Systems Analysis and Design in a Changing World, 6th Edition 1

Chapter 12 - Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 2

Distributed Database Architectures

Single database server

Replicated database server

Partitioned database server

Cloud-based database server

Systems Analysis and Design in a Changing World, 6th Edition 3

Partitioning Database SchemaInto Client Access Subsets

Systems Analysis and Design in a Changing World, 6th Edition 4

Architecture for RMOReplicated and Partitioned Database

Systems Analysis and Design in a Changing World, 6th Edition 5

Designing System Controls Controls -- mechanisms and procedures that are

built into a system to safeguard the system and the information within it

Integrity control -- a control that rejects invalid data inputs, prevents unauthorized data outputs, and protects data and programs against accidental or malicious tampering

Security controls -- are part of the operating system and the network and tend to be less application specific.

Systems Analysis and Design in a Changing World, 6th Edition 6

Integrity and Security Controls

Systems Analysis and Design in a Changing World, 6th Edition 7

Integrity ControlsInput Controls

value limit control

completeness control

data validation control

field combination control

Systems Analysis and Design in a Changing World, 6th Edition 8

Integrity Controls

Access control

Transaction logging

Complex update control

Output control

Systems Analysis and Design in a Changing World, 6th Edition 9

Integrity Controls

Redundancy

Backup

Recovery

Systems Analysis and Design in a Changing World, 6th Edition 10

Integrity ControlsTo Prevent Fraud

Fraud triangle Opportunity Motivation Rationalization

Systems Analysis and Design in a Changing World, 6th Edition 11

Integrity ControlsTo Prevent Fraud

Systems Analysis and Design in a Changing World, 6th Edition 12

Designing Security Controls

Security control - protects the assets of an organization from all threats, with a primary focus on external

Two Objectives Maintain a stable, functioning operating environment for

users and application systems (usually 24 hours a day, 7 days a week).

Firewalls to protect from hackers, viruses, works, and denial of service attacks

Protect information and transactions during transmission across the Internet and other insecure environments

Information could be intercepted, destroyed or modified

Systems Analysis and Design in a Changing World, 6th Edition 13

Security Controls

Access Controls

Systems Analysis and Design in a Changing World, 6th Edition 14

Security ControlsData Encryption

Asymmetric key encryption -- encryption method that uses different keys to encrypt and decrypt the data

Public key encryption -- a form of asymmetric key encryption that uses a public key for encryption and a private key for decryption