Database Security and

Integrity
Protecting and Maintaining Reliable Databases

Mrs. Memory M Mumbi

2025
 Introduction to Database Security and
Integrity
• Importance of securing databases is to protect sensitive data
from unauthorized access.
• Ensuring data integrity to maintain accuracy, consistency, and
reliability.
The CIA Triad

The CIA triad is a foundational model in

information security that outlines three core
principles: Confidentiality, Integrity, and
Availability.

These principles are essential for ensuring

the security and reliability of databases.
 Confidentiality
• Confidentiality refers to the protection of sensitive data from unauthorized
access and disclosure. It ensures that only authorized users can view or
access specific data.
• Implementation Strategies:
• Access Control: Implementing user authentication and authorization mechanisms to
restrict access to sensitive data. This can include role-based access control (RBAC),
discretionary access control (DAC), and mandatory access control (MAC).
• Encryption: Encrypting data at rest (stored data) and in transit (data being transmitted)
to protect it from unauthorized access. This ensures that even if data is intercepted or
accessed without permission, it remains unreadable.
• Data Masking: Obscuring specific data within a database to protect it from
unauthorized users while still allowing access to the data for legitimate purposes.
• Importance: Protecting confidentiality is crucial for maintaining user trust,
complying with regulations (such as GDPR or HIPAA), and safeguarding
sensitive information like personal identification, financial records, and
proprietary business data.
 Integrity
• Definition: Integrity ensures the accuracy, consistency, and reliability of data
throughout its lifecycle. It means that data cannot be altered or deleted by
unauthorized users and that it remains correct and trustworthy.
• Implementation Strategies:
• Data Validation: Implementing constraints (such as primary keys, foreign keys, unique
constraints, and check constraints) to ensure that only valid data is entered into the
database.
• Audit Trails: Maintaining logs of all changes made to the database, including who made
the changes and when. This helps in tracking unauthorized modifications and ensuring
accountability.
• Backup and Recovery: Regularly backing up data and having recovery procedures in
place to restore data to its correct state in case of corruption or loss.
• Importance: Ensuring data integrity is vital for making informed business
decisions, maintaining compliance with regulations, and preventing data
corruption or loss that could lead to significant operational issues.
 Availability
• Definition: Availability ensures that data and database services are
accessible to authorized users when needed. It involves maintaining system
uptime and ensuring that users can access the data without interruption.
• Implementation Strategies:
• Redundancy: Implementing redundant systems, such as database replication and
clustering, to ensure that if one system fails, another can take over without downtime.
• Regular Maintenance: Performing routine maintenance, updates, and patches to
prevent system failures and vulnerabilities that could lead to downtime.
• Disaster Recovery Planning: Developing and testing disaster recovery plans to ensure
that data can be restored and services can be resumed quickly after a failure or disaster.
• Importance: High availability is critical for business continuity, especially for
applications that require real-time access to data, such as e-commerce
platforms, financial services, and healthcare systems.
 Data Integrity and Constraints
• Data Integrity: Ensures the accuracy and consistency of data over
its lifecycle.
• Types of Data Integrity:
• Entity Integrity: Ensures each table has a primary key that uniquely
identifies each row.
• Referential Integrity: Maintains consistent relationships between tables
using foreign keys.
• Domain Integrity: Enforces valid data types, formats, and allowable
values.
• User-Defined Integrity: Custom rules defined by business requirements.
 Constraints in Databases

•Primary Key Constraint: Uniquely identifies each row.

•Foreign Key Constraint: Ensures referential integrity between related

tables.
•Unique Constraint: Ensures all values in a column are distinct.

•Check Constraint: Restricts values allowed in a column based on a

condition.

•Not Null Constraint: Ensures a column cannot have NULL values.

Access Control and Authentication
 User Access Control and Authentication
• Access Control: Mechanism to restrict database access to authorized users
only.
• Types of Access Controls:
• Discretionary Access Control (DAC): Users have ownership and can grant access
permissions to others.
• Mandatory Access Control (MAC): Access rights are regulated by a strict policy
controlled by the system.
• Role-Based Access Control (RBAC): Permissions are assigned to roles rather than
individuals, simplifying management.
• Authentication: Verifying the identity of a user or system trying to access the
database.
• Methods include passwords, biometrics, two-factor authentication, and tokens.
• Principle of Least Privilege: Users should only have the minimum access
necessary to perform their jobs.
 Backup Techniques
• What is Backup? Creating copies of data to protect against loss
or corruption.
• Types of Backups:
• Full Backup: Complete copy of the database.
• Incremental Backup: Only backs up data changed since the last backup.
• Differential Backup: Backs up all changes since the last full backup.
• Backup Strategies:
• Regular scheduling based on data criticality and change rate.
• Offsite and cloud backups for disaster recovery.
• Automated backup tools integrated with DBMS.
 Recovery Techniques
• Purpose: To restore database to a correct state after failure or data
loss.
• Types of Failures:
• Transaction failure, system crash, media failure, human error.
• Recovery Methods:
• Rollback: Undo changes of incomplete or erroneous transactions.
• Rollforward: Reapply committed transactions from backups/logs to restore
data.
• Point-in-Time Recovery: Restores data up to a specific moment before failure.
• Transaction Logs: Crucial for recovery, maintain a record of all
changes.
 Best Practices in Database Security and
Integrity
• Enforce strong authentication and authorization policies.
• Regularly update and patch DBMS software.
• Perform frequent backups and test recovery procedures.
• Use encryption for sensitive data at rest and in transit.
• Monitor database activities and audit access logs.
• Implement data validation rules and constraints to maintain data
integrity.
CLASS ADJOURNED

QUESTIONS
COMMENTS