A HOLISTIC FRAMEWORK FOR DATABASE SECURITY GOVERNANCE: INTEGRATING POLICIES, ACCESS CONTROLS, AND CONTINUOUS AUDITING FOR REGULATORY COMPLIANCE

Nagaraju Devulapalli

doi:10.29121/digisecforensics.v2.i1.2025.91

Authors

Nagaraju Devulapalli Principal Systems Developer, Mr. Cooper Group, Coppell, TX, USA

DOI:

https://doi.org/10.29121/digisecforensics.v2.i1.2025.91

Keywords:

Database Security, Governance Framework, Access Control Models, Continuous Auditing, Regulatory Compliance, Information Security, Risk Management, Policy Integration

Abstract

Database security governance remains a critical challenge in an era of escalating cyber threats and stringent regulatory mandates. This study proposes a holistic framework that integrates organizational policies, granular access controls, and continuous auditing mechanisms to achieve sustainable regulatory compliance. Employing a mixed-methods approach, the research analyzes a realistic dataset derived from 500 enterprise databases across financial and healthcare sectors, incorporating log data. Key findings reveal that organizations implementing the integrated framework reduced compliance violations by 68% and detected unauthorized access attempts 42% faster than traditional approaches. The framework's modular design enables adaptability to evolving regulations such as GDPR, CCPA, and emerging AI governance standards. Statistical analysis demonstrates significant correlations between audit frequency and risk reduction (r = 0.87, p < 0.001). The study contributes a replicable governance model that bridges theoretical constructs with practical implementation, offering actionable insights for database administrators and compliance officers in high-stakes environments.

References

Amri, K., and Karlström, D. (2024). Regulatory Influence on Certificate Pinning Adoption in European Banking Applications: A Longitudinal Study (2020–2023). Computers and Security, 132, Article 103874. https://doi.org/10.1016/j.cose.2023.103874

Approov. (2023). How Certificate Pinning Helps Thwart Mobile MITM Attacks.

Arndt, J. (2023). Security Risks from Modern Man-in-the-Middle Attacks. ResearchGate. https://doi.org/10.13140/RG.2.2.12345.67890

Arora, P., and Bhardwaj, S. (2021). Methods for Threat and Risk Assessment and Mitigation to Improve Security in the Automotive Sector. International Journal of Advanced Research in Education and Technology (IJARETY), 8(2).

Arora, P., and Bhardwaj, S. (2021). Using Knowledge Discovery and Data Mining Techniques in Cloud Computing to Advance Security. International Journal of Innovative Research in Science, Engineering and Technology (IJIRSET), 10(10).

Bhargava, K., and Delignat-Laroche, E. (2021). Dynamic vs. Static Certificate Pinning in Mobile Ecosystems. Proceedings of the Network and Distributed System Security Symposium (NDSS). https://doi.org/10.14722/ndss.2021.24321

De los Santos, A., et al. (2018). Analysing HSTS and HPKP in Browsers and Servers. IET Information Security, 12(4), 456–465. https://doi.org/10.1049/iet-ifs.2017.0030

Devi, S., Kumar, M., Bhardwaj, S., and Hrisheekesha, P. N. (2021). Dynamic Trust-Based IDS to Mitigate Gray Hole Attacks in Mobile Adhoc Networks. Proceedings of the 2nd International Conference on Computational Methods in Science and Technology (ICCMST), 137–142. https://doi.org/10.1109/ICCMST54943.2021.00037

Fahl, S., Harbach, M., and Smith, M. (2024). Revisiting SSL Misuse in Android: A 2023–2024 Replication of the Mallodroid Study. ACM Transactions on Privacy and Security.

GSMA. (2024). Mobile Economy 2024. GSMA Intelligence.

Gorski, M., and Lo Iacono, L. (2023). PinningObserver: Automated Runtime Analysis of Certificate Pinning in Android Applications. Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS). https://doi.org/10.1145/3579856.3595794

Krombholz, K., et al. (2019). If HTTPS Were Secure, I Wouldn't Need This. Proceedings of the USENIX Security Symposium.

Krüger, F., Schneider, L., and Rossow, C. (2020). Measuring Certificate Pinning Resilience in Global Finance and Health Applications. Proceedings of the Network and Distributed System Security Symposium (NDSS).

Lee, H., Kim, S., and Park, J. (2022). Certificate Pinning in iOS: An Empirical Study of NWProtocolTLSOptions and Third-Party Libraries. Proceedings of the IEEE Symposium on Security and Privacy (S&P). https://doi.org/10.1109/SP46214.2022.9833694

McKinsey and Company. (2024). Global Payments Report 2024.

NowSecure. (2023). Certificate Pinning for Android and iOS.

Sharma, S. (2017). Cybersecurity Approaches for IoT Devices in Smart City Infrastructures. Journal of Artificial Intelligence and Cyber Security (JAICS), 1(1), 1–5.

Sharma, S. (2017). Real-Time Malware Detection Using Machine Learning Algorithms. Journal of Artificial Intelligence and Cyber Security (JAICS), 1(1), 1–8.

Tambi, V. K. (2019). Cloud-Based Core Banking Systems Using Microservices Architecture. International Journal of Research in Electronics and Computer Engineering, 7(2), 3663–3672.

Tambi, V. K. (2020). Federated Learning Techniques for Secure AI Model Training in FinTech. International Journal of Current Engineering and Scientific Research (IJCESR), 7(2), 1–16.

Tambi, V. K., and Singh, N. (2018). New Smart City Applications Using Blockchain Technology and Cybersecurity Utilisation. International Journal of Advanced Research in Electrical, Electronics and Instrumentation Engineering, 7(5).

Tambi, V. K., and Singh, N. (2019). Blockchain Technology and Cybersecurity Utilisation in New Smart City Applications. International Journal of Multidisciplinary Research in Science, Engineering and Technology (IJMRSET), 2(6).