Chap05Database Administration and Security

8/22/2019 Chap05Database Administration and Security

1/24

Pearson Education Limited,2004 1

Chapter 5

Database Administration and

SecurityTransparencies


2/24


Chapter 5 - Objectives The distinction between data

administration and database

administration.

The purpose and tasks associatedwith data administration and

database administration. The scope of database security.


3/24


Chapter 5 - Objectives Why database security is a serious

concern for an organization.

The type of threats that can affect adatabase system.

How to protect a computer system

using computer-based controls.


4/24


Data administration and

database administration

Data Administrator (DA) and DatabaseAdministrator (DBA) are responsible

for managing and controllingactivities associated with corporatedata and corporate database,

respectively. DA is more concerned with early

stages of lifecycle and DBA is more

concerned with later stages.


5/24


Data administration Management and control of corporate

data, including: database planning

development and maintenance ofstandards, policies, and procedures

conceptual and logical database design


6/24


Data administration tasks


7/24


Database administration Management and control of physical

realization of a database system,including:

physical database design andimplementation

setting security and integrity controls

monitoring system performance

reorganizing the database


8/24


Database administration

tasks


9/24


Comparison of data and

database administration


10/24


Database security Mechanisms that protect the

database against intentional or

accidental threats. Not only apply to the data held in a

database. Breaches of security may

affect other parts of the system,which may in turn affect thedatabase.


11/24

Pearson Education Limited,

2004 11

Database security Includes hardware, software, people,

and data.

Growing importance of security is theincreasing amounts of crucialcorporate data being stored on

computer.


12/24


2004 12

Database security Outcomes to avoid:

theft and fraud

loss of confidentiality (secrecy)

loss of privacy

loss of integrity

loss of availability


13/24


2004 13

Database security Threat

Any situation or event, whether

intentional or unintentional, that mayadversely affect a system andconsequently the organization.


14/24


2004 14

Examples of threats andpossible outcomes


15/24


2004 15

Summary of threats tocomputer systems


16/24


2004 16

Typical multi-user computerenvironment


17/24


2004 17

Countermeasures computer-based controls

authorization

views

backup and recovery

integrity

encryption Redundant array of independent

disks (RAID)


18/24


2004 18


Authorization

The granting of a right or privilege that

enables a subject to have legitimateaccess to a database system or adatabase systems object.

Authentication A mechanism that determines whether a

user is, who he or she claims to be.


19/24


2004 19


View

A view is a virtual table that does not

necessarily exist in the database but canbe produced upon request by aparticular user, at the time of request.


20/24


2004 20


Backup

Process of periodically taking a copy of the

database and log file (and possiblyprograms) onto offline storage media.

Journaling

Process of keeping and maintaining a logfile (or journal) of all changes made todatabase to enable recovery to beundertaken effectively in the event of

failure.


21/24


2004 21


Integrity

Prevents data from becoming invalid,

and hence giving misleading or incorrectresults.

Encryption

Encoding the data by a special algorithmthat renders the data unreadable by anyprogram without the decryption key.


22/24


2004 22

Redundant array ofindependent disks (RAID)

Hardware that the DBMS runs on mustbefault-tolerant, meaning that the

DBMS should continue to operateeven if one of the hardwarecomponents fails.

Suggests having redundantcomponents that can be seamlesslyintegrated into the working system

whenever there are failures.


23/24


2004 23


The main hardware components thatshould be fault-tolerant include disk

drives, disk controllers, CPU, powersupplies, and cooling fans.

Disk drives are the most vulnerable

components with the shortest timesbetween failure of any of thehardware components.


24/24


2004 24


One solution is to provide a large diskarray comprising an arrangement of

several independent disks that areorganized to improve reliability andat the same time increase

performance.

Chap05Database Administration and Security

Documents

Transcript of Chap05Database Administration and Security