“RESUME WEEK 4”

Security part II: Auditing OS, Networks, and Database System

GROUP 4

MEMBERS:
1.DELAYA TIARA R.M (041711333105)
2.FAHMID (041911333065)
3.MELLYANTI FELICIA A. (041811333073)
4.RYAN KHAIRU BELMIRO M. (041811333143)
5.STEFANIE NATANIA (041911333187)
6.TARUNA PUTRA D.M. (041711333266)
7. TERESIA DIAN R.M. (041911333176)

Flat files are data files that contain records with no structured relationships to other files.
The flat-file approach is most often associated with so-called legacy systems. The flat-file
environment promotes a single-user view approach to data management whereby end users own
their data files rather than share them with other users.
This replication of essentially the same data in multiple files is called data redundancy and
contributes to three significant problems in the flat-file environment: data storage, data updating,
and currency of information. These and a fourth problem (not specifically caused by data
redundancy) called task-data dependency are discussed next.
1. Data Storage
2. Data Updating
3. Currency of Information
4. Task-Data Dependency

The Database Approach

Access to the data resource is controlled by a database management system (DBMS). The
DBMS is a special software system that is programmed to know which data elements each user is
authorized to access. The user’s program sends requests for data to the DBMS, which validates
and authorizes access to the database in accordance with the user’s level of authority. This
approach centralizes the organization’s data into a common database that is shared by other users.
With the enterprise’s data in a central location, all users have access to the data they need to achieve
their respective objectives. Through data sharing, the traditional problems associated with the flat-
file approach may be overcome.

● Data definition language (DDL) : a programming language used to define the database to the
DBMS. The DDL identifies the names and the relationship of all data elements,records, and
files that constitute the database.
● Database Views :Internal View/Physical View. The physical arrangement of records in the
database is presented through the internal view. This is the lowest level of representation, which
is one step removed from the physical database.
● Conceptual View/Logical View (Schema) :describes the entire database. This view represents
the database logically and abstractly, rather than the way it is physically stored.
● External View/User View (Subschema) : defines the user’s section of the database—the
portion that an individual user is authorized to access.

Users
➔ Formal Access: Application Interfaces
- Data Manipulation Language. Data manipulation language (DML)
- DBMS Operation.
➔ Informal Access: Query Language
- Definition.
- SQL
The Database Administrator
- Organizational Interactions of the DBA
- The Data Dictionary
The Physical Database
● Data structures are pondation of the database
● In data Organization a file refers to the way records are physically arranged on the secondary
storage device
● Access method is such a technique for users to locate the records and also to navifate
throught database

Database Terminology
❖ Data Attribute/Field.
❖ Entity
❖ Record Type (Table or File)
❖ Database
❖ Associations

The Hierarchical Model

Limitations of the Hierarchical Model
The hierarchical model doesn’t always show the reality. There are limitation in this hierarchical
model. The limitation are :
1. A parent record may have one or more child records.
2. No child record can have more than one parent.
The network model
The network model is a navigational database with explicit linkages between records and files.
The relational Model
The most apparent difference between the relational model and the navigational models is the way
in which data associations are represented to the user. The relational model portrays data in the
form of two-dimensional tables
Designed tables possess the following four characteristics:
1. All occurrences at the intersection of a row and a column are a single value. No multiple values
(repeating groups) are allowed.
2. The attribute values in any column must all be of the same class.
3. Each column in a given table must be uniquely named. However, different tables may contain
columns with the same name.
4. Each row in the table must be unique in at least one attribute. This attribute is the primary key.

DATABASES IN A DISTRIBUTED ENVIRONMENT

The physical structure of the organization’s data is an important consideration in planning a
distributed system. In addressing this issue, the planner has two basic options: the databases
can be centralized or they can be distributed.
Centralized Databases
➔ Data Currency in a DDP Environment
During data processing, account balances pass through a state of temporary inconsistency
where their values are incorrectly stated
Distributed Databases
➔ Partitioned Databases Approach : splits the central database into segments or partitions
that are distributed to their primary users.
◆ The Deadlock Phenomenon : A permanent condition that must be resolved by
special software that analyzes each deadlock condition to determine the best
solution
◆ Deadlock Resolution : Resolving a deadlock usually involves terminating one or
more transactions to complete processing of the other transactions in the deadlock
➔ Replicated Databases : data access for query purposes is ensured, and lockouts
and delays due to data traffic are minimized
Concurrency Control
Database concurrency is the presence of complete and accurate data at all user sites. A commonly
used method for concurrency control is to serialize transactions.
Concurrency Control
● Database concurrency is the presence of complete and accurate data at all user sites.
● Designers need to employ methods to ensure transactions processed at each site are accurately
reflected in the databases of all the other sites.
● Commonly used method is to serialize transactions which involves labeling each transaction
by two criteria:
1. Special software groups transactions into classes to identify potential conflicts.
2. Second part of control is to time-stamp each transaction.
Database Distribution Methods and the Accountant
● Many issues and trade-offs in distributing databases.
● Basic questions to be addressed:
1. Centralized or distributed data?
2. If distributed, replicated or partitioned?
3. If replicated, total or partial replication?
4. If partitioned, what is the allocation of the data segments among the sites?
● Choices impact organization’s ability to maintain database integrity, preserve audit trails, and
have accurate records.
Controlling and Auditing Data Management Systems
● Controls over data management systems fall into two categories.
● Access controls are designed to prevent unauthorized individuals from viewing, retrieving,
corrupting or destroying data.
● Backup controls ensure tat the organization can recover its database in the event of data loss.
Access Controls
● User views (subschema) is a subset of the database that defines user’s data domain and access.
• Database authorization table contains rules that limit user actions.
● User-defined procedures allow users to create a personal security program or routine .
● Data encryption procedures protect sensitive data.
● Biometric devices such as fingerprints or retina prints control access to the database.
● Inference controls should prevent users from inferring, through query options, specific data
values they are unauthorized to access.
Audit Procedures for Testing Database Access Controls
● Responsibility for Authority Tables and Subschemas
● Appropriate access authority
● Biometric controls
● Inference controls
● Encryption controls
Backup Controls
Data can be corrupted and destroyed by malicious acts from external hackers. To recover from
such disasters, organizations must implement policies, procedures, and techniques that
systematically and routinely provide backup copies.
Backup Controls in the Flat-File Environment
● GPC backup technique
● Direct access file backup
● Off-site storage
● Audit objective relating to flat-file backup
● Audit procedures for testing flat-file backup
Backup Controls in the Database Environment
● Backup
● Transaction log (journal)
● Checkpoint feature
● Recovery module
● Audit objective relating database backup
● Audit procedures for testing database backup control