Week 5 Written Assignment Cloud Computing Database with Auditing

We have discussed the auditing objectives and process along with quality assurance and
compliance. Technology has moved towards cloud computing. Lets explore organizations with a
high level of regulation along with sensitive customer data. Using cloud strategies (public or
private) capabilities add security challenges. In the public cloud environment systems are not
directly controlled by the data owners.
For this assignment you are required to do BOTH Part A and Part B
Part A
Submit short answers that discuss the following questions:
1. What are some of the private database cloud security issues and threats? How
does this differ from the public database cloud environment?
2. What are the control issues specific to cloud computing in the public environment
and service provider?
3. Develop an example of audit objectives in the cloud computing environment.
How could these differ between a healthcare vs financial organization?
4. Develop an example of the quality assurance objectives.
Part B
Virtual Private Database by Views
This lab requires you to use Oracle VIEW to implement a virtual database on DBSEC schema,
for example, on CUSTOMER table. Your task is to develop a single SQL script that will perform
all the following tasks:
1. Connect to DBSEC/ IS481%sec, the same user you created in previous projects.
2. Create a CUSTOMER table with the following columns:
Column Name
SALES_REP_ID

Data Type
NUMBER(4)

CUSTOMER_ID

NUMBER(8) NOT NULL

CUSTOMER_SSN
FIRST_NAME
LAST_NAME
ADDR_LINE
CITY
STATE
ZIP_CODE
PHONE

VARCHAR2(9)
VARCHAR2(20)
VARCHAR2(20)
VARCHAR2(80)
VARCHAR2(30)
VARCHAR2(30)
VARCHAR2(9)
VARCHAR2(15)

EMAIL
CC_NUMBER
CREDIT_LIMIT
GENDER
STATUS
COMMENTS
USER_NAME

VARCHAR2(80)
VARCHAR2(20)
NUMBER
CHAR(1)
CHAR(1)
VARCHAR2(1024)
VARCHAR2(30)

3. Populate the CUSTOMER table with the data provided.

4. Create a VIEW named as MY_VIEW to display only rows that belong to the
logged in user.
5. Grant SELECT and INSERT privilege on MY_VIEW to DBSEC_CLERK.
6. Connect to DBSEC_CLERK/.is481clerk You have created this user.
7. Insert one row of data into MY_VIEW as DBSEC_CLERK by using the
following data. You may need to make corrections on the statement, but keep the data as
they are.
INSERT INTO DBSEC.MY_VIEW ( SALES_REP_ID, CUSTOMER_ID,
CUSTOMER_SSN, FIRST_NAME, LAST_NAME, ADDR_LINE,
CITY, STATE, ZIP_CODE, PHONE, EMAIL, CC_NUMBER, CREDIT_LIMIT,
GENDER, STATUS,
COMMENTS, USER_NAME) VALUES (
7415, 901340, '969996976', 'Joe', 'Cat', '993888 Moreno St.', 'Champaign', 'IL'
, ' 61801', '2173331613', 'JCat@catu.edu', '2311468327372669', 20000
, 'M', 'A', 'A fun loving student', user);
8. Verify your data insertion by query MY_VIEW. You (as DBSEC_CLERK) should
only see one row of data you have inserted. This signifies the success of your
implementation.
Tips:
1. Your data insert statement will look similar to the following:
INSERT INTO CUSTOMER ( SALES_REP_ID, CUSTOMER_ID, CUSTOMER_SSN,
FIRST_NAME, LAST_NAME, ADDR_LINE,
CITY, STATE, ZIP_CODE, PHONE, EMAIL, CC_NUMBER, CREDIT_LIMIT,
GENDER, STATUS,
COMMENTS, USER_NAME) VALUES (
6415, 201340, '969996970', 'Jeffrey', 'Antoine', '9938 Moreno St.', 'Champagne', 'SD'
, ' 43172', '4319071613', 'JAntoine@iodmgpvjdzprccx.gov', '231146832737266', 200000
, 'M', 'A', 'Any comments', user);
2. Check on your login name at every step make sure your "connect" command line
works as intended.
3. On step 7 above, why the view MY_VIEW needs to be prefixed with DBSEC?

4. On step 8 above, if you see more than one row of data, you may have logged in
with incorrect user name. If you see no data, you need to check errors in the process as
well.
Submission Requirement:
The SQL script files will be required as well as the screen capture of the creation.