What the Accountant Must Know about the Security of Database Management Systems

By Levine, Marc H.; Siegel, Joel G. | The National Public Accountant, August 2002 | Go to article overview

What the Accountant Must Know about the Security of Database Management Systems


Levine, Marc H., Siegel, Joel G., The National Public Accountant


As more and more commercial entities turn to the Internet and the number of online businesses increase, the need to protect the information, data, and assets of these security sensitive entities becomes a major concern. Security concerns include alteration or loss of database information, user violations (obtaining unauthorized data, obtaining another's password to gain illegal access to the database), database violations (theft, alteration, or copying of data), violations by programmers and administrators (creating programs that do not have adequate controls, and/or making unauthorized changes to programs making them susceptible to control breakdowns).

Establish a Control Plan for the Database Management System

To make sure that all employees are cognizant of the security procedures and policies to be followed in a database management system (DBMS), a control plan must be established. The control plan should be in writing (perhaps in the form of a manual), concise, and easy to understand and implement. It should not be longer than 10 pages and should discuss the rationale behind database security and the importance of confidentiality of company information. The control plan should be distributed through-out the company. All individuals who work with the system should be accountable for the standards of security that are enumerated in the plan. Although the standards need to be worded flexibly enough to be successfully adapted to different parts of the business, consistency must be maintained throughout the organization.

Important guidelines that should be considered in the design of an entity's DBMS control plan are indicated below:

* All the components of the entity should be included--none should be omitted from the control plan.

* All databases operating in each segment of the business, regardless of function, should be part of the control plan and protected by it.

* All applications supported within each database should he included in the plan.

* All applications operating in a database should include the name of the person responsible for the authorization of users.

* Enumeration of the different forms of backup that will be utilized should be included.

* Auditing considerations such as types of auditing that would be required as well as its frequency of occurrence, persons responsible for performing audit functions, etc., should be included.

* Each application should enumerate all the controls that should be in effect for that application.

* The structure and composition of all user names and passwords must be included.

Protective Considerations

A good DBMS security system should be able to discriminate between authorized and unauthorized users. Several methods currently being used or in the process of being developed ascertain whether an authorized user has presented him or herself for access to a system. These include:

Identification Information--The system should be capable of ascertaining the individual's identification data by comparing it to information already stored. For example, a person's name may be accompanied by his or her company identification number, or personal identification code. The system may query the individual for more personal information (e.g., mother's maiden name, date of birth) in order to access information of a more sensitive nature. Other forms of identification might include the user's driver's license number or passport number. More recently, systems have been developed which can compare an individual's picture to an online database copy of his or her driver's license or passport photos.

Biometric Identification--Systems have or will soon have the capability of comparing a user's signature, voice print, palm print, fingerprint, iris print, facial thermograms, or other personal traits as a means of limiting access to the network database system. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

What the Accountant Must Know about the Security of Database Management Systems
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Author Advanced search

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.