Question

If you consider the cyber security responsibilities and obligations associated with your role or a role in which you have an interest, what are the cyber security responsibilities? To what extent do they relate in some way to databases?

Answer 1

Answer:-

what are the cyber security responsibilities?

New security threats pop up all the time, and IT security professionals need to stay up to date with the latest tactics hackers are employing in the field. In addition to the high-level responsibilities mentioned above, some specific duties IT security teams do, include:

• Set and implement user access controls and identity and access management systems
• Monitor network and application performance to identify and irregular activity
• Perform regular audits to ensure security practices are compliant
• Deploy endpoint detection and prevention tools to thwart malicious hacks
• Set up patch management systems to update applications automatically
• Implement comprehensive vulnerability management systems across all assets on-premises and in the cloud
• Work with IT operations to set up a shared disaster recovery/business continuity plan
• Work with HR and/or team leads to educate employees on how to identify suspicious activity

To what extent do they relate in some way to databases?

Security concerns for internet-based attacks are some of the most persistent challenges to database security. Hackers devise new ways to infiltrate databases and steal data almost daily. Organizations must ensure their database security measures are strong enough to withstand these attacks.

Some of these cyber security threats can be difficult to detect, like phishing scams in which user credentials are compromised and used without permission. Malware and ransomware are also common cyber security threats.

Another critical challenge for database security is making sure employees, partners, and contractors with database access don’t abuse their credentials. These exfiltration vulnerabilities are difficult to guard against because users with legitimate access can take data for their own purposes. Edward Snowden’s compromise of the NSA is the best example of this challenge. Organizations must also make sure users with legitimate access to database systems and applications are only privy to the information they need for work. Otherwise, there’s greater potential for them to compromise database security.

How Can I Deploy Database Security?

There are three layers of database security: the database level, the access level, and the perimeter level. Security at the database level occurs within the database itself, where the data live. Access layer security focuses on controlling who is allowed to access certain data or systems containing it. Database security at the perimeter level determines who can and cannot get into databases. Each level requires unique security solutions.

Security Level	Database Security Solutions
Database Level	Masking Tokenization Encryption
Access Level	Access Control Lists Permissions
Perimeter Level	Firewalls Virtual Private Networks

Database Security Best Practices

Although there are several different approaches to database security, there are some best practices that can help every organization keep its databases safe. These database security best practices enable organizations to minimize their vulnerabilities while maximizing their database protection. Although these approaches can be deployed individually, they work best together to protect against a variety of circumstances impacting database security.

• Physical database security: It’s critical to not overlook the physical hardware on which the data is stored, maintained, and manipulated. Physical database security includes locking the rooms that databases and their servers are in—whether they are on-premise assets or accessed through the cloud. It also involves having security teams monitor physical access to that equipment. A crucial aspect of this database security best practice is to have backups and disaster recovery measures in place in case of a physical catastrophe. It’s also important not to host web servers and applications on the same server as the database the organization wants to secure