Date post: | 16-Jan-2016 |
Category: |
Documents |
Upload: | eustace-newton |
View: | 214 times |
Download: | 0 times |
Systems Analysis and Design in a Changing World, 6th Edition 1
Chapter 12 Databases, Controls, and Security
Systems Analysis and Design in a Changing World, 6th Edition 2
Example Set of TablesWith Primary Key and Foreign Key
Systems Analysis and Design in a Changing World, 6th Edition 3
Database and DBMS Components
Systems Analysis and Design in a Changing World, 6th Edition 4
Designing Data Base and System Controls Architecture
Existing databases Integrity control –
rejects invalid inputs, prevents unauthorized outputs, and protects data and programs against tampering
Security controls – part of the operating system and network and tend to
be less application specific.
Systems Analysis and Design in a Changing World, 6th Edition 5
Partitioning Database SchemaInto Client Access Subsets
Systems Analysis and Design in a Changing World, 6th Edition 6
Architecture for RMOReplicated and Partitioned Database
Systems Analysis and Design in a Changing World, 6th Edition 7
Integrity and Security Controls
Systems Analysis and Design in a Changing World, 6th Edition 8
Integrity ControlsInput Controls
Value limit control Completeness control Data validation control Field combination control
Systems Analysis and Design in a Changing World, 6th Edition 9
Integrity ControlsCont.
Access control Transaction logging Complex update control Output control Redundancy Backup Recovery
Systems Analysis and Design in a Changing World, 6th Edition 10
Integrity ControlsTo Prevent Fraud
Fraud triangle – Opportunity, Motivation, and Rationalization must all exist for
a fraud to occur
Systems Analysis and Design in a Changing World, 6th Edition 11
Integrity ControlsTo Prevent Fraud
Systems Analysis and Design in a Changing World, 6th Edition 12
Security Controls
Access Controls
Systems Analysis and Design in a Changing World, 6th Edition 13
Security ControlsData Encryption
Public key encryption – a form of asymmetric key encryption that uses a public key for encryption
and a private key for decryption
Systems Analysis and Design in a Changing World, 6th Edition 14
Security ControlsDigital Certificate Digital certificate -- an institution’s name and public key (plus other
information, such as address, Web site URL, and validity date of the certificate) encrypted and certified by a third party
Certifying authority -- a widely accepted issuer of digital certificates
Systems Analysis and Design in a Changing World, 6th Edition 15
Security ControlsSecure Transactions
Secure Sockets Layer (SSL) -- a standard set of methods and protocols that address authentication, authorization, privacy, and integrity
Transport Layer Security (TLS) -- an Internet standard equivalent to SSL
IP Security (IPSec) -- an Internet standard for secure transmission of low-level network packets
Secure Hypertext Transport Protocol (HTTPS) -- an Internet standard for securely transmitting Web pages