Reducing Database Security Implementation Gaps

The proposed strategy borrows from risk analysis methods and consists of nine elements. The first step is system characterization. This should be followed by identification of threats, gap identification, control analysis, determination of the likelihood of occurrence, an impact analysis, risk determination, recommendations for control and finally documentation of results. System characterization involves determining the level of risk in each aspect of the system. After characterizing, the organization needs to identify threats. Gap identification is done by detecting whether a control exists in the system. A control analysis involves the examination of the controls put in place to guard against threats. Thereafter, the organization ought to determine the likelihood of occurrence of a threat. Impact analysis involves examining the effects of the threat once gaps are exploited. Risk determination is a ranking process that will affect resource allocation in the organization based on the threats with the highest chance of occurrence. Recommendations and documentation are the last phase.