Scribd Logo
Upload

Welcome to Scribd!

  • Security Part II Chapter 4

    Uploaded by

    Krisha Alaiza
    29 views11 pages

    Original Title

    Security-Part-II-chapter-4.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    29 views11 pages

    Security Part II Chapter 4

    Uploaded by

    Krisha Alaiza

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    SECURITY PART II:

    AUDITING DATABASE
    SYSTEMS
    DATABASE MANAGEMENT
    APPROACH
    Flat-file Approach Database Approach

    Problems: Elimination of Data


    o Data Redundancy Storage Problem
    o Data Updating Elimination of Data
    Update Problem
    o Currency of
    Information Elimination of
    Currency Problem
    o Task-data
    Dependency Elimination of Task-
    data Problem
    FLAT-FILE APPROACH

    ADVANTAGES DISADVANTAGES
    All records are stored in Less security, easy to
    one place;
    Easy to understand and extract information;
    implement; Data redundancy;
    Simple sorting and filtering
    can be carried out Problem with data
    Can use a standard integrity;
    spreadsheet to store it;
    Less hardware and software Data inconsistency
    requirements ;and,
    Less skills are required to
    hand flat database system.
    DATABASE APPROACH

    ADVANTAGES DISADVANTAGES
    There is no repeating Expensive;
    attributes, no piece of data
    should be unnecessarily Complex; and,
    repeated;
    In DB approach, you only Need experienced or
    have to change data in one trained to staff to
    table and all other
    references in any other operate.
    table will automatically
    changed.
    There is no risk of the same
    attribute being stored in
    dif ferent format in dif ferent
    file.
    KEY ELEMENTS OF DATABASE
    ENVIRONMENT

    Data Management Database Administrator


    System Functions
    Typical Features Organization Interactions of DBA
    Data Definition Language Data Dictionary
    Database Views
    Users Physical Database
    Formal Access: Application Data Structures
    Interfaces Data Organization
    Informal Access: Query Data Access Model
    Language

    DBMS Model
    Database Terminology
    Hierarchical Model
    Network Model
    DATABASE IN DISTRIBUTED
    ENVIRONMENT

    Centralized Database Distributed Database

    A. Partitioned Database
    Deadlock Phenomenon
    B. Replicated Database
    or Duplication
    Concurrency Control
    A database management systems (DBMS)
    concept that is used to address conflicts with
    the simultaneous accessing or altering of
    data that can occur with a multi -user system.
    CONTROLLING AND AUDITING DATA
    MANAGEMENT SYSTEMS

    1. Access Control
    User Views
    Database Authorization
    Table
    User-Defined Procedures
    Data Encryption
    Biometric Devices
    Inference Controls
    Positive Compromise
    Negative Compromise
    Approximate Compromise
    AUDIT PROCEDURES FOR TESTING
    DATABASE ACCESS CONTROLS
    Responsibility for Authority Tables and Subschemas. The
    auditor should verify that database administration (DBA) personnel
    retain exclusive responsibility for creating authority tables and
    designing user views.
    Appropriate Access Authority. The auditor can select a sample of
    users and verify that their access privileges stored in the authority
    table are consistent with their job descriptions organizational
    levels.
    Biometric Controls. The auditor should evaluate the costs and
    benefits of biometric controls . Generally, these would be most
    appropriate where highly sensitive data are accessed by a very
    limited number of users.
    Inference Controls. The auditor can test controls by simulating
    access by a sample of users and attempting to retrieve unauthorized
    data via inference queries
    Encryption Controls. The auditor should verify that sensitive data,
    such as passwords, are properly encrypted. Printing the file
    contents to hard copy can do this.
    2. Back up Control

    Sequential files (both tape and disk) use a backup technique


    called grandparentparentchild (GPC).

    GPC (grand-parent-child) Backup Technique- This backup


    technique is an integral part of the master file update process .

    Direct access files, by contrast, need a separate backup


    procedure. Both methods are the ff.:

    Direct Access File Backup


    Off-Site Storage- As an added safeguard, backup files created under
    both the GPC and direct access approaches should be stored off-site
    in a secure location.
    2. Back up Control in the Database
    Environment

    Four needed backup and


    recovery features:
    Backup
    Transaction log
    (Journal)
    Checkpoint Feature
    Recovery Module
    The chapter concluded with a
    discussion of the control and audit
    issues related to data management. The
    risks, audit objectives, and audit
    procedures relevant to flat files and
    database systems were presented.

    THANK YOU

    You might also like