We started by analyzing the list of 64 security
recommendations for databases (adopted from [1]). Each
recommendation was classified in terms of the type of
support needed for its implementation, namely: hardware
support (2 practices), network support (4 practices), plain
policies (10 practices), OS support (28 practices), DBMS
support (38 practices), and third party software support (2
practices). This classification allowed us to focus on the
practices that required at least some support for software
components (a total of 51 out of 64 security practices).