Chapter 4 Security Part II
February 28, 2017 | Author: Jelly Anne | Category: N/A
Short Description
Download Chapter 4 Security Part II...
Description
CHAPTER 4 Security Part II: Auditing Database Systems The term database is used in a broad context to include two general approaches: the flat-file model and the database model DATA MANAGEMENT APPROACHES Flat-File Approach - Flat files are data files that contain records with no structured relationships to other files. The flat-file approach is most often associated with socalled legacy systems. The flat-file environment promotes a single-user view approach to data management whereby end users own their data files rather than share them with other users Data redundancy- replication of essentially the same data in multiple files. It contributes to three significant problems in the flat-file environment: data storage, data updating, and currency of information Task-data dependency- user’s inability to obtain additional information as his or her needs change Database Approach -This approach centralizes the organization’s data into a common database that is shared by other users. With the enterprise’s data in a central location, all users have access to the data they need to achieve their respective objectives. Through data sharing, the traditional problems associated with the flat-file approach may be overcome.
Elimination of Data Storage Problem - Each data element is stored only once, thereby eliminating data redundancy and reducing data collection and storage costs Elimination of Data Update Problem- Because each data element exists in only one place, it requires only a single update procedure. This reduces the time and cost of keeping the database current. Elimination of Currency Problem- A single change to a database attribute is automatically made available to all users of the attribute Elimination of Task-Data Dependency Problem -The most striking difference between the database model and the flat-file model is the pooling of data into a common database that is
shared by all organizational users. With access to the full domain of entity data, changes in user information needs can be satisfied without obtaining additional private data sets. KEY ELEMENTS OF THE DATABASE ENVIRONMENT Database Management System Program development - to create applications to access the database. Backup and recovery- DBMS can recover to an earlier version that is known to be correct Database usage reporting- captures statistics on what data are being used, when they are used, and who uses them Database access- The most important feature of a DBMS is to permit authorized user access, both formal and informal, to the database Data definition language (DDL) is a programming language used to define the database to the DBMS. The DDL identifies the names and the relationship of all data elements, records, and files that constitute the database. This definition has three levels, called views: the physical internal view, the conceptual view (schema), and the user view (subschema). Database Views Internal View/Physical View. This is the lowest level of representation, which is one step removed from the physical database. This internal view describes the structures of data records, the linkages between files, and the physical arrangement and sequence of records in a file. There is only one internal view for the database. Database Views Internal View/Physical View. The physical arrangement of records in the database is presented through the internal view. This is the lowest level of representation, which is one step removed from the physical database. This internal view describes the structures of data records, the linkages between files, and the physical arrangement
and sequence of records in a file. There is only one internal view or the database. External View/User View (Subschema). The subschema or user view, defines the user’s section of the database—the portion that an individual user is authorized to access Users Data manipulation Language(DML) is the proprietary programming language that a particular DBMS uses to retrieve, process, and store data. Entire user programs may be written in the DML or, alternatively, selected DML commands can be inserted into programs that are written in universal languages, such as JAVA, C++, and even older languages such as COBOL and FORTRAN. A query is an ad hoc access methodology for extracting information from a database. Users can access data via direct query, which requires no formal user programs using the DBMS’s built-in query facility. IBM’s Structured Query Language (SQL) (often pronounced sequel or S-Q-L), has emerged as the standard query language for both mainframe and microcomputer DBMSs. SQL is a fourth-generation, nonprocedural language (English-like commands) with many commands that allow users to input, retrieve, and modify data easily Database administrator (DBA). The DBA is responsible for managing the database resource. The sharing of a common database by multiple users requires organization, coordination, rules, and guidelines to protect the integrity of the database. Data structures are the bricks and mortar of the database Data Organization of a file refers to the way records are physically arranged on the secondary storage device, this may be either sequential or random
Data Access Methods - is the technique used to locate records and to navigate through the database Data Attribute/Field. A data attribute (or field) is a single item of data, such as customer’s name, account balance, or address Entity. An entity is a database representation of an individual resource, event, or agent about which we choose to collect data. Record Type (Table or File). When we group together the data attributes that logically define an entity, they form a record type Navigational Databases. The hierarchical data model is called a navigational data- base because traversing the files requires following a predefined path. The Network Model - Like the hierarchical model, the network model is a navigational database with explicit linkages between records and files. The distinction is that the network model permits a child record to have multiple parents. The Relational Model - The relational model portrays data in the form of two-dimensional tables Partitioned database approach splits the central database into segments or partitions that are distributed to their primary user Deadlock is a permanent condition that must be resolved by special software that analyzes each deadlock condition to determine the best solution, can result in transactions being incompletely processed and the database being corrupted. Resolving a deadlock usually involves terminating one or more transactions to complete processing of the other transactions in the deadlock. Replicated databases are effective in companies where there exists a high degree of data sharing but no primary user Database concurrency is the presence of complete and accurate data at all user sites CONTROLLING AND AUDITING MANAGEMENT SYSTEMS
DATA
Access controls are designed to prevent unauthorized individuals from viewing, retrieving, corrupting, or destroying the entity’s data. Backup controls ensure that in the event of data loss due to unauthorized access, equipment failure, or physical disaster the organization can recover its database. The user view or subschema is a subset of the total database that defines the user’s data domain and provides access to the database Data base authorization table contains rules that limit the actions a user can take User-defined procedure allows the user to create a personal security program or routine to provide more positive user identification than a single password
Audit Procedures for Testing Database Access Controls Responsibility for Authority Tables and Subschemas. Appropriate Access Authority Biometric Controls. Inference Controls. Encryption Controls. Backup Controls Audit Procedures for Testing Flat-File Backup Controls Sequential File (GPC) Backup- select a sample of systems and determine from the system documentation that the number of GPC backup files specified for each system is adequate. Backup Transaction Files- verify through physical observation that transaction files used to reconstruct the master files are also retained Direct Access File Backup - should select a sample of applications and identify the direct access files being updated in each system Off-Site Storage- verify the existence and adequacy of off-site storage. Transaction log feature provides an audit trail of all processed transactions.
Checkpoint facility suspends all data processing while the system reconciles the transaction log and the database change log against the database. Recovery module uses the logs and backup files to restart the system after a failure.
View more...
Comments