Data is very critical to a company.

If you take an analogy of a company being a country or state,

data can be equated to the people or natives of the given country.Data is stored in databases
containing various information that if leaked can destroy a company.Take the instance where a
15 year old boy named, Jonathan James, who between August and October of 1999 hacked
NASA.Because of his skill as a hacker to intercept data from the Defense Threat Reduction
Agency(DTRA), he gained access to over 3000 messages, usernames and password of DTRA
employees. Now that the importance of data is undestood, what comes to mind is how to secure
this data in a database. This goal for database managment systems (DBMS) to protect data, is
called data security.As we continue, more on data security will be highlighted and discussed.

The CIA triad is a security model that consists of three vital information security principles:
confidentiality, integrity and availability. Many companies both local and global use this model
to achieve data security, while also helping to identify key problem areas and the necessary
solutions to resolve these issues. Going deeper into the CIA triad we get to know that:

Confidentiality measures are designed to prevent sensitive information from unauthorized

access. Integrity is the ongoing maintenance of consistency, accuracy and reliability of data. And
availability ensures information should be consistently and readily accessible for authorized
parties only. Furthermore, Confidentiality as a principle focuses on the need to protect sensitive
data, private information disclosure. To maintan confidentiality, a companymust segregate data
based on importance and set regulations on who can aces these data.Methods used to impelment
this include;access control lists, role-based access control (RBAC), volume/file encryption, file
permissions, encryption of data in process, in transit and in storage, remote wipe capabilities, and
education and training for all individuals with access to protected data.

When talking about integrity, the key point are authenticity and reliability. In other words, it
ensures that the data has not been tampered with and therefore can be trusted. So it means data
should be secure from deletiona or modification from unauthorised personas. This can be done
through encryption, hashing, digital signature among others.

Finally we have availability, meaning readily and easily accessible. Databases must be constantly
up and running to ensure critical business processes are uninterrupted. Common cause of
interrutions are human error, hardware failure, software failure, network failure, power outages,
natural disasters and cyberattacks. But there are ways and methods to combat this and they
include; regular software patching and system upgrades, maintaining backups and backup copies,
and disaster recovery.