Chapter 12 Flashcards
How does ineffective data administration lead to poor data quality?
- Multiple data defintions, causing data integration problems
- Missing data elements, causing reduction in data value
- Inappropriate data sources and timing, cuasing lowered reliability
- Inadequate familitary, causing ineffective use of data for planning and strategy
- Poor response time and excessive downtime
- Damaged, sabotage, and stolen data
- Unauthorized access leading to embarassment to organization
What is data administration?
A high-level function that is responsible for the overall management of data resources in an organization, including maintaining corporte-wide definitions and standards
What is Database Administration?
A technical function that is responsible for physical database design and for dealing with technical issues such as security enforcement, database performance, and backup and recovery
What are traditional data administration functions?
- Data policies, procedures, standards
- Planning
- Data conflict (ownership) resolution
- Managing the information repository
- Internal marketing of DA concepts
What are traditional database administration functions?
- Analyzing and designing databases
- Selecting DBMS and software tools
- Intalling/Upgrading DBMS
- Tuning database performace
- Improving query processing performace
- Managing data security, privacy, and integrity
- Data backup and recovery
What is data warehouse administration?
New role that is coming with the growth in data warehouses.
Similar to DA/DBA roles but with an emphasis on integrations and coordination of metadata/data across many data sources.
What are the specific roles of Data warehouse administration?
- Support decision support applications
- Build a stable architecture - corporate information factory
- Establish service level agreements regarding data warehouses and data marts
What is Open Source DBMS?
An alternative to propriertary packages such as Oracle, Microsoft SQL Server, or DB2
Examples: MySQL, PostgreSQL
What are the advantages of Open Source DB Management?
- Pool of volunteer developers and testers
- Less expensive than proprietary packages
- Source code available, for modification
What are the disadvantages of Open Source DB Management?
- Absence of complete documentation
- Ambiguous licensing concerns
- Not as feature-rich as proprietary DBMSs
- Vendors may not have certification programs
What are some considerations when selecting an open source DBMS?
- Features
- Support
- Ease of use
- Stability
- Speed
- Training
- Licensing
What is database security?
Protection of the data against accidental or intentional loss, destruction, or misuse.
What makes database security tougher?
There is increased difficulty due to Internet access and client/server technologies
What are threats to data security?
- Accidental losses attributed to Human error, Software failure, Hardware failure
- Theft and fraud
- Loss of privacy (personal data) and confidentiality(corporate data)
- Loss of data integrity
- Loss of availability (sabotage, etc.)
Static HTML are easy to secure, how can you secure them?
- Standard database access controls
- Place Web files in protected directories on server
Dynamic pages are harder to secure, what can be done to secure them?
- User authentication
- Session security
- SSL for encryption
- Restrict number of users and open ports
- Remove unnecessary programs
For the W3C Web privacy standard, what is P3P?
Platform for Privacy Protection
What does P3P address?
- Who collects data
- What data is collected and for what purpose
- Who is data shared with
- Can users control access to their data
- How are disputes resolved
- Policies for retaining data
- Where are policies kept and how can they be accessed
What are features of database software security?
- Views or subschemas
- Integrity controls
- Authorization rules
- User-defined procedures
- Encryption
- Authentication schemas
- Backup, journalizing, and checkpointing
What are views?
- Subset of the database that is presented to one or more users
- User can be given access privilage to view without allowing access privilege to underlying tables
What are integrity controls?
- Protect data from unauthorized use
- Domains - set allowable values
- Assertions - Enforce database conditions
- Triggers - prevent innapropriate actions, invoke special handling procedures, write to log files
What are authorization rules?
Controls incorporated in the data management system.
What do authorization rules restrict?
- Access to data
- Actions that people can take on data
What does the authorization matrix for authorization rules include that expresses the rules in the form of a table?
- Subjects
- Objects
- Actions
- Constraints
Some DBMS also provide capabilities for what to customize the authorization process?
User-defined procedures
What is encryption?
The coding or scrambling of data so that humans cannot read them
What is the goal of authentication schemes?
To obtain a positve identification of the user
What is the first line of defense in authentication?
Passwords
They should:
- Be at least 8 characters long
- Combine alphabetic and numeric data
- Not be complete words or personal information
- Be changed frequently
Why are passwords flawed?
- Users share them with each other
- They get written down, could be copied
- Automatic logon scripts remove need to explicitly type them in
- Unencrypted passwords travel the Internet
What are some solutions to provide stronger authentication in addition to passwords?
- Two factor authentication (Smart care plus PIN)
- Three factor authentication (Smart care, biometric, PIN)
What is the purpose of the Sarbanes-Oxley (SOX) act?
- Requires companies to audit the access to sensitive data
- Designed to ensure integrity of public companies’ financial statements
What do SOX audits involve?
- IT change management
- Locical access to data
- IT operations