Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Transcript of Untitled Prezi
Security Part II: Auditing System Database
Data Management Approaches
Key Elements of the Database Environment
General Tasks of Database Administrator
Databases in a Distributed Environment
– the first approach involves retaining the data in a central location. Remote IT units send requests for data to the central site, which processes the requests and transmits the data back to the requesting IT unit.
Live: Welcome Rotonda, Manila
FLAT FILE APPROACH
Flat files are data files that contain records with no structured relationships to other files. It is most ofter associated with so called legacy systems.
There are significant problems in the flat file environment:
a. Data storage
b. Data updating
c. Currency of information
d. Task data dependency
THE DATABASE APPROACH
This approach centralizes the organizations data into a common database that is sharedby other users.
a. Elimination of Data Storage Problem
b. Elimination of Data Update Problem
c.Elimination of Currency Problem
d. Elimination of Data task Dependency Problem
Installation, configuration, upgrade, and migration
Although system administrators are generally responsible for the hardware and operating system on a given server, installation of the database software is typically up to the DBA.
Backup and recovery
DBAs are responsible for developing, implementing, and periodically testing a backup and recovery plan for the databases they manage.nistrators are generally responsible for the hardware and operating system on a given server, installation of the database software is typically up to the DBA.
The DBA must understand the particular security model that the database product uses and how to use it effectively to control access to the data.
Storage and capacity planning
The primary purpose of a database is to store and retrieve data, so planning how much disk storage will be required and monitoring available disk space are key DBA responsibilities.
Performance monitoring and tuning
The DBA is responsible for monitoring the database server on a regular basis to identify bottlenecks and remedy them
When things do go wrong with the database server, the DBA needs to know how to quickly ascertain the problem and to correct it without losing data or making the situation worse.
▪ Data Attribute/Field A single item of data.
▪ Entity A database representation of an individual resource, event, or agent about which we choose to collect data.
▪ Record Type (Table/File) Occurs when we group together the data attributes that logically define an entity.
▪ Database Set of record types that an organization needs to support its business processes.
▪ Association Record types that constitute a database exist in relation to other record types. Three basic record associations are:
▫ One-to-one association. A row in a table is associated to one and only one row in another table.
▫ One-to-many association. A row in a table in a database can be associated with one or (likely) more rows in another table. ▫ Many-to-many association. When one or more rows in a table are associated with one or more rows in another table.
▪ Hierarchical Model
A popular method of data representation because it reflected, more or less faithfully, many aspects of an organization that are hierarchical in relationship.
▪ Network Model
A navigational database with explicit linkages between records and files.
▪ Relational Model
It has its foundation in relational algebra and set theory, which provide the theoretical basis for most of the manipulation operations used.
Data currency in a DDP environment –
during data processing, account balances pass through a state of temporary inconsistency where their values are incorrectly stated. This occurs during the execution of a transaction.
– database concurrency is the presence of complete and accurate data at all user sites.
Distributed databases -
is a database in which storage devices are not all attached to a common processing unit such as the CPU controlled by a distributed database system. It can be either partitioned or replicated.
1. Partitioned Databases
splits the central database into segments or partitions that are distributed to their primary users. It works best for organization that required minimal data sharing among their distributed IT units.
The advantages of this approach follow:
* Having data stored at local sites increases users’ control.
* Transaction processing response time is improved by permitting local access to data and reducing the volume data that must be transmitted between IT units.
* Partitioned databases can reduce the potential effects of a disaster. By locating data at several sites, the loss of a single IT unit does not eliminate all data processing by the organization.
The Deadlock Phenomenon –
is a permanent condition that must be resolved by special software that analyzes each deadlock condition to determine the best solution.
ALL of these four must happen simultaneously for a deadlock to occur:
* Mutual exclusion * Hold and Wait
* No Preemption *Circular Wait
• Resolving a deadlock usually involves terminating one or more transactions to complete processing of the other transactions in the deadlock. The preempted transactions must then be reinitiated. In preempting transactions, the deadlock resolution software attempts to minimize the total cost of breaking the deadlock.
Factors considered in the decision:
• The resources currently invested in the transaction
• The transaction’s stage of completion
• The number of deadlocks associated with the transaction
* Database Management System (DBMS)
* The Database Administrator
* Physical Database
* DBMS models
DATABASE MANAGEMENT SYSTEM
- provides a controlled environment to assist (or prevent) access to the database and to efficiently manage the data resource.
1. Program Development
2. Backup and recovery
3. Database usage reporting
4. Database access
A. DATA DEFINITION LANGUAGE (DDL)
- is a programming language used to define the database to the DBMS.
a) Internal View/Physical View
b) Conceptual View/ Logical View (Schema)
c) External View/ User View (Subschema)
B. DATA MANIPULATION LANGUAGE (DML)
- is the proprietary programming language that a particular DBMS uses to retrieve, process, and store data.
C. QUERY LANGUAGE
- is an ad hoc access methodology for extracting information from a database.
Controlling and auditing data Management System
Two General Categories
* Access Control
* Back up Control
Users of flat files maintain exclusive ownership of their data
Access controls risk
* Corruption of data
* Theft of data
* Misuse of data
* Destruction of data
Several Access control
* User views
* Database authorization
* User- defined procedures
* Data encryption
* Biometric devices
* Inference Controls
The user view or subschema is a subset of the total database that defines the user’s data domain and provides access to the database domain and provides access to the database.
The database authorization table contains rules that limit the action a user can take.
Table 4.3 Database Authorization Table, 171pg
User- Defined Procedures
A user-defined procedure allows the users to create a personal security program or routine to provide more positive user identification than a single password.
Data encryption is the conversion of data into a secret code for storage in databases and transmission over network
Biometric devices measures various personal characteristic such as fingerprints, voice prints, retina prints or signature characteristics.
Inference control prevents users from inferring, through query features, specific data values that they otherwise are unauthorized to access.
Three Types of compromises to the database that inference control attempts to prevent:
1. Positive Compromises
2. Negative Compromises
3. Approximate Compromises
Back Up Controls
* GPC backup technique
* Direct access file backup
TWO FACTORS INFLUENCE THE SYSTEM DESIGNER
* The financial significance of the system
* The degree of file activity
AUDIT PROCEDURES FOR TESTING FLAT-FILE BACKUP CONTROLS
* Sequential file (GPC) backup
* Backup transaction files
* Direct access file backup
* Off-site storage
FOUR BACKUP AND RECOVERY FEATURES
* BACKUP – makes a periodic backup of the entire database.
* TRANSACTION LOG (JOURNAL) – provides an audit trail of all processed transactions.
* CHECKPOINT FEATURE – suspends all data processing while the system reconciles the transaction log and the database change log against the database
* RECOVERY MODULE – uses the logs and backup files to restart the system after a failure.