Managing Multi-User Databases (3) IS 240 – Database Management Lecture #20 2004-04-27 Prof. M. E. Kabay, PhD, CISSP Norwich University

Slides:



Advertisements
Similar presentations
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.
Advertisements

1
Distributed Systems Architectures
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
The Relational Model and Normalization (3) IS 240 – Database Management Lecture # Prof. M. E. Kabay, PhD, CISSP Norwich University
The Relational Model and Normalization (1)
1-1/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 INFORMATION WARFARE Part 1: Fundamentals Advanced Course in Engineering 2006 Cyber.
Foundations of Relational Implementation (2) IS 240 – Database Management Lecture #14 – Prof. M. E. Kabay, PhD, CISSP Norwich University
Database Design (1) IS 240 – Database Management Lecture #10 – Prof. M. E. Kabay, PhD, CISSP Norwich University
Foundations of Relational Implementation (1) IS 240 – Database Management Lecture #13 – Prof. M. E. Kabay, PhD, CISSP Norwich University
Application Design (2) Database – IS 240 Lecture #23 – M. E. Kabay, PhD, CISSP Dept of Computer Information Systems Norwich University
Database Design (3) IS 240 – Database Management Lecture #12 – Prof. M. E. Kabay, PhD, CISSP Norwich University
1 Copyright © 2004 M. E. Kabay. All rights reserved. Database Design (2) IS 240 – Database Management Lecture #11 – Prof. M. E. Kabay, PhD,
Introduction to Database Development (1) IS 240 – Database Management Lecture #3 – Prof. M. E. Kabay, PhD, CISSP Norwich University
Managing Multi-User Databases (2) IS 240 – Database Management Lecture #19 – Prof. M. E. Kabay, PhD, CISSP Norwich University
Managing Multi-User Databases (1) IS 240 – Database Management Lecture #18 – Prof. M. E. Kabay, PhD, CISSP Norwich University
Working with MS-ACCESS IS 240 – Database Management Lecture #2 – Assoc. Prof. M. E. Kabay, PhD, CISSP Norwich University
1 Note content copyright © 2004 Ian Sommerville. NU-specific content copyright © 2004 M. E. Kabay. All rights reserved. Application Architectures IS301.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
UNITED NATIONS Shipment Details Report – January 2006.
RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
Document #07-2I RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) (mod 7/25 & clean-up 8/20) Customer Supplier.
Instructions for Filling out the Reintegration Opportunity Report Savable PDF Training.
© 2010 Pearson Addison-Wesley. All rights reserved. Addison Wesley is an imprint of Chapter 5: Repetition and Loop Statements Problem Solving & Program.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.
Create an Application Title 1A - Adult Chapter 3.
1 Term 2, 2004, Lecture 6, Views and SecurityMarian Ursu, Department of Computing, Goldsmiths College Views and Security 3.
Database Systems: Design, Implementation, and Management
ACC 3200 Chapter 3: Process Costing Process Costing.
1. 2 Objectives Become familiar with the purpose and features of Epsilen Learn to navigate the Epsilen environment Develop a professional ePortfolio on.
© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.
Break Time Remaining 10:00.
Chapter 6 Computer Assisted Audit Tools and Techniques
PP Test Review Sections 6-1 to 6-6
Database Design Process
Chapter 6 Data Design.
Legacy Systems Older software systems that remain vital to an organisation.
Benchmark Series Microsoft Excel 2013 Level 2
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
1 Displaying Open Purchase Orders (F/Y 11). 2  At the end of this course, you should be able to: –Run a Location specific report of all Open Purchase.
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
Lecture plan Transaction processing Concurrency control
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
Services Course Windows Live SkyDrive Participant Guide.
By CA. Pankaj Deshpande B.Com, FCA, D.I.S.A. (ICA) 1.
Chapter 9: Subnetting IP Networks
Analyzing Genes and Genomes
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
Essential Cell Biology
Clock will move after 1 minute
Intracellular Compartments and Transport
PSSA Preparation.
Essential Cell Biology
Immunobiology: The Immune System in Health & Disease Sixth Edition
Physics for Scientists & Engineers, 3rd Edition
Energy Generation in Mitochondria and Chlorplasts
Import Tracking and Landed Cost Processing An Enhancement For AS/400 DMAS from  Copyright I/O International, 2001, 2005, 2008, 2012 Skip Intro Version.
© Paradigm Publishing, Inc Excel 2013 Level 2 Unit 2Managing and Integrating Data and the Excel Environment Chapter 6Protecting and Sharing Workbooks.
Profile. 1.Open an Internet web browser and type into the web browser address bar. 2.You will see a web page similar to the one on.
© Copyright 2011 John Wiley & Sons, Inc.
Chapter 9: Using Classes and Objects. Understanding Class Concepts Types of classes – Classes that are only application programs with a Main() method.
Copyright © 2003 M. E. Kabay. All rights reserved.
Presentation transcript:

Managing Multi-User Databases (3) IS 240 – Database Management Lecture # Prof. M. E. Kabay, PhD, CISSP Norwich University

2 Copyright © 2004 M. E. Kabay. All rights reserved. Topics Fundamentals of Information Security Database Security Database Recovery Management Issues

3 Copyright © 2004 M. E. Kabay. All rights reserved. Fundamentals of IA The Classic Triad Confidentiality Integrity Availability The Parkerian Hexad Possession Authenticity Utility Information Assurance (IA)

4 Copyright © 2004 M. E. Kabay. All rights reserved. The Classic Triad C IA

5 Copyright © 2004 M. E. Kabay. All rights reserved. Confidentiality Restricting access to data Protecting against unauthorized disclosure of existence of data E.g., allowing industrial spy to deduce nature of clientele by looking at directory names Protecting against unauthorized disclosure of details of data E.g., allowing 13-yr old girl to examine HIV+ records in Florida clinic C

6 Copyright © 2004 M. E. Kabay. All rights reserved. Integrity Internal consistency, validity, fitness for use Avoiding physical corruption E.g., database pointers trashed or data garbled Avoiding logical corruption E.g., inconsistencies between order header total sale & sum of costs of details CI

7 Copyright © 2004 M. E. Kabay. All rights reserved. Availability Timely access to data Avoid delays E.g., prevent system crashes & arrange for recovery plans Avoid inconvenience E.g., prevent mislabeling of files CI A

8 Copyright © 2004 M. E. Kabay. All rights reserved. Problem: Missing Elements Which principle of the C-I-A triad has been breached when A child takes bank card with password in envelope but does not open it? Someone sends threat to President using your address but not your logon? Someone converts all the salary figures in your database to Iraqi Dinars? ANSWER: NONE OF THEM – THE TRIAD IS INSUFFICIENT TO DESCRIBE SECURITY BREACHES

9 Copyright © 2004 M. E. Kabay. All rights reserved. The Parkerian Hexad Protect the 6 atomic elements of INFOSEC: Confidentiality Possession or control Integrity Authenticity Availability Utility

10 Copyright © 2004 M. E. Kabay. All rights reserved. Why Parkerian? Donn G. Parker Recipient of Lifetime Achievement Award from NCSC in 1993

11 Copyright © 2004 M. E. Kabay. All rights reserved. Possession Control over information Preventing physical contact with data E.g., case of thief who recorded ATM PINs by radio (but never looked at them) Preventing copying or unauthorized use of intellectual property E.g., violations by software pirates CPI A

12 Copyright © 2004 M. E. Kabay. All rights reserved. Authenticity Correspondence to intended meaning Avoiding nonsense E.g., part number field actually contains cost Avoiding fraud E.g., sender's name on is changed to someone else's CPA AuAv

13 Copyright © 2004 M. E. Kabay. All rights reserved. Utility Usefulness for specific purposes Avoid conversion to less useful form E.g., replacing dollar amounts by foreign currency equivalent Prevent impenetrable coding E.g., employee encrypts source code and "forgets" decryption key CPI AuAv U

14 Copyright © 2004 M. E. Kabay. All rights reserved. Functions of IA (1) Avoidance: e.g., prevent vulnerabilities and exposures Deterrence: make attack less likely Detection: quickly spot attack Prevention: prevent exploit Mitigation: reduce damage Transference: shift control for resolution

15 Copyright © 2004 M. E. Kabay. All rights reserved. Functions of IA (2) Investigation: characterize incident Sanctions & rewards: punish guilty, encourage effective responders Recovery: immediate response, repair Correction: never again Education: advance knowledge and teach others

16 Copyright © 2004 M. E. Kabay. All rights reserved. Information Assurance (IA) Avoid Deter Detect Prevent Mitigate Transfer Investigate Punish/reward Recover Correct Educate

17 Copyright © 2004 M. E. Kabay. All rights reserved. Database Security Processing Rights I&A Individuals & User Groups Application Security

18 Copyright © 2004 M. E. Kabay. All rights reserved. Processing Rights Who gets to do what to which records? Different functions Modify DB structure Grant rights to users Change records Delete Modify (change) Insert See entire records See selected fields MORE POWER / DANGER LESS POWER / DANGER

19 Copyright © 2004 M. E. Kabay. All rights reserved. I&A: Identification & Authentication Each individual user has unique identifier User ID for operating system logon User ID for DBMS access Connection between user ID and actual person is known as authentication based on What you know What you have What you are What you do User IDs should never be shared

20 Copyright © 2004 M. E. Kabay. All rights reserved. Individuals & User Groups Individual users may have specific rights Call this authorization or privileges for specific functions Can also define rights for groups of people (aka role- based security) Call these user groups; e.g., Human resources clerks vs HR managers Accounting book-keepers vs Accounting managers Managers for different departments May define public or visitor group if necessary Provide safe privileges for specific functions E.g., lookups, interactions for requesting info, subscribing to newsletter….

21 Copyright © 2004 M. E. Kabay. All rights reserved. Application Security DBMS security may not suffice for specific applications Business rules may be more complex than simply assigning privileges according to identity; e.g., Some patient records may be accessible to nurse or doctor only while they are treating a specific patient Some financial information may be locked while SEC is performing an audit Such requirements are programmed at the application level

22 Copyright © 2004 M. E. Kabay. All rights reserved. Topics Database Security Database Recovery Management Issues

23 Copyright © 2004 M. E. Kabay. All rights reserved. Database Recovery Transactions Application Logging Transactions and Log Files Backups & Log Files Recovery from Backups Recovery from Log Files

24 Copyright © 2004 M. E. Kabay. All rights reserved. Transactions What are transactions? Why would we care if a transaction were interrupted by a DBMS failure or a system failure?

25 Copyright © 2004 M. E. Kabay. All rights reserved. Application Logging Benefits of logging Audit trail for security / investigations Performance data Debugging What might a logging process write into the log file when a process is Adding a record? Changing a record? Deleting a record?

26 Copyright © 2004 M. E. Kabay. All rights reserved. Transactions and Log Files Why would it matter to anyone that a log file keep a distinction among different transactions? How does a log file mark an atomic transaction?

27 Copyright © 2004 M. E. Kabay. All rights reserved. Backups & Log Files Distinguish among the following types of backups: System vs application Full (everything) Differential (aka Partial) (everything changed since last full) Incremental (everything changed since last incremental) Delta (only changed data) Log files (only the information about the changes)

28 Copyright © 2004 M. E. Kabay. All rights reserved. Backup Types

29 Copyright © 2004 M. E. Kabay. All rights reserved. Recovery from Backups Discuss how one would use each of the following types of backup in recovering from a system failure Full Differential Incremental Delta

30 Copyright © 2004 M. E. Kabay. All rights reserved. Recovery from Log Files Roll-backward recovery Use log file to identify interrupted (incomplete) transactions using checkpoints How? ____________________________ Remove all changes that are part of those incomplete transactions Roll-forward recovery Start with valid backup Use log file to re-apply all completed transactions Leave out the incomplete transactions Which kind is faster?_____________________

31 Copyright © 2004 M. E. Kabay. All rights reserved. Topics Database Security Database Recovery Management Issues

32 Copyright © 2004 M. E. Kabay. All rights reserved. Management Issues Performance Inflection points Capacity Application Evolution

33 Copyright © 2004 M. E. Kabay. All rights reserved. Performance Management Log files help DBAs monitor and improve application and system performance Identify application errors quickly Identify operators with high error rates Calculate response times on different servers Can monitor trends in transaction volumes Response times Look for inflection points and study reasons

34 Copyright © 2004 M. E. Kabay. All rights reserved. Inflection Points Watch for changes in slope Always find out why pattern has changed Time Resource ?

35 Copyright © 2004 M. E. Kabay. All rights reserved. Capacity Same reasoning: look for trends in disk space usage Identify which applications are growing fastest Project when you will need to increase storage capacity Never let a database fill up to maximum capacity Be curious about any sudden change in rate of growth – find out if there are problems

36 Copyright © 2004 M. E. Kabay. All rights reserved. Application Evolution All applications must change Environment changes Operating systems / DBMS versions Regulations & laws Business needs Therefore databases change DBAs must plan to meet demands for change Keep track of structure, usage Define data repository Full metadata about all organization data systems

37 Copyright © 2004 M. E. Kabay. All rights reserved. Homework Finish very carefully reading all of Chapter 11 using the full SQ3R techniques. REQUIRED by MONDAY NOON 3 rd May (hand in at B&M office) for 26 points Group I Questions #11.37 through ALL remaining outstanding homework is due by that date. No further extensions. MK will return all homework to B&M office by Tuesday NOON OPTIONAL also by Monday 3 rd May for 3 extra points each and/or on p. 327

38 Copyright © 2004 M. E. Kabay. All rights reserved. Final Exam Thursday 6 May :00-10:30 Dewey 211 Covers entire course material T/F, short answer, diagrams, short essay,

39 Copyright © 2004 M. E. Kabay. All rights reserved. DISCUSSION

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.