CHAPTER 4

SECURITY PART II:

AUDITING DATABASE
SYSTEMS

GUILING, ASLIMA M.
VILLANUEVA, CLARISSA MICAH
TIRATIRA, KATE LORIE
DATA MANAGEMENT
APPROACHES
FLAT-FILE APPROACH
DATABASE APPROACH
FLAT-FILE APPROACH
• Flat files are data files that contain records with no
structured relationships to other files.
• Associated with large, older legacy systems which are
often large mainframe systems that were implemented in
the 1970s through the 1980.
• Promotes a single-user view approach where end users
own rather than share data files.
• Separate data sets for each user leads to data
redundancy which causes problems with:
• Data storage
• Data updating
• Currency of information
• Task-data dependency
FLAT-FILE APPROACH
DATA STORAGE
- Efficient data management captures and stores
data only once and makes this single source available to all
users who need it. In the flat-file environment, this is not
possible.
- Some commonly used data may be duplicated
dozens, hundreds, or even thousands of times within an
organization
FLAT-FILE APPROACH
DATA UPDATING
- Organizations store a great deal of data on master
files and reference files that require periodic updating to
reflect changes.
- Changes must be made separately for each user. If
updating fails problem of currency of information with users
having outdated information.
- redundant updating tasks add significantly to the
cost of data management
FLAT-FILE APPROACH
CURRENCY OF INFORMATION
- In contrast to the problem of performing multiple
updates is the problem of failing to update all the user files
that are affected by a change in status. If update information
is not properly disseminated, the change will not be reflected
in some users' data, resulting in decisions based on
outdated information.
FLAT-FILE APPROACH
TASK-DATA DEPENDENCY
- user's task is limited and decision-making ability
constrained by the data that he or she possesses and
controls
- users in this environment tend to satisfy new
information needs by procuring new data files. This takes
time, inhibits performance, adds to data redundancy, and
drives data management costs even higher.
DATABASE APPROACH
• Access to the data resource is controlled
by a database management system
(DBMS).
• Centralizes organization’s data into a
common database shared by the user
community.
• All users have access to data they need
which may overcome flat-file problems.
• Elimination of data storage
problem
• Elimination of data update
problem
• Elimination of currency
problem
• Elimination of task-data
dependency
DATABASE APPROACH
KEY ELEMENTS OF DATABASE
ENVIRONMENT:
• Database management
system (DBMS),
• users,
• Database administrator
(DBA),
• Physical database, and
• Database management
system mode
 DATABASE APPROACH
DATABASE MANAGEMENT SYSTEM
- The DBMS provides a controlled environment to assist (or
prevent) access to the database and to efficiently manage the
data resource.
- Typical DBMS features include:
• Program Development – Applications may be created
by programmers and end users.
• Backup and Recovery - Copies made during processing.
• Database Usage Reporting - Captures statistics on database usage (who, when, etc.).
• Database Access - Authorizes access to sections of the database.
- Data definition language a programming language used to define the database to the DBMS on three
levels (Data views):
1. Internal View/Physical View -lowest level of representation, which is one step removed from the
physical database. This internal view describes the structures of data records, the linkages between
files, and the physical arrangement and sequence of records in a file. There is only one internal view
for the database.
2. Conceptual View/Logical View (Schema) - Describes the entire database logically and abstractly
rather than physically. Only one conceptual view.
3. External View/User View (Subschema) - user's section of the database the portion that an
individual user is authorized to access, To a particular user, the user view is the entire database.
Unlike the internal and conceptual views, there may be many distinct user views.
DATABASE APPROACH
USERS
Formal Access: Application Interfaces
- Under this mode of access, the presence of the DBMS is
transparent to the users. Data processing procedures (both
batch and real time) for transactions such as sales, cash receipts,
and purchases are essentially the same as they would be in the
flat file environment.

Data Manipulation Language

- is the proprietary programming
language that a particular DBMS uses to retrieve, process,
and store data to / from the database.
- Entire user programs may be written in the DML, or selected
DML commands can be inserted into universal programs.
- The use of standard language programs also provides the
organization with a degree of independence from the DBMS
vendor.
- It can be used to ‘patch’ third party applications to the DBMS.
DATABASE APPROACH
USERS
DBMS Operation –the figure below illustrates how the DBMS and user applications work together.
Consider the typical sequence of events that occur while accessing data.
DATABASE APPROACH
USERS
Informal Access: Query Language
–The second method of database access is
the informal method of queries.
-Query is an ad hoc access methodology
for extracting information from a database. Users
can access data via direct query (which requires
no formal application programs) using the
DBMS's built-in query facility.
- Structured Query Language (SQL) has
emerged as the standard query language. SQL is
a fourth-generation, nonprocedural language
(English like commands) with many commands
that allow users to input, retrieve, and modify
data easily. The SELECT command is a powerful
tool for retrieving data.
- Query feature enhances ability to deal
with problems that pop-up but poses an
important control issue. Must ensure it is not
used for unauthorized database access.
DATABASE APPROACH
DATABASE ADMINISTRATOR
- The DBA is responsible for managing the database resource. The sharing of a common database by
multiple users requires organization, coordination, rules, and guidelines to protect the integrity of the
database
- Functions of the Database Administrator
*Database Planning *Operation and Maintenance
*Design *Change and Growth
*Implementation
- Data dictionary is an important function of the DBA. It describes every data element in the database
and enables all users (and programmers) to share a common view of the data resource.
- Physical database is the fourth major element of the database approach.
- Lowest level and only one in physical form.
- Data structures are bricks and mortar of database. It allows records to be located, stored, and retrieved.
Two components: organization and access methods.
- Access methods are programs used to locate records and to navigate through the database.
DATABASE APPROACH
DATABASE ADMINISTRATOR
Database terminology
• Entity -anything organization wants to capture data about
• Record Type -physical database representation of an entity.
• Occurrence -related to the number of records of represented by a particular record type.
• Attributes -defines entities with values that vary (i.e. each employee has a different name).
• Database -set of record types that an organization needs to support its business processes
• Associations -record types that constitute a database exist in relation to other record types.

-3 basic record association:

1. One-to-one -for every occurrence of Record Type X there is one (or zero) of Record Type Y.
2. One-to-many -for every occurrence of Record Type X, there are zero, one or many occurrences of
Record Type Y.
3. Many-to-many -for every occurrence of Record Types X and Y, there are zero, one or many
occurrences of Record Types Y and X, respectively.
DATABASE APPROACH
Hierarchical Model
• Basis of earliest DBAs and still in use today.
• Sets that describe relationship between two linked files.
• Each set contains a parent and a child.
• Files at the same level with the same parent are
siblings.
• Tree structure with the highest level in the tree is the
root segment and the lowest file in a branch is the leaf.
• Sets that describe relationship between two linked files.
• Also called a navigational database.
• Usefulness of model is limited because of the following
limitations of hierarchical model:
• A parent record may have one or more child records.
• No child record can have more than one parent

Network Model
• In the late 1970s, an ANSI committee created the Committee on Development of Applied Symbolic Languages
(CODASYL), which formed a database task group to develop standards for database design. CODASYL developed
the network model for databases.

• Like the hierarchical model, it is a navigational database with explicit linkages between records and files. The
distinction is that the network model permits a child record to have multiple parents.
DATABASE APPROACH
Relational Model
• E. F. Codd originally proposed the principles of the relational
model in the late 1960s.! The formal model has its foundations in
relational algebra and set theory, which provide the theoretical
basis for most of the data manipulation operations used.
• Difference between this and navigational models is the way data
associations are represented to the user.
• Relational model portrays data in two- dimensional tables with
attributes across the top forming columns
• Intersecting columns to form rows are tuples which are
normalized arrays of data similar to records in a flat-file system.
• Relations are formed by an attribute common to both tables in the
relation
• Properly designed tables possess the following four
characteristics:
1. All occurrences at the intersection of a row and a column
are a single value. No multiple values (repeating groups) are allowed.
2. The attribute values in any column must all be of the
same class.
3. Each column in a given table must be uniquely named.
4. Each row in the table must be unique in at least one
attribute. This attribute is the primary key.
DATABASES IN A DISTRIBUTED
ENVIRONMENT
 DATABASES IN A DISTRIBUTED ENVIRONMENT
CENTRALIZED DATABASES
• Data retained in a central location.
• Remote IT units send requests to central site which
processes requests and transmits data back to the
requesting IT units.
• The actual processing of the data is performed at the
remote IT unit.
• Objective of database approach it to maintain data
currency with can be challenging.
• During processing, account balances pass through a state
of temporary inconsistency where values are incorrect.
• To achieve data currency, simultaneous access to
individual data elements by multiple IT units must be
prevented. The solution to this problem is to employ a
database lockout, which is a software control (usually a
function of the DBMS) that prevents multiple simultaneous
accesses to data
 DATABASES IN A DISTRIBUTED ENVIRONMENT
DISTRIBUTED DATABASES
Distributed databases can be either partitioned or replicated

Partitioned databases

• splits central database into segments distributed to their primary users.

• works best for organizations that require minimal data sharing among units.
• Advantages:
* Users’ control increased by having data stored at local sites.
* Improved transaction processing response time.
* Volume of transmitted data between IT units is reduced.
* Reduces potential data loss from a disaster.
• Deadlock Phenomenon occurs when multiple sites lock each other out of the database, preventing
each from processing its transactions. Transactions in a “wait” state until locks removed. This can
result in transactions being incompletely processed and database being corrupted.
• Deadlock is a permanent condition that must be resolved with special software that analyzes and
resolve conflicts.
• Resolving a deadlock usually involves terminating one or more transactions to complete processing
of the other transactions in the deadlock. The preempted transactions must then be reinitiated
 DATABASES IN A DISTRIBUTED ENVIRONMENT
DISTRIBUTED DATABASES
Distributed databases can be either partitioned or replicated

Replicated databases

• Effective for situations with a high degree of data sharing, but no primary
user.
• Since common data are replicated at each IT unit site, the data traffic
between sites is reduced considerably
• primary justification for a replicated database is to support read-only
queries.
• The problem with this approach is maintaining current versions of the
database at each site.
• Since each IT unit processes only its transactions, common data
replicated at each site are affected by different transactions and reflect
different values.
 CONCURRENCY CONTROL
• Database concurrency is the presence of complete and accurate data at all
user sites.
• A commonly used method for concurrency control is to serialize
transactions. This method involves labeling each transaction by two
criteria.
• First, special software groups transactions into classes to identify
potential conflicts.
• The second part of the control process is to time stamp each
transaction.

DATABASE DISTRIBUTION METHODS AND THE ACCOUNTANT

• The decision to distribute databases is one that should be entered into

thoughtfully, there are many issues and trade-offs to consider.
• The preservation of audit trails and the accuracy of accounting records
are key concerns. Clearly, these are decisions that the modern auditor
should understand and influence intelligently.
 CONTROLLING AND AUDITING DATA MANAGEMENT SYSTEMS
• Controls over data management systems fall into two categories.
• Access controls are designed to prevent unauthorized individuals from viewing,
retrieving, corrupting or destroying data.
• Backup controls ensure tat the organization can recover its database in the event of
data loss.
ACCESS control
• User views (subschema) is a subset of the database that defines user’s data domain and access.
• Database authorization table contains rules that limit user actions.
• Data encryption procedures protect sensitive data
• Biometric devices such as fingerprints or retina prints control access to the database.
• Inference controls should prevent users from inferring, through query options, specific data values
they are unauthorized to access.
Audit Procedures for Testing Database Access Controls
• Responsibility for Authority Tables and Subschemas
• Appropriate Access Authority
• Biometric Controls
• Inference Controls
• Encryption Controls
 CONTROLLING AND AUDITING DATA MANAGEMENT SYSTEMS
BACKUP control

Backup Controls in the Flat-File Environment

• Sequential files (both tape and disk) use a backup technique called grandparent parent-child (GPC).
• Direct access files, by contrast, need a separate backup procedure
GFS Backup Technique
- When using the GFS approach for financial systems, management and auditors should be
involved in determining the appropriate number of backup files needed.
- The systems designer determines the number of backup master files needed for each application.
Two factors influence this decision: (1) the financial significance of the system and (2) the degree of file
activity.
Direct Access File Backup
- Data values in direct access files are changed in place through a process called destructive
replacement. Therefore, once a data value is changed, the original value is destroyed, leaving only one
version (the current version) of the file. To provide backup, direct access files must be copied before being
updated
Off-Site Storage
- As an added safeguard, backup files created under both the GPC and direct access approaches
should be stored off site in a secure location
 Backup Controls in the Database Environment
• Since data sharing is a fundamental objective of the database approach, environment is vulnerable to
damage from individual users.
Four needed backup and recovery features:
• Backup feature makes a periodic backup of entire database which is stored in a secure, remote
location.
• Transaction log provides an audit trail of all processed transactions
• Checkpoint facility suspends all processing while system reconciles transaction log and database
change log against the database.
• Recovery module uses logs and backup files to restart the system after a failure.

Audit Objective Relating to Flat File Backup

- Verify that backup controls in place are effective in protecting data files from physical damage,
loss, accidental erasure, and data corruption through system failures and program errors.
Audit Objective Relating to Database Backup
- Verify that controls over the data resource are sufficient to preserve the integrity and physical
security of the database.

Audit Procedures for Testing Database Access Controls

•Verify backups are performed routinely and frequently
•Verify that automatic backup procedures are in place and functioning and that copies of the database are
stored off-site.
END OF THE PRESENTATION.
THANK YOU.

Ref.: https://pdfslide.net/education/chapter-4-security-part-ii-auditing-database-systems.html?page=37
Auditing in CIS ppt.