week 8
Teaching and Learning Methods to be Employed
1. Lecture on security mechanisms with live SQL demonstrations
2. SQL injection attack demonstration and prevention
3. Lab: Creating users, granting/revoking privileges in MySQL
4. Discussion: NDPR compliance for Nigerian database systems
Learning Outcomes / Objectives
By the end of this week, students should be able to:
1. Describe the major threats to database security.
2. Explain authentication, authorisation, and access control in DBMS.
3. Use SQL DCL commands (GRANT, REVOKE) to manage user privileges.
4. Explain how database views provide security through data abstraction.
5. Describe SQL injection and how to prevent it.
6. Explain encryption and audit trails as security mechanisms.
7. Describe the requirements of NDPR for database-driven applications.
8.7 NDPR Compliance for Nigerian Database Systems
The Nigeria Data Protection Regulation (NDPR) 2019, issued by NITDA, places significant obligations on organisations that collect and process personal data of Nigerians. Key database-relevant requirements:
|
NDPR Requirement |
Database Implementation |
|
Lawful basis for processing |
Document why each personal data field is collected |
|
Data minimisation |
Only store data you actually need — no speculative collection |
|
Storage limitation |
Delete personal data when no longer needed (implement data retention policies) |
|
Integrity and confidentiality |
Encrypt sensitive fields; implement access controls |
|
Data subject rights (access, erasure) |
Implement mechanisms for users to request their data or deletion |
|
Data breach notification |
Implement audit logs to detect and report breaches within 72 hours |