Database security is built upon a framework encompassing three constructs:confidentiality, integrity and availability (Bertino & Sandhu,2005).
- Confidentiality or secrecy refers to the protection of data against unauthorized disclosure,
- integrity refers to the prevention of unauthorized and improper data modification,
- and availability refers to the prevention and recovery from hardware and software errors as well as from malicious data access resulting in the denial of data availability (Bertino, Byun & Kamra, 2007).
Mapping to these three constructs, a database security component in any course needs to cover:
- access control,
- application access,
- vulnerability,
- inference,
- and auditing mechanisms