). There is quite literature available but no specifically related to solutions to these threats. This research will add more to already literature available on internet in different research papers. It will give a deeper look into the security of information and database in corporation sector.

 

7 References

 

Clyde Wayne Crews Jr. and Oberwetter , Brooke. Preventing Identity Theft and Data Security Breaches: The Problem With Regulation. Retrieved June 29, 2012, from

http://cei.org/pdf/5316.pdf

Allen, Troy. Corporate Data Security Challenges. Retrieved June 29, 2012, from

http://humanresources.about.com/od/healthsafetyandwellness/a/data_security.htm

Shulman, Amichai. Top Ten Database Security Threats:

 How to Mitigate the Most Significant Database Vulnerabilities. Retrieved June 29, 2012, from  

http://www.schell.com/Top_Ten_Database_Threats.pdf

Lesov , Paul. Database Security: A Historical Perspective. Retrieved June 29, 2012, from

http://arxiv.org/ftp/arxiv/papers/1004/1004.4022.pdf

 

Li Yun  and Li Xiangsheng (2010). Information security structure for database processer. Retrieved June 29, 2012 from http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5622530&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5622530

Klein, S.A.  and Menendez, J.N.  (1993). Information security considerations in open systems architectures. Retrieved June 29, 2012, from http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=221236&url=http%3A%2F%2Fieeexplore.ieee.org%2Fiel1%2F59%2F5783%2F00221236.pdf%3Farnumber%3D221236

Horie, D., Morimoto, S., Azimah, N., Goto, Y. and Jingde Cheng(2008). ISEDS: An Information Security Engineering Database System Based on ISO Standards. Retrieved June 29, 2012, from

http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=4529482&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D4529482