Professional Documents
Culture Documents
AUDITING DATABASE
SYSTEMS
Two General Approaches to Data
Management
1. Flat-File Approach
most often associated with so-called legacy systems
promotes a single-user view approach to data management whereby end users own their data files
rather than share them with other users.
The replication of essentially the same data in multiple files is called data redundancy and contributes to
three significant problems in the flat-file environment:
Data storage
Data updating
Currency of information
Task-data dependency
Figure 4.1
Flat-File Model
Two General Approaches to Data
Management
2. Database Approach
Access to data resource is controlled by a database management systems (DBMS).
DBMS – a special software system that is programmed to know which data elements
each user is authorized to access
Through data sharing, the traditional problems associated with the flat-file approach may be
overcome:
Typical Features:
a. Program development
b. Backup and recovery
c. Database usage reporting
d. Database access
Figure 4.3
Elements of the Database
Concept
Key Elements of the Database
Environment
Internal view – lowest level of representation, which is one step removed from the physical
database
Data Manipulation Language (DML) – proprietary programming language that a particular DBMS uses to retrieve, process,
and stores data
Structured Query Language (SQL) – fourth-generation, non-procedural language with many commands that allow users to
input, retrieve, and modify data easily.
– enables all users (and programs) to share a common view of the data resource, thus greatly facilitating the
analysis of user needs
Table 4.1 Functions of Database
Administrator
Figure 4.6
Organizational
Interactions of the
Database Administrator
Key Elements of the Database
Environment
4. Physical Database
lowest level of database approach and the only level that exists in physical form
consists of magnetic spots on metallic coated disks
Data organization – refers to the way records are physically arranged on the secondary storage device
– either sequential or random
Data access methods – techniques used to locate records and to navigate through the database
DATABASE MODEL
- A data model is an abstract representation of the entities, including resources, events and
agents and their relationship in an organization.
PARTITIONED OR
REPLICATED
PARTITIONED DATABASES
Splits the central database into
segments or partitions that are
distributed to their primary users.
The Deadlock Phenomenon
In a distributed environment, it is
possible for multiple sites to look
out to each other from the database,
thus preventing each from
processing its transactions.
Deadlock Resolution
Some of the factors that are considered:
The resources currently invested in the
transaction.
The transactions stage of completion.
The number of deadlocks associated
with the transaction.
REPLICATED DATABASE
Corruption of data
Theft of data
Misuse of data
Destruction of data
1. USER VIEWS
DATABASE
2. DATABASE
CONTROL AUTHORIZATION
FEATURES TABLE
3. USER-DEFINED
THAT MITIGATE PROCEDURES
ACCESS 4. DATA ENCRYPTION
CONTROL 5. BIOMETRIC DEVICES
RISKS 6. INFERENCE
CONTROLS
DATABASE CONTROL FEATURES
THAT MITIGATE ACCESS
CONTROL RISKS
1. USER VIEW (SUBSCHEMA)
A subset of the total database that defines
the user’s data domain and provides access
to the database
The database administrator is primarily
responsible for defining user views.
DATABASE CONTROL FEATURES
THAT MITIGATE ACCESS
CONTROL RISKS
2. DATABASE AUTHORIZATION TABLE
A table containing rules that limit the
actions a user can take
DATABASE CONTROL FEATURES
THAT MITIGATE ACCESS
CONTROL RISKS
3. USER-DEFINED PROCEDURES
Procedure that allows the user to create a
personal security program.
It provides a more positive user
identification than a single password.
DATABASE CONTROL FEATURES
THAT MITIGATE ACCESS
CONTROL RISKS
4. DATA ENCRYPTION
Use of an algorithm to scramble selected
data, making it unreadable to an intruder
browsing the database
DATABASE CONTROL FEATURES THAT
MITIGATE ACCESS CONTROL RISKS
5. BIOMETRIC DEVICES
Devices that measure various personal
characteristics, such as finger, voice, or retina
prints, or other signature characteristics.
DATABASE CONTROL FEATURES THAT
MITIGATE ACCESS CONTROL RISKS
6. INFERENCE CONTROLS
Controls that prevent users from inferring
specific data values that they are
unauthorized to access through query
features
TYPES OF DATABASE COMPROMISES THAT
INFERENCE CONTROLS ATTEMPT TO
PREVENT
POSITIVE NEGATIVE APPROXIMATE
The user The user The user is able to
determines the determines that a estimate the value
specific value of a data item does not of a data item with
data item. have a specific sufficient accuracy.
value.
BACKUP GPC BACKUP
CONTROLS IN TECHNIQUE
THE DIRECT
FLAT-FILE
ACCESS FILE
ENVIRONMENT
BACKUP
OFF-SITE STORAGE