Module 1: e-Learning

CHAPTER 1: INTRODUCTION TO COMPUTER HARDWARE AND SOFTWARE............................. 3

PART 3: DATABASE AND DATABASE MANAGEMENT SYSTEMS ................................................... 3
Learning Objectives .............................................................................................................................. 3
3.1 Introduction.............................................................................................................................. 3
3.2 Data Management .................................................................................................................. 3
3.2.1 DIKW ....................................................................................................................................... 3
3.2.2 Hierarchy of Data .................................................................................................................... 4
3.2.3 Why do we need Databases? ................................................................................................ 4
3.2.4 What is a Database? .............................................................................................................. 5
3.2.5 What is Database Management System? ............................................................................. 5
3.2.6 Database Models ............................................................................................................... 8
3.3 Relational Data Integrity .......................................................................................................10
3.3.1 Database Schemas ..............................................................................................................12
3.4 Database Languages............................................................................................................14
3.4.1 Data Definition Language (DDL) .........................................................................................15
3.4.2 Data Manipulation Language (DML) ...................................................................................16
3.4.3 Data Control Language (DCL) .............................................................................................17
3.5 Key concepts of Database ...................................................................................................17
3.5.1 Meta Data..............................................................................................................................17
3.5.2 Data Dictionary .....................................................................................................................18
3.5.3 Data Administrator and Database Administrator ............................................................18
3.6 Database Applications-Linking Databases to the Web ......................................................19
3.7 Database Security and Control ............................................................................................20
3.7.1 Database Security ................................................................................................................21
3.8 Auditing Databases ...............................................................................................................23
3.8.1 Need for Auditing Databases ...............................................................................................23
3.8.2 Database Auditing Tools ......................................................................................................25
3.9 Summary ...............................................................................................................................26

1
 Chapter 1, Part 3: Database and Database Management Systems

3.10 References ............................................................................................................................27

2
Module 1: e-Learning

CHAPTER 1: INTRODUCTION TO COMPUTER

HARDWARE AND SOFTWARE
PART 3: DATABASE AND DATABASE
MANAGEMENT SYSTEMS

Learning Objectives
 To gain understanding of Data Base Management Systems
 To understand Database Models
 To understand Database Languages
 To gain understanding of People involved with DBMS
 To understand Controls features in Database Management Systems
 To understand how to audit DBMS

3.1 Introduction
Every organisation has to manage its information i.e. any organisation should know what it needs in
terms of information, acquire that information, organize that information in a meaningful way, assure
information quality and provide software tools so that users in the organisation can access information
they require. To achieve the above objectives, the organisation has to use Data Base Management
Systems (DBMS)

3.2 Data Management

3.2.1 DIKW
For any organisation to survive today the crucial need is to have data and ability to process it.

• The word Data is derived from Latin for “to give”, thus “Data” in really gives facts from which
additional facts can be inferred.
• Information is the data that has been processed within a context into a form to give it
meaning or useful for user
• Knowledge is the information that has been analysed, assimilated.

3
 Chapter 1, Part 3: Database and Database Management Systems

• Wisdom is the application of knowledge

Data Management involved managing the process of data conversion in various states from right from
data origination to its conversion as knowledge:

Data > Information > Knowledge > Wisdom.

Data management includes all aspects of data planning, handling, analysis, documentation and
storage, i.e. development, execution and supervision of plans, policies, programs and practices that
control, protect, deliver and enhance the value of data and information assets. Let us understand the
hierarchy of data base.

3.2.2 Hierarchy of Data

• Database: is a collection of related files. For example: accounting database could be a
collection of master account file, opening balance file, etc.
• File: is a collection of related records
• Record: is a collection of related data fields. A record describes an entity, e.g. PAN Number,
Name, Gross Salary, Tax Payable are the attributes of the IT Return.
• Field: is a collection of characters
• Characters: are collection of bits.

3.2.3 Why do we need Databases?

In a traditional file system, the Applications make reference to specific files containing relevant data,
e.g. invoicing application would have its invoicing file and accounting application would have its
accounting file. But this leads to whole lot of problems:

 High Redundancy- Customer details would be recorded in invoicing file as well as accounting
file.
 Limited Data Sharing- Each application would reference its own file.

4
Module 1: e-Learning

 Low Data Integrity – Let’s say a customer changes address, data might have been updated in
invoicing file but not accounting file.
 High Dependence between Data and Application- If any change in the data structure or format
is made in the data file, a corresponding change has to be made in the application program and
vice-versa.
The problems with file systems led to database approach to data management.

3.2.4 What is a Database?

A database is a collection of data, typically describing the activities of one or more related functions
of an organisation(s). Database is just like an electronic filing cabinet i.e. a collection of computerised
data files. Some databases appear a single file to the OS, the database file then becomes a container
for entire file structure.

The Database system helps us do various operations on these files such as:

 Adding new files to database

 Deleting existing files from database
 Inserting data in existing files
 Modifying data in existing files
 Deleting data in existing files
 Retrieving or querying data from existing files.
3.2.5 What is Database Management System?
Data Base Management Systems are software that aid in organizing, controlling and using the data
needed by the application programmes. A Database Management System is a software system for
creation and control of a database and manipulation of the data in the database. They provide the
facility to create and maintain a well-organized database. DBMS can mean Data repository or the
application bundled with the data repository to act as front-end. Applications access the DBMS, which
then accesses the data. Commercially available Data Base Management Systems are Oracle,
MySQL, SQL Servers and DB2, etc.

5
 Chapter 1, Part 3: Database and Database Management Systems

Invoicing
Application
Database
Database Management
Systems
Accounting
Application

With this Database approach, applications would access a common database through Database
Management Systems.

Advantages of a DBMS
 Permitting Data Sharing:
One of the main advantages of a DBMS is that the same information can be made available
to different users.
 Controlling Data Redundancy:
In a DBMS duplication of information or redundancy is, if not eliminated, carefully controlled
or reduced i.e. there is no need to repeat the same data over and over again. Minimizing
redundancy can, therefore, significantly reduce the cost of storing information on hard drives
and other storage devices, as also avoid data inconsistency.

 Integrity can be maintained:

o Integrity constraints can be applied to database so that the correct data can be
entered and updated into database. The constraints may be applied to data item
within a single record to ensure domain and relational integrity or they may be
applied to relationships between records to ensure referential integrity. This also
ensures consistent data across the database.
o Data integrity is maintained by having accurate, consistent, and up-to-date data.
The chances of making a mistake increase if the same data has to be changed at several
different places than making the change in one place. Updates, in a database need to be
made only at one place.
 Program and file consistency:
Using a DBMS, file formats and programs are standardised. This makes the data files easier
to maintain because the same rules and guidelines apply across all types of data. The level
of consistency across files and programs also makes it easier to manage data when multiple
programmers are involved.

6
Module 1: e-Learning

 User-friendliness:
DBMS makes the data access and manipulation easier for the user. DBMSs also reduce the
reliance of users on computer experts to meet their data needs.
 Improved security:
DBMSs allow multiple users to access the same data resources which could lead to risk to
an organisation if not controlled. Security constraints can be defined i.e. Rules can be built
to control access to sensitive data. Some sources of information need to be protected or
secured and only viewed by select individuals. Through the use of passwords, database
management systems can be used to restrict data access to only those who are authorised.
 Achieving program/data independence:
In a DBMS, the data and the programs required to update and maintain those data items are
not coupled. Programs being independent of data files can be modified independently of the
data files, since In a DBMS data does not reside in applications but data bases program and
data are independent of each other.
 Faster application development
In the case of deployment of DBMS, as the data in a database is independent of the
applications, the latter can be developed to access the database through application
interface. Thus, Application development becomes fast. If any change in the data structure
or format is made in the data file, a corresponding change need not be required in the
application program and vice versa.

Disadvantages of a DBMS
There are two major downsides to using DBMSs. These are Cost and Threat to data security.

 Expensive
o Implementing a DBMS system can be expensive and time-consuming., especially
in large organisations.
o Training requirements alone can be quite costly.
o Other disadvantage could be cost of data conversion from legacy Non-DBMS
solutions, requirement of specific skill sets to manage the DBMS (need for a DBA).
o DBA is required to fine tune the DBMS from time to time with increased volumes
and changing requirements.
 Security:
o In the absence of proper safeguards in place, it may be possible for some
unauthorised users to access the database. If one gets access to database then it
could be an all or nothing proposition.
 DBMS failure: Single point of failure
o As the whole data may be stored in the DBMS, it becomes a single point of failure
resulting in disruption of services/non-availability of data.

7
 Chapter 1, Part 3: Database and Database Management Systems

3.2.6 Database Models

A database should be designed to store all data relevant to business to facilitate quick and
easy modifications. A database model is a type of data model that determines the logical
structure of a database and fundamentally determines in which manner data can be stored,
organized, and manipulated.
Following are the database models,
 Hierarchical Database
 Network Database
 Relational Database (RDBMS)

Hierarchical Database Model

Data is organized in a tree structure. The records have a one-to-many relationship (1: n), one record
type is the root, all other record types is a child of one parent record type only.

One typical Hierarchical structure could be your Directory (folders) in Windows OS.

Network Database Model

Records have a many-to-many relationship. For example many customers have multiple accounts.
The main disadvantage of this model is its complexity. Also, when the database is re-organized, there
is every possibility that data independence might be lost.

8
Module 1: e-Learning

Relational Database Model

The Relational Database Model is very simple and elegant; a relational database is a collection of
one or more relations, where each relation is a table with rows and columns which is a logical
equivalent of files. It permits the use of simple, high-level languages to query data.

This model represents the database as a collection of Relations and is governed by these rules:

• Data is represented in a two-dimensional table, in rows and columns.

• Columns describe the attributes.
• Each column in the table has a unique name.

9
 Chapter 1, Part 3: Database and Database Management Systems

• All the entries in any column are of the same type or same domain.
• Each column has a domain, a set of possible values that can appear in that column.
• All the entries in any column are of the same type or same domain.
• A row in the table is called Tuple.
• Ordering of rows and columns is insignificant.
• Duplicate rows are not allowed.
• All data items stored in the columns are atomic in nature, that is, they cannot be split
further without loss of information.
• In many tables, there is a column called the Key Column whose value is unique and
cannot be null.

3.3 Relational Data Integrity

In order to maintain integrity (accuracy) of data in the database, relational model specifies several
types of integrity constraints. Its major types are:

• Domain constraint: This means that all the values in the column of a table must be from
the same domain. Example: In Income Tax Assessee Database Column of First Name would
have all First names and Date of Birth would have all Date of Births in Date format.
• Entity Constraint: This rule is to ensure and assure that the data values for the primary key
are valid and not null. Example: In Income Tax Assesse Database the primary key would be
PAN Number which is unique and never null.
• Referential Integrity: In a relational data model, associations between tables are defined
by using foreign keys. The referential integrity rule states that if there is a foreign key in one
table, either the foreign key must match the primary key of the other table or else the foreign
key value must be null.

10
Module 1: e-Learning

In the above case SalesPersonID in Sales Order Table is foreign key but is primary Key in Sales
Person Table. This Constraint says that if in Sales Order Table for a transaction, SalesPersonId is
0033 then that value should exist as Primary key in Sales Person Table. There might also be a case
where there is direct order, in such a case SalesPersonID would be Null (in the Sales Order table).
Thus Referential Integrity Constraint would not allow someone to create an order booked by a non-
existent salesman.

People Associated With DBMS

• Data Owners: Owners of database

• Database Designers: Help in Database design and Structure
• Application Developers: Implement Database Design and application programs
• Database Administrators: Manage Database management systems(discussed later)
• End Users: Who query and update databases
Normalisation

“Norma” in Latin means Carpenter Square whose job is to set it at right angle.

Similarly, normalization is used to set the table right. Database normalization is a conceptual
Database design technique which involves process of organizing the fields and tables of a relational
database to minimize redundancy and dependency on non-key elements. Objective is all non-key
items are related on key fields It is the process of Conceptual Database Design achieved through -
identification of relationships among various data items, Grouping data items and establishing
relationships and constraints. Normalization usually involves dividing large tables into smaller and still

11
 Chapter 1, Part 3: Database and Database Management Systems

smaller (and less redundant) tables and defining relationships between them in order to improve
storage efficiency, data integrity and scalability. The objective is to have data Tables in such a way
that additions, deletions, and modifications of a field can be made in just one table and then
propagated through the rest of the database using the defined relationships.

The advantages of the normalization are:

• Reduced redundancy.
• More efficient data structure.
• More flexible data structure i.e. we are able to add new rows and data values easily.
• Better understanding of data.

3.3.1 Database Schemas

DBMS is responsible for access of Database; one of the initial steps would be “telling” the DBMS the
logical and physical structure of data and relationships among data for each user. This Description of

12
Module 1: e-Learning

database is called Schema. The data in a DBMS is described at three levels of abstraction or
schemas:

External Schema
It is the user’s view of the database. This level describes that part of the database that is relevant to
each user.

External level is the one which is closest to the end users. Individual users are given different views
according to the user’s requirement.

Let’s say an HR person’s requirement in terms of data would be EmployeeID, EmployeeName,

DateofBirth, DateofJoining, Department, Designation, Basic Pay. Whereas Payroll Persons would be
interested in EmployeeID, EmployeeName, Department, Designation, Basic Pay, leave, TDS,
Deduction. These would be different user’s view of data or External Schema.

Conceptual Schema
This level describes what data is stored in the database and the relationships and constraints among
the data. This level contains the logical structure of the entire database. The conceptual level
represents all entities, their attributes and their relationships.

The conceptual schema in above case would consist of EmployeeID, EmployeeName, DateofBirth,
DateofJoining, Department, Designation, Basic Pay, Leave, TDS, Deduction and relationship
amongst them i.e. incorporates view of community of users HR as well as payroll.

All these data items would be in the form of Normalized small Tables with relationships and
constraints.

Internal Schema
It is the physical representation of database on the computer. This level describes how the data is
physically stored in the database. The internal level is concerned with storage space allocation,
Record descriptions, Records placement, Data Compression and Data Encryption Techniques.

13
 Chapter 1, Part 3: Database and Database Management Systems

External Schema External Schema

HR View Payroll View

Logical
Structure Conceptual
Schema
Physical
Storage
Structure
Internal Schema

3.4 Database Languages

A DBMS provides a comprehensive set of facilities to perform the following actions:

• Creating, Modifying, Deleting database objects.

• Inserting, Updating and deleting data in the database.
• Performing the process of querying the database.
• Controlling access to the database.
• Providing facilities for data integrity and consistency.
These facilities are grouped under database languages. Structured Query Language or SQL is a
language that provides an interface to relational database systems. The three important
classifications of database languages are:

• Data Definition/Description Language (DDL);

• Data Manipulation Language (DML); and
• Data Control Language (DCL).

14
Module 1: e-Learning

3.4.1 Data Definition Language (DDL)

The schemas discussed above need to be entered into the DBMS. This would be done using Data
Definition Language (DDL). It is a collection of instructions and commands used to define and
describe the data and relationships in a specific database.

Data Definition Language (DDL) is used by the DBA (Database Administrator- explained later) and
by database designers to define both conceptual and internal schemas. DDL does not deal with data.

It is a set of SQL commands used to create, modify and drop database structure. These commands
are not generally used by a common user.

Example: To create schema, SQL statement CREATE Table is used or to Modify Schema ALTER
Table is used. All these statements are used to define Database

In the above example: CREATE table isastudent (StudentID varchar (20), roll_no number (10))

This means that we want to create a table with the name ‘isastudent’ with two columns - StudentID
and roll_no. The name field will have attributes of type of: data: character, Maximum size of 20
characters. Similarly, roll no will be a number type with maximum length of 10.

Use of ALTER with RENAME for Renaming Table

15
 Chapter 1, Part 3: Database and Database Management Systems

Use of DROP for Deleting Table

3.4.2 Data Manipulation Language (DML)

Subsequent to installation of DBMS, Users like managers would like to review reports and access
information.

To query the databases, the commands used to manipulate the databases are part of Data
Manipulation Language (DML). Typical manipulations include retrieval, insertion, deletion, and
modification of data. DML statements are used to maintain and query a database.

Applications access data through DML.

It is the area of SQL that allows changing data within the database i.e. enable users to manipulate
data in existing schemas’ objects.

16
Module 1: e-Learning

Example: SQL statement like AVG (Average) MAX (find Largest Value) are used to query the
database

In the above example: SELECT StudentID, roll_No FROM isastudents WHERE StudentID ="1888“

In the table name isastudents, StudentID and roll_No refer to two fields containing StudentID and Roll
number respectively in the table and we are trying to extract data relating to Student with ID “1888”.

3.4.3 Data Control Language (DCL)

After Database has been setup and being able to manipulate data there is also a need to control a
database, including administering privileges and committing data this is done using statements
forming part of Data Control Language (DCL). DCL is a database language used to control access
to data in a database.

 Example: To give privileges and roles SQL statements like GRANT.

SQL>GRANT SELECT ON isastudents TO Pyare.Lal

To grant the user Pyare.Lal ability to retrieve information from the isastudents Table, we use GRANT
with SELECT

3.5 Key concepts of Database

3.5.1 Meta Data
Meta Data is critical to DBMS. It data is data about it provides data about:

17
 Chapter 1, Part 3: Database and Database Management Systems

o Where data came from

o How data were changed
o How data are stored
o How data are mapped
o Who owns data
o Who can access data
o Data usage history
o Data usage statistics

3.5.2 Data Dictionary

It is the documentation of database providing detailed description of every data in database. It covers
the following:

o Way data is defined

o Types of data that is present
o Relationship among data
o Keys for databases
o People Accessing data and Access rules

The typical uses of a data dictionary are:

 Provide a standard definition of terms and data elements that can be referenced by
programmers, database administrators, and users to maintain data integrity
 Assist programmers in designing and writing programs
 Simplify database modification
3.5.3 Data Administrator and Database Administrator
 Data Administrator- Administrative and Policy Functions
 Data Base Administrator- Technical Functions
Database administrator (DBA) manages the DBMS for an organisation. As organisation Database
Systems are important and complex, the task of designing and maintaining the Database requires a
skilled Database Administrator who has a thorough knowledge of the business of the organisation, is
well versed in the use of DBMS and who keeps abreast with new emerging technologies and
methodologies. The DBA designs schemas, provides security, restores the system after a failure, and
periodically tunes the database to meet changing user needs.

Data management tasks

18
Module 1: e-Learning

 Perform the process of liaising with management.

 Perform the process of liaising with database users for their needs.
 Perform the process of liaising with database vendors.
 Perform the process of liaising with the Data Administrator (DA).
 Acquire latest information on database technologies and tools.
 Prepare the project status report on the usage of databases.
Security tasks

 Monitoring and maintaining security of databases.

 Granting access rights and revoking them to users.
Technical Tasks

 Monitoring the databases, perform database tuning and optimizing database

performance.
 Maintaining availability (24 x 365) and ensuring integrity of databases.
 Installing any patch software, if necessary.
 Managing database backups and restorations.
 Guiding application programmers in their work.
 Performing the process of capacity planning.
 Performing the process of normalization, demoralization, indexing, and defining views.
 Framing procedures for purging and archiving data.
Some Enterprises have a separate position Data Administrator which is a non-technical position.
Job of Data Administrator relates to data rather than Database. All administrative and policy matters
rest with DA. Thus, the primary responsibility of defining External and Conceptual Schema is jobs of
DA, whereas the primary responsibility of defining internal schema rests with DBA.

3.6 Database Applications-Linking Databases to the Web

Front-end application: These directly interact with people or users.

Back-end application: Interacts with other programs or applications.

Web provides interactive interface (to the clients) to the business information stored in back-end
databases. Databases are the functional muscle of the web. System designers are increasingly using
the Web as the front end to database systems. Ability to produce useful information from the
underlying data is the strength of database applications. These could involve searching, filtering,
dicing, slicing and integrating data which is facilitated by Database Applications.

19
 Chapter 1, Part 3: Database and Database Management Systems

These Database Applications these days allow us to link company databases to internet help in
establishing data marts and warehouses, helping in remote access and manipulation of data, use
online processing to increase productivity for any organisation. One prominent example of Database
application could be ERP application SAP. Most retail store Web sites like EBay and Amazon use
database systems to store, update and present data about products for sale. The popular Web-based
"Facebook" application is essentially a database built upon the "MySQL" database system and is an
indication of the increasing usage of database applications as foundations for Web-based
applications. In short, one of the reasons of popularity of internet is the ability to link databases. Today
a large number of corporate databases are accessed over internet through a standard web browser.

3.7 Database Security and Control

Database Controls could be in terms of:

 Database Roles and Permissions

o Segregation of duties
o Roles and Permissions allow control of operations that a user can perform on
database,
 Concurrency Control
o Addresses conflicts relating to simultaneous accesses
 Views
o Views enable data access limitations. A view is a content or context dependent
subset of one or more tables. e.g. – A view might be created to allow a sales
manager to view only the information in a customer table that is relevant to
customers of his own territory and restrict user from views of the database.

 Stored Procedures
o Database servers offer developers the ability to create and reuse SQL code through
the use of objects called as Stored Procedures (Group of SQL statements).
o These are available to applications accessing a database system and are actually
stored in database. Stored procedures reduce the long SQL queries to a single line.
 Triggers
o These are designed to be automatically ‘fired’ when a specific action/event takes
place within a database. E.g. On execution of code to delete an employee from
Master File, a trigger would be executed (automatically) to scan the Employee
Liability Table to check whether any liability against this employee exists.

20
Module 1: e-Learning

3.7.1 Database Security

The objective of Data base security would be Authorised people should be given Right access to the
Right data. In this context user management becomes very important. There could be different types
of database users

 Application programmers
 Specialized users
 Naive users
This user management is achieved through Authorisation and access control

Basic model for accessing control involves:

 Subjects ( Right People)

 Objects (Right data)
 Access Rights ( Right Access)
To access the database, a user must specify a valid database user account and successfully
authenticate as required by that user account

Normally, a database administrator first uses CREATE USER to create an account, then GRANT to
define its privileges and characteristics. For Example in Oracle, The SYS and SYSTEM accounts
have the database administrator (DBA) role granted to them by default. These are predefined all other
users have to be created. Thus there is a need to create user and assign some authentication
mechanism like a Password.

21
 Chapter 1, Part 3: Database and Database Management Systems

Data base Administrator will then grant access rights or privileges to user as shown below.

22
Module 1: e-Learning

3.8 Auditing Databases

3.8.1 Need for Auditing Databases
 Cost of Breach
o The cost of data breach is very high.
o There is a huge risk of data stolen from the organisation and risk of identity theft.
o In a number of cases, records containing sensitive personal information are
involved in security breaches, raising huge privacy issues.
 Regulatory Compliance
o There are many regulations and Standards which provide for audit of Data Bases
like PCI-DSS HIPAA, ISO 27001 etc.
o Database monitoring is key requirement.
 Database Leak Prevention
o Sensitive data needs protection.
o There is an ever increasing number and type of threats which need to be mitigated.
o Attackers are targeting databases where data can be captured in bulk.
 Open Accessibility
o Web applications have melted traditional perimeter controls.
o Databases become vulnerable to breaches.

Auditing Database
The databases may be Front End or Back end. It is important to audit application controls. Applications
facilitate access by customers, employees, and business partners. Many different applications may
be accessing the same database and be subject to differing sets of controls. It is important to audit
the management of controls and also segregation of duties relating to these applications.

 Perimeter Controls: Data access is distributed in most organisations. Perimeter controls

(Firewalls, IDS etc.) protect the databases from malicious users. It is essential to audit these
perimeter controls.
 Database Controls: Segregation of duties, concurrency control and possibility of anybody
access data without going through application are some of the controls which need to be
examined.

Areas of review by IS Auditor

 Definition standards
 Separate test database and live database
 Access controls, Database user rights should be need based
o Changes in authorisation IDs
o Changes to the structure of data (such as dropping a table)

23
 Chapter 1, Part 3: Database and Database Management Systems

o Changes to data values (such as updating or inserting data)

o Access attempts by unauthorised IDs
 Controls to handle concurrent access problems.
 Monitoring database performance
 All database logs should be periodically verified
 Documentation regarding database incidents
o What activities were performed in the database by both users and administrators
 Checkpoints to minimize data loss
 Data backup and recovery procedures
 Whether backups are tested

Step by step approach for auditing database

 Understand application system / network infrastructure
o While planning an audit it is important to understand how the architecture
components inter-relate.
o Need to understand application systems and network architecture in which it
operates.
 Identify database administrators
 Identify database environments and versions
o Operating system hosts
o Database configuration files / documentation
o Database schemas
 Arrange database access
o Access should be provided for system table and system views.
 Look at Logs
o System Access
 Logins – Success / Fail
 Account / Role / Permissions changes
 Password changes
o Data Access
 SELECT – Success / Fail
o Data Change
 INSERT, UPDATE, DELETE
o Schema / Object Changes
 CREATE, ALTER, DROP
o Privileged User Activity
 All

24
Module 1: e-Learning

3.8.2 Database Auditing Tools

The process of monitoring access to and modification of selected database objects and resources
within operational databases and retaining a detailed record of the access where said record can be
used to proactively trigger actions and can be retrieved and analysed as needed.

This can be accomplished using a database auditing tools. Database Management Systems generally
have integrated data base audit tools. These can be configured for the purpose of continuous audit
of all access to sensitive data by privileged and application users, and generation of relevant reports.
They can also provide information on any changes to data base objects.

Some of the commercial databases auditing tools have additional features to issue alert on abnormal
access requests and database attacks. These solutions generate audit reports that can help in
incident response and forensic investigation through centralised management of different databases
being used by an organisation and provide analytical reports. The audit reports can also be configured
to demonstrate compliance with regulatory requirements

25
 Chapter 1, Part 3: Database and Database Management Systems

3.9 Summary
At the very heart of most of management information systems are a database and a database
management system. A database maintains information about various entities and a database
management system (DBMS) is software through which users and application programs interact with
a database. We can very well say that Databases and Database Management Systems form the
foundation of information economy. DBMS is crucial for any organisation and has to be controlled,
monitored and assessed.

26
Module 1: e-Learning

3.10 References
1. C J Date, An Introduction to Database Systems (8th Edition), Addison-Wesley.
2. Raghu Ramakrishnan, Database Management Systems, 3rd Edition, McGraw-Hill
3. http://asktom.oracle.com
4. http://www.java2s.com/Code/SQLServer/CatalogSQLServer.htm

27