Decisions that DBAs (Database Administrators) make to maintain the database as a whole are held to the upmost level. Some of the usual tasks are screening users, securing databases from external and internal threats, applying updates to the database, monitoring connectivity, develop, implement, and test backup and recovery plans, and monitoring performance.
The DBA will work with the system to create users. Permissions can be set within the database to allow the user access per policy. Databases are attractive to outside hackers and internal curious employees because of their central data storage and their high sensitive of data. Microsoft operating systems require updates every week. Sometimes these updates cause conflicts and crash systems. UNIX based systems do not require as many updates and are not automatic like windows, but still they do require updates. The DBA will have a policy to follow to apply operating system updates as to not crash the server. The network should also be monitored for connectivity to the database. The DBA can be proactive and have monitoring software on the database server to send alerts if the connection is down. If connection is lost to only this one area, it may be hardware failure within the server or connected networking peripherals. The DBA must have a strategy to recover from a hardware failure, a software failure from the operating system or the database instance, or a disaster.
There is only one security measure necessary to prevent data security. It is defense. However, it comes in two difference forms, perimeter defense and people defense. A well-structured defense of the network and database requires multiple granular levels of defense much like an onion has multiple layers with each having many details. With a multi-layered defense, even if one layer is penetrated, the remaining layers are protected. People defense is a different way of saying social engineering training. People are the weakest link when it comes to releasing information to hackers. Why would a hacker spend hours trying to penetrate through the layers of the perimeter defense when one phone call, one click on an email, or allowing the substitute delivery guy in the backdoor is so much easier?