Database Security: Database security is a critical area of ​​computer and information security that deals with the protection of a single database or a group of databases from illegal access, injection or possible destruction. The data can be customer information, intellectual property, financial assets, or any other record that can be maintained and managed on a system. Without database security people are at risk of identity fraud, theft, property destruction and much worse. The global costs of such security breaches amount to more than a billion dollars per year, and the cost to individual companies can be extreme, sometimes disastrous. One of the most popular methods for protecting databases includes storing a backup in a secondary location or data center. The benefit of storing your backup in a secondary location is the process of restoring and preventing damage in the event of a data destruction or disaster at the primary source. A company's database infrastructure often contains its most important data and is subject to a wide range of attacks. Some of the database security threats are excessive and unused privileges, SQL Injection, DoS etc. Excessive and unused privileges occur when someone in the company is granted database privileges that exceed the requirements of their job function, these privileges can sometimes be abused. A good example of excessive and unused privilege would be a university system administrator whose primary function is to maintain student information, but due to excessive privilege could potentially have access to modify student grades. Another example would be that of an employee with access to the HR database, who leaves the organization in ...... middle of paper ...... The use of portable devices is forcing most organizations face higher risks from hackers gaining access to sensitive data. Databases are primarily targeted by attackers because they contain a high volume of important and potentially critical data. The best way to overcome these risks is to store important information as a backup and protect data transmission over the public network. The organization should set up firewalls between the company intranet and the Internet to block access to the network from any external devices. That said, the organization should continually educate its employees about the risks and track and secure portable devices used by IT staff. If such security measures are implemented by an organization, they can ensure that critical and important information is less susceptible to vulnerabilities.