Database Security

Group Assignment

Page 1 of 5

In this assignment you are required to:

Form yourselves into groups of 2.

Design, develop and implement a solution to a business problem.

Implement the solution in either MS SQL Server or Oracle.

Document the solution as set out in the assignment requirements.

Submit individual personal reflection report about your work. Apart from your
presentation and viva marks, personal reflection will be considered to measure
the individual performance from both group and individual components. The
personal reflection report should provide a comprehensive discussion of the
system. Students should be able to explain in detail the work that has been
done and needs to fully discuss their roles and efforts in the project. Students
should also highlight development of their own element of product which was
then integrated by the team to compile a finished product.

Include a workload matrix, providing details on the distribution of work

amongst group members. The workload matrix has to be agreed and signed
off by ALL group members.

Submit a CD/DVD containing the softcopy of both your documentation and

application.

Demonstrate your application in week 13. All group members must attend the
demonstration. Demonstration schedules will be published at a later date.

Level 3

Asia Pacific University

2015

Database Security

Group Assignment

Page 2 of 5

Case Study
You are required to create a secure database as to help Wellmeadows Hospital *, a
small community hospital to meet the privacy and security of patients health
information, schedule its patients appointments and hospital admissions.

Data Requirements
Wards
The Wellmeadows Hospital has 17 wards including an out-patient clinic with a total
of 240 beds available. Each ward is uniquely identified by a number (for example,
ward 11) and also a ward name (for example, Orthopaedic), total number of beds (the
out-patient clinic has no beds), whether it is for females or males, and telephone
extension number (example, Extn 7711).
Nurse
Every ward has a head nurse and general nurse/trainee nurse. Only one head nurse are
assigned for each ward who can update the daily activities (daily medicine dosage and
special care) of patients. General nurse/trainee nurse can only view the activities
assigned to them and update status along with the date and time.
Patients
When a patient is first referred to the hospital, he or she is allocated a unique patient
number. At this time, additional details of the patient are also recorded including the
name (first and last name), address, telephone number, date of birth, gender, marital
status, date registered with the hospital, and the details of the patients next of kin
(name, relationship, telephone number).
Patient Appointments
When a patient is first referred to Wellmeadows, he or she is given an appointment
either through phone or by visiting hospital for an examination by a hospital doctor.
Each appointment is given a unique appointment number. The details of each patients
appointment are recorded by receptionist, and include the name and staff number of
the doctor undertaking the examination, and the date and time of the appointment. As
a result of the examination, the patient is recommended to either attend the out-patient

Level 3

Asia Pacific University

2015

Database Security

Group Assignment

Page 3 of 5

clinic or is assigned to a bed in an appropriate ward. (Assume that there is always

such a bed available.)

Out-patients
The details of out-patients are stored and include the patient number, name (first and
last name), address, telephone number, date of birth, gender, and the date, time, and
location of the appointment at the out-patient clinic.
In-patients
The details of patients who are admitted to a ward are recorded. These details include
the patient number, name (first and last name), address, telephone number, date of
birth, gender, marital status, the details of the patients next-of-kin, the ward assigned,
the expected duration of stay in days, date stay began, date expected to leave the
ward, and the actual date the patient left the ward, when known.
Doctors
The details of each of the doctors working at Wellmeadows are recorded. They
include the doctors full name, staff number, the doctors specialty or specialties and
the doctors telephone extension. The appointment schedule is recorded for each
doctor including time, date, location, and patient name.
You are not required to deal with any of the hospitals other operations and you can
assume there is no need to consider concurrency, legacy or network issues.

Level 3

Asia Pacific University

2015

Database Security

Group Assignment

Page 4 of 5

*Adopted from Connolly, T. & Begg, C, 1999, Database Systems: A Practical Approach to Design, Implementation, and Management, 2nd ed., Addison-Wesley,
Harlow, England.

Requirements:
(A)

Develop an ERM to support Wellmeadows activities. The ERM must include

an ERD which shows entities, relationships and should be followed by logical
design. Identify primary and foreign keys, and show cardinality and
optionality.
Your model should support the business requirements and assumptions made
to be documented.
(30 marks)

(B)

Document and provide a written description and justification of your database

auditing environment (Database, Audited entities, People, Objectives &
Procedures).
(10 marks)

(C)

Develop a password policy for the user and produce authorization matrix for
individual role. Each group member is required to design two authorization
matrixes.
(10 marks)

(D)

Create user to be authenticated in server level and database level enforcing the
password policy. Assign individual user to appropriate role based on the
authorization matrix produced in Question (C). Each group member is
required to create two users with different role.
(10 marks)

(E)

Implement a Logon Trigger to record all the login activities to server. Some
marks may be awarded for features which do not function fully but where the
group can explain the issues.
(10 marks)

(F)

Implement an historical model to track all the modification happens in

Wellmeadows database. Each group member is required to produce two DML
triggers covering Insert, update & delete.
(10 marks)

Level 3

Asia Pacific University

2015

Database Security

Group Assignment

Page 5 of 5

(G)

Critically appraise the need for encryption in Wellmeadows database and

justify the encryption hierarchy level chosen. Each group member is required
to implement the encryption hierarchy level chosen with suitable encryption
(symmetric/asymmetric) mechanism.
(10 marks)

(H)

Develop an effective backup and restore strategy to be implemented in

Wellmeadows and ensure backup compression technique applied.
(10 marks)

Level 3

Asia Pacific University

2015