CHAPTER 4: Auditing DatabaseSystems Flashcards
The term database is used in a broad context to include two general approaches:
the flat-file model and the database model.
Private ownership of data, which characterizes this model, is the root cause of several problems that inhibit data
integration
Flat-file model
three common database models:
the hierarchical, the network, and the relational models
these are called navigational databases
because of their structure and inflexibility.
hierarchical and network models
Newer accounting information systems make extensive use of this model.
Relational model
This flexible approach presents data in a two-dimensional format that is conceptually more pleasing to end users than complex navigational structures.
Relational Model
These are data files that contain records with no structured relationships to other files.
Flat files
This is most often associated with so-called legacy systems
flat-file approach
The ___________ environment promotes a single-user view approach to data management whereby end users own their data files rather than share them with other users
flat-file
TRUE OR FALSE
Data files are therefore structured, formatted, and arranged to suit the specific needs of the owner or primary user of the data in a database model.
FALSE
What are the three significant problems in the flat-file approach?
data storage, data updating, and currency of information
A problem in the flat-file model where efficient data management is not possible. To meet the private data needs of diverse users, organizations must incur the costs of both multiple collections and multiple storage procedures. Some commonly used data may be duplicated dozens, hundreds, or even thousands of times within an organization.
Data Storage
An example of this issue in a flat-file environment is when you need to make a change to a customer’s name or address that must be reflected in the appropriate master files. When users keep separate
and exclusive files, each change must be made separately for each user. These redundant updating tasks add significantly to the cost of data management.
Data Updating
An issue in flat-file environment where updated information is not properly disseminated, the change will not be reflected in some users’ data, resulting in decisions based on outdated information.
Currency of Information
This is the user’s inability to obtain additional information as his or her needs change. In other words, a user’s task is limited and decision-making ability is constrained by the data that he or she possesses and controls.
Task-Data Dependency
The _____________ is a special software system that is programmed to know which data elements each user is authorized to access.
DBMS or Database Management System
This approach centralizes the organization’s data into a common database that is shared by other users. With the enterprise’s data in a central location, all users have access to the data they need to achieve their respective objectives.
The Database Approach
A benefit of DBMS where each data element is stored only once, thereby eliminating data redundancy and reducing data collection and storage costs.
Elimination of Data Storage Problem
A benefit of DBMS where each data element exists in only one place, it requires only a single update procedure. This reduces the time and cost of keeping the database current.
Elimination of Data Update Problem
A benefit of DBMS where a single change to a database attribute is automatically made available to all users of the attribute. For example, a customer address change entered by the billing clerk is immediately reflected in the marketing and product services views.
Elimination of Currency Problem
The most striking difference between the database model and the flat-file model is the pooling of data into a common database that is shared by all organizational users. With access to the full domain of entity data, changes in user information needs can be satisfied without obtaining additional private data sets.
Elimination of Task-Data Dependency Problem
The Database Approach eliminates:
- Data Storage Problem
- Data Update Problem
- Currency Problem
- Task-Data Dependency Problem
What are the key elements of the Database Environment?
- The Database Management System
- Users
- The Database Administrator
- Physical database
- DBMS Models
Typical features of DBMS:
- Program development
- Backup and recovery
- Database usage reporting
- Database access
_________________ is a programming language used to define the database to the DBMS.
Data definition language (DDL)
The physical arrangement of records in the database is
presented through the _____________. This is the lowest level of representation, which is one step removed from the physical database. This view describes the structures of data
records, the linkages between files, and the physical arrangement and sequence of records in a file. There is only one __________ for the database.
Internal view
The _____________ describes the entire database. This view represents the database logically and abstractly, rather than
the way it is physically stored. There is only one ___________ for a database.
schema (conceptual view)
The ______________ defines the user’s section of the database—the portion that an individual user is authorized to access.
To a particular user, the _________is the database. Unlike the internal and conceptual views, there may be many distinct _________.
User view/External View
__________________ is the proprietary programming language that a particular DBMS uses to retrieve, process, and store
data.
Data Manipulation Language
A _____________ is an ad hoc access methodology for extracting information from a database.
Query
____________ has emerged as the standard query language for both mainframe and microcomputer DBMSs. ________________ is a fourth-generation, nonprocedural language (English-like commands) with many commands that allow users to input, retrieve, and modify data easily.
Structured Query Language
The _______________ is responsible for managing the database resource. The sharing of a common database by multiple users requires organization, coordination, rules, and guidelines to protect the integrity of the database.
Database Administrator
The duties of the DBA fall into the following areas:
database planning;
database design;
database implementation, operation, and maintenance;
and database growth and change.
The _____________ describes every data element in the database. This enables all users (and programmers) to share a common view of the data resource, thus greatly facilitating the analysis of user needs. The ____________ may be in both paper form and online.
Database Dictionary
This is the lowest level of the database and the only level that exists
in physical form.
physical database
____________ are the bricks and mortar of the database. The ___________ allows records to be located, stored, and retrieved and enables the movement from one record to another. ___________ have two fundamental components: organization and access method.
Data structures
The ___________ of a file refers to the way records are physically arranged on the secondary storage device. This may be either sequential or random. The records in sequential files are stored in contiguous locations that occupy a specified area of disk space.
Data Organization
The ___________ is the technique used to locate records and to navigate through the database. During database processing, the ____________ program, responding to requests for data from the user’s application, locates and retrieves or stores the records. The tasks carried out by the ______________ are completely
transparent to the user’s application.
Data Access Methods
A ______________ is an abstract representation of the data about entities, including resources (assets), events (transactions), and agents (personnel or customers, etc.) and their relationships in an organization.
data model
A ____________ is a single item of data, such as
customer’s name, account balance, or address.
data attribute or field
An __________ is a database representation of an individual resource, event, or agent about which we choose to collect data.
entity
When we group together the data attributes that logically define an entity, they form a ________
record type
A ____________is the set of record types that an organization needs to support its business processes
database
Record types that constitute a database exist in relation to other record types. This is called an _________
association
This means that for every occurrence in Record Type X, there is one (or possibly zero) occurrence in Record Type Y. For example, for every occurrence (employee) in the employee table, there is only one (or zero for new employees) occurrence in the year-to-date earnings table.
One-to-one association.
For every occurrence in Record Type X, there are zero, one, or many occurrences in Record Type Y. To illustrate, for every occurrence (customer) in the customer able, there are zero, one, or many sales orders in the sales order table. This means that a particular customer may have purchased goods from the company zero, one or many times during the period under review.
One-to-many association.
For each occurrence of Record Types X and Y, there are zero, one, or many occurrences of Record Types Y and X, respectively. The business relationship between an organization’s inventory and its suppliers illustrates the _________ association. Using this example, a particular supplier provides the company with zero (the supplier is in the database, but the firm does not buy from the supplier), one, or many inventory items. Similarly, the company may buy a particular inventory item from zero (e.g., the firm makes the item in-house), one, or many different suppliers.
Many-to-many association
The earliest database management systems were based on the _____________________.
hierarchical data model
IBM’s ______________is the most prevalent example of a hierarchical database
information management system (IMS)
The _______________ is constructed of sets that describe the relationship between two linked files. Each set contains a parent and a child. Files at the same level with the same parent are called siblings. This structure is also called a tree structure. The highest level in the tree is the root segment, and the lowest file in a particular branch is called a leaf.
hierarchical model
The hierarchical data model is called a ___________ because traversing the files requires following a predefined path
navigational database
Limitations of the Hierarchical Model
A parent record may have one or more child records.
No child record can have more than one parent.
Like the hierarchical model, the _____________is a navigational database with explicit linkages between records and files. The distinction is that the ____________ permits a child record to have multiple parents.
network model
The ________________ splits the central database into segments or partitions that are distributed to their primary users. This works best for organizations that require minimal data sharing among their distributed IT units.
partitioned database approach
In a distributed environment, it is possible for multiple sites to lock out each other from the database, thus preventing each from processing
its transactions. This is called ________________.
The Deadlock Phenomenon
A ___________ is a permanent condition that must be resolved by special software that analyzes each deadlock condition to
determine the best solution.
deadlock
______________ are effective in companies where there exists a high degree of data sharing but no primary user. Since common data are replicated at each IT unit site, the data traffic
between sites is reduced considerably.
Replicated databases
A commonly used method for concurrency control is to ____________. This method involves labeling each transaction by two criteria.
serialize transactions
A commonly used method for concurrency control is to ____________. This method involves labeling each transaction by two criteria.
serialize transactions
The ______________ is a subset of the total database that defines the user’s data domain and provides access to the database.
user view or subschema
The ___________________ contains rules that limit the actions a user can take. This technique is similar to the access control list used in the operating system. Each user is granted certain privileges that are coded in the authority table, which is used to verify the user’s action requests.
database authorization table
A __________________ allows the user to create a personal security program or routine to provide more positive user identification than a single password. Thus, in addition to a password, the security procedure asks a series of personal questions (such as the user’s mother’s maiden name), which only the legitimate user should know.
user-defined procedure
The ultimate in user authentication procedures is the use of _______________, which measure various personal characteristics, such as fingerprints, voice prints, retina prints, or signature characteristics. These user characteristics are digitized and stored permanently in a database security file or on an identification card that the user carries.
biometric devices
Audit Procedures for Testing Database Access Controls: ]
The auditor should verify that database administration (DBA) personnel retain exclusive responsibility for creating authority tables and designing user views.
Responsibility for Authority Tables and Subschemas
Audit Procedures for Testing Database Access Controls:
The auditor can select a sample of users and verify
that their access privileges stored in the authority table are consistent with their job descriptions organizational levels.
Appropriate Access Authority
Audit Procedures for Testing Database Access Controls
Responsibility for Authority Tables and Subschemas.
Appropriate Access Authority.
Biometric Controls.
Inference Controls.
Encryption Controls.
The backup procedure begins when the current master file (the parent) is processed against the transaction file to produce a new updated master file (the child). With the next batch of transactions,
the child becomes the current master file (the parent), and the original parent becomes the backup (grandparent) file.
GPC Backup Technique or grandparent–parent–child
(GPC) backup technique
Real-time systems use timed backup. Transactions processed between backup runs will need
to be reprocessed after restoration of the master file.
Real-Time Processing System
The ______________ feature provides an audit trail of
all processed transactions. It lists transactions in a _________________ file and records the resulting changes to the database in a separate database change log.
transaction log
The _____________ suspends all data processing while the
system reconciles the transaction log and the database change log against the database. At this point, the system is in a quiet state.
checkpoint facility
The _____________ uses the logs and backup files to restart the
system after a failure.
recovery module
