Systems Analysis and Design in a Changing World, 6th Edition 1

Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 2

Example Set of TablesWith Primary Key and Foreign Key

Systems Analysis and Design in a Changing World, 6th Edition 3

Database and DBMS Components

Systems Analysis and Design in a Changing World, 6th Edition 4

Designing Data Base and System Controls Architecture

Existing databases Integrity control –

rejects invalid inputs, prevents unauthorized outputs, and protects data and programs against tampering

Security controls – part of the operating system and network and tend to

be less application specific.

Systems Analysis and Design in a Changing World, 6th Edition 5

Partitioning Database SchemaInto Client Access Subsets

Systems Analysis and Design in a Changing World, 6th Edition 6

Architecture for RMOReplicated and Partitioned Database

Systems Analysis and Design in a Changing World, 6th Edition 7

Integrity and Security Controls

Systems Analysis and Design in a Changing World, 6th Edition 8

Integrity ControlsInput Controls

Value limit control Completeness control Data validation control Field combination control

Systems Analysis and Design in a Changing World, 6th Edition 9

Integrity ControlsCont.

Access control Transaction logging Complex update control Output control Redundancy Backup Recovery

Systems Analysis and Design in a Changing World, 6th Edition 10

Integrity ControlsTo Prevent Fraud

Fraud triangle – Opportunity, Motivation, and Rationalization must all exist for

a fraud to occur

Systems Analysis and Design in a Changing World, 6th Edition 11

Integrity ControlsTo Prevent Fraud

Systems Analysis and Design in a Changing World, 6th Edition 12

Security Controls

Access Controls

Systems Analysis and Design in a Changing World, 6th Edition 13

Security ControlsData Encryption

Public key encryption – a form of asymmetric key encryption that uses a public key for encryption

and a private key for decryption

Systems Analysis and Design in a Changing World, 6th Edition 14

Security ControlsDigital Certificate Digital certificate -- an institution’s name and public key (plus other

information, such as address, Web site URL, and validity date of the certificate) encrypted and certified by a third party

Certifying authority -- a widely accepted issuer of digital certificates

Systems Analysis and Design in a Changing World, 6th Edition 15

Security ControlsSecure Transactions

Secure Sockets Layer (SSL) -- a standard set of methods and protocols that address authentication, authorization, privacy, and integrity

Transport Layer Security (TLS) -- an Internet standard equivalent to SSL

IP Security (IPSec) -- an Internet standard for secure transmission of low-level network packets

Secure Hypertext Transport Protocol (HTTPS) -- an Internet standard for securely transmitting Web pages