To summarize, access protection begins with understanding who accesses the data, for what purposes and with what permission. The set of controls relevant to database access management is broad and complex, and touches many areas of the business and technology. The way to solve a set of problems as large and complex as information access protection is to establish priorities and begin solving the most significant problems first, one at a time, within an overall plan to provide and maintain a reasonable level of risk and substantial compliance with requirements. At the core of business controls over information is the need to protect data access to ensure accountability, privacy and data integrity. The simple goal is to ensure only authorized individuals have access and all access is monitored. To limit access to only people whose jobs require it, access protection must apply to identifying the sensitive data elements; the methods for managing user credentials and access rights; and the records of who accessed what, when and what they did with it. A single source for recording all access to the database is an efficient approach to controls, assurance and auditing, and can be significantly less demanding than the effort needed to manage or audit controls based in multiple locations. When controls are centralized in a single source, they facilitate the ability to verify compatibility across multiple operational areas. One may hear that the DBMS controls cannot be activated because they impact performance too severely. And, while that may be true, the alternative controls described above can provide a reliable centralized access control and can do it efficiently without negatively impacting system performance.
展开▼