The pros and cons of various data base management systems (DBMS) are a popular topic in both library and systems literature. A data base management system is the systems software that manages the access to, and manipulation of, an integrated data base. Security control is a feature often mentioned in passing but rarely discussed in detail.
Most data base management systems support a security control option that prevents unauthorized access to the data bases, modification of data and destruction of information. The security capability also records all attempted and completed data base transactions.
By limiting access and modification of the data base a security system protects an organization against unauthorized information changes or unsanctioned use. The data base management security option requires all users to identify and authenticate themselves before gaining access to the system. The authentication procedure normally requires the user to key in his or her unique password. A password can be any word or number known only by the DBMS, key management personnel, and the specific user of the applications program.
For example, the password "white" might be used to give a person "permission" to view, but not alter, the contents of an order file. As security needs dictate, this password could later be changed to "pink" or "blue." Another password, "marble," for instance, might then be used to allow the operator to make changes in order file data. Obviously, passwords are assigned on a need-to-know basis.
Furthermore, a data base management security system records every attempted and completed security violation. This monitoring feature is an effective deterrent to improper use of the system, because the potential abuser knows that he or she can be positively identified as a data base intruder.
Data base security systems are growing in popularity. It is estimated that only one out of every four DBMS users currently utilizes a security control mechanism. By 1985, approximately four out of every five data base management installations are expected to incorporate a security option.
