systems analysis and design in a changing world, 6th edition 1 chapter 12 databases, controls, and...

15
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Upload: eustace-newton

Post on 16-Jan-2016

218 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 1

Chapter 12 Databases, Controls, and Security

Page 2: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 2

Example Set of TablesWith Primary Key and Foreign Key

Page 3: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 3

Database and DBMS Components

Page 4: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 4

Designing Data Base and System Controls Architecture

Existing databases Integrity control –

rejects invalid inputs, prevents unauthorized outputs, and protects data and programs against tampering

Security controls – part of the operating system and network and tend to

be less application specific.

Page 5: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 5

Partitioning Database SchemaInto Client Access Subsets

Page 6: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 6

Architecture for RMOReplicated and Partitioned Database

Page 7: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 7

Integrity and Security Controls

Page 8: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 8

Integrity ControlsInput Controls

Value limit control Completeness control Data validation control Field combination control

Page 9: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 9

Integrity ControlsCont.

Access control Transaction logging Complex update control Output control Redundancy Backup Recovery

Page 10: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 10

Integrity ControlsTo Prevent Fraud

Fraud triangle – Opportunity, Motivation, and Rationalization must all exist for

a fraud to occur

Page 11: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 11

Integrity ControlsTo Prevent Fraud

Page 12: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 12

Security Controls

Access Controls

Page 13: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 13

Security ControlsData Encryption

Public key encryption – a form of asymmetric key encryption that uses a public key for encryption

and a private key for decryption

Page 14: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 14

Security ControlsDigital Certificate Digital certificate -- an institution’s name and public key (plus other

information, such as address, Web site URL, and validity date of the certificate) encrypted and certified by a third party

Certifying authority -- a widely accepted issuer of digital certificates

Page 15: Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security

Systems Analysis and Design in a Changing World, 6th Edition 15

Security ControlsSecure Transactions

Secure Sockets Layer (SSL) -- a standard set of methods and protocols that address authentication, authorization, privacy, and integrity

Transport Layer Security (TLS) -- an Internet standard equivalent to SSL

IP Security (IPSec) -- an Internet standard for secure transmission of low-level network packets

Secure Hypertext Transport Protocol (HTTPS) -- an Internet standard for securely transmitting Web pages