Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Chapter 4: System Security II

No description

Vasana Narip

on 12 February 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Chapter 4: System Security II

Chapter 4: System Security II
Controls and Audit
Database Access and Update
Database in a Distributed Environment

The data is retained in a central location.
Remote IPUs send requests for data.
Central site services the needs of the remote IPUs.
The actual processing of the data is performed at the remote IPU.

Data Currency
in DDP
Relational Database
Database Conceptual Models
Physical Database
Understand the operational
inherent in the flat-file approach to data management that gave rise to the database approach
Understand the relationships among the fundamental
components of the database concept
Recognize the defining characteristics of three database model: Hierarchical, network and relational
Understand the operational features and associated risks of deploying centralized partitioned, and replicated database models in the DDP environment
Be familiar with the audit objectives and procedures used to test data management controls.

Flat-File v.s.
Database Environments
Data Management Systems
Flat-File Approach
“Own” rather than “Share”
File contain information for
specific need of the owner
, not others, thus
inhibit data integration
Same data for multiple users with different purposes is structured to
separate data sets
Data Storage

- creates excessive storage costs of paper documents and/or magnetic form.
Data Updating
- any changes or additions must be performed multiple times.
Currency of Information
– has the potential problem of failing to update all affected files.
Task-Data Dependency
- user unable to obtain additional information as his or her needs change
Data integration

– inhibit integration of data among different applications. No relationship with other files.

Use database management system (DBMS) to manage data:
Create tables, fields for data repository
Store information/objects in the table/fields
Create different views to display only required data to different users
Manage access privilege granted to each user.
Backup/Recovery – roll back features
Applications are working with the DBMS to populate, manipulate and present the data



*IPU = Information Processing Unit
in DDP with a centralized database (more on Multi-user processing environment)* , there is a problem with
temporary data inconsistency
as records are read and updated.
Database lockout
procedures are necessary to resolve the problem.
However, lockout procedures may lead to

Data Inconsistency
(Invoice) 700
= 2,300
(Invoice) 600
= 2,200
(Invoice) 700
= 2,300
(Invoice) 600
= 2,200
(Invoice) 600
= 2,900
Access Control
Backup Control
Audit Objective:
unauthorized individuals are denied access to data
those authorized to use databases are limited to data needed to perform their duties
Audit Objective:
backup controls can adequately recover lost, destroyed, or corrupted data
Authorization Table
Full transcript