Professional Documents
Culture Documents
qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm CHANGE OF qwertyuiopasdfghjklzxcvbnm DATABASE qwertyuiopasdfghjklzxcvbnm MANAGEMENT qwertyuiopasdfghjklzxcvbnm SYSTEM qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm rtyuiopasdfghjklzxcvbnmqwe
TABLE OF CONTENTS
SECTION NO.
EXECUTIVE SUMMARY PROFILE OF THE COMPANY NATURE OF THE BUSINESS SECURITY AND RISK OF THE NEW DBMS RISK IN CHANGING THE SYSTEM CONTROL EXPOSURES ADEQUACY OF CONTROLS CONTROLS TO ENSURE CONTINUITY OF OPERATIONS COST-BENEFIT ANALYSIS
PAGE
3 4 4 5 6 7 8 8 9
pg.
Executive Summary
This report is prepared in the context of growing importance of changing/upgrading database management system of more advance, fast and face todays world challenges in any organization. In todays information age organizations have adopted huge databases which are the backbone of their information systems. These database management systems require special attention and care on every aspect from initial development to maintenance and security issues. ABC Company is the company whose changing database management system is analyzed in this report in detail. It is well established company and engaged in the business of restaurant pizzeria point of sale (POS), distributing, delivering and making sales around the country. The report precisely covers the topics namely, Security and Risk of the new DBMS, Risk in Changing the System, Control Exposure, Adequacy of Controls, Controls to ensure Continuity of Operations and Cost-Benefit Analysis. Finally the report is concluded with the comparison of both the systems.
pg.
Successful pizzerias need to handle orders quickly and efficiently to manage their high order volume. A good POS helps them to do this. A slow or unreliable computer system, on the other hand, can cost them business. Consequently, when ABC Company, began to pg.
evaluate database management system options to replace their aging Hierarchical model of DBMS to new Relational model of DBMS, as speed and reliability are their primary considerations.
1.
2.
3.
The advantage of setting up of a database makes it easier to enforce security restrictions since data is now centralized. It is easier to control who has access to what parts of the database. Different checks can be established for each type of access (retrieve, modify, delete etc.) to each piece of information in the database.
pg.
4.
The DBMS also has the job of controlling access to database. Various types of control systems within the DBMS make sure that the database continues to function properly: * Integrity system * Security system * Concurrency control system * Recovery control system
5.
A DBMS is a software system that enables users to define, create and maintain a database. The DBMS also enforces necessary access restrictions and security measures in order to protect the database.
5: User acceptance of change: While in changing system the risk of user acceptance are of great importance because user acceptance does not come overnight. In traditional system implementation user acceptance of change is a milestone left to the end. 6: Benefits attainment: Attaining benefits is a major concern these benefits must be translated into tangible benefits i.e., fuzzy benefits are not allowed. While changing in system the risk one should keep in mind when measuring benefits, is measured not just the new process, but also what would happen if the old process were to continue to live. There would be more deterioration. 7: Process measurement: Many organizations implement new systems and then perform a post implementation review. If this is successful and the business unit is not unhappy, measurement often stops. The risks appear when there is no provision of on-going measurement in IT systems implementation that the system and process can deteriorate individually and collectively.
Control Exposures
It is critical that database integrity and availability be maintained. This is ensured through the following controls. Establish and enforce definition standards. Establish and implement data backup and recovery procedure to ensure database availability. Establish the necessary levels of access controls of data items, tables and files to prevent inadvertent and unauthorized access. Establish controls to ensure that only personnel can update the database. Establish controls to handle concurrent access problem such as multiple user desiring to update the same data elements at the same time (i.e., transaction commit, locking of records/files). Establish controls to ensure accuracy, completeness and consistency of data elements and relationships in the database. It is important that these controls, if possible, be contained in the table/columns definition. In this way, there is no possibility that these rules will be violated because of programming flaws or through the usage of utilities of manipulating data. Use database checkpoints at junctures in the job stream that minimize data loss and recovery efforts to restart processing after a system failure. pg.
Perform database reorganization to reduce unused disk space and verify defined data relationships. Follow database restructuring procedures when making logical, physical and procedural changes. Use database performance reporting tools to monitor and maintain database efficiency (e.g., available storage space, buffer size, CPU usage, disk storage configuration and deadlock conditions). Minimize the ability to use nonsystematic tools, i.e., those outside security controls, to access the database. Controlling Data Redundancy in the conventional file processing system, every user group maintains its own files for handling its data files. This may lead to Duplication of same data in different files. Wastage of storage space, since duplicated data is stored. Errors may be generated due to updation of the same data in different files. Time in entering data again and again is wasted. Computer Resources are needlessly used. It is very difficult to combine information
Adequacy Of Controls
The Security Policy(s) is regularly reviewed for adequacy based upon the evolving technology and changing user/customer requirements. IS department Staff has adequate training on servers and gateways. Adequate logging, reporting and surveillance facilities exist within the firewall software. Adequate controls are applied to ensure the integrity and security of transactions between the core systems and the mainframe. Controls over DBMS resources are adequately documented and implemented. Adequate certification techniques are in place to verify user identity. Keys used for authentication or encryption are adequately managed. Appropriate controls are in place to ensure PIN/Password storage databases are adequately secured and managed. Procedures have been defined for regular monitoring the core systems performance to ensure there is adequate capacity for transactions.
The problem of maintaining continuity of operation in the face of natural disasters, hardware failures, and other disruptive events has received considerable attention in both theory and practice. The basic technique to deal with such situations is redundancy in various forms. Recovery mechanisms: In DBMSs must also ensure that we arrive at a consistent state. In many respects, these mechanisms are syntactic in the sense of being application independent, much as mechanisms for the first three properties presented in the section Well-formed transactions were. Authenticated users: Authentication is primarily the responsibility of the operating system. If the operating system is lacking in its authentication mechanism, it would be very difficult to ensure the integrity of the DBMS itself. The integrity of the database would thereby be that much more suspect. It therefore makes sense not to duplicate authentication mechanisms in the DBMS. Authentication underlies some of the other principles, particularly least privilege, separation of duties, reconstruction of events, and delegation of authority. In all of these, the end objective can be achieved to the fullest extent only if authentication is possible at the level of individual users.
Cost-Benefit Analysis
ADVANTAGE and DISADVANTAGE of OLD DBMS (HIERARCHICAL MODEL)
ADVANTAGE: Since the database is based on the hierarchical structure, the relationship between the various layers is logically simple. Since it is based on the parent child relationship, there is always a link between the parent segment and the child segment under it. It is very efficient because when the database contains a large number of 1: N relationship and when the user requires large number of transaction.
pg.
Fast update performance where locality of reference exists (locality of reference states that performance is significantly enhanced when the processing is close to the data being processed). Hierarchical model was the first database model that offered the data security that is provided by the DBMS.
DISADVANTAGE:
Although it is simple and easy to design, it is quite complex to implement. There is lack of structural independence because when we change the structure then it becomes compulsory to change the application too. Hierarchical model suffers from the insert, delete and update anomalies, also retrieval operation is difficult. Lack of flexibility; non-hierarchical relationships are awkward to represent; redundancy may be required. If you make any changes in the database structure, then you need to make changes in the entire application program that access the database.
ADVANTAGE: Flexible and well-established. Costs and risks associated with large development efforts and with large databases are well understood. The fundamental structure, i.e., a table, is easily understood and the design and normalization process is well defined. Standard data access language through SQL. pg.
10
Sound theoretical foundation and use over many years has resulted in stable, standardized products available.
DISADVANTAGE: Performance problems associated with re-assembling simple data structures into their more complicated real-world representations. Lack of support for complex base types, e.g., drawings. Locking mechanisms defined by RDBMSs do not allow design transactions to be supported, e.g., the "check in" and "check out" type of feature that would allow an engineer to modify a drawing over the course of several working days. SQL is limited when accessing complex data. Knowledge of the database structure is required to create ad hoc queries.
pg.
11
The old DBMS not compatible with the other DBMS models because changes to the database structure must be reflected in the application as well. In contrary the new DBMS is compatible with the other models because database structure is transparent. In old DBMS No query language unless it is predefined in to application. User needs to know the structure in order to query information. While in new DBMS versatile query language, includes ability to run ad hoc queries. In old DBMS data integrity plagued with redundancy due to the child/parent limitations. In contrary the new DBMS logical rules guarantee imposition of integrity constraints. In old DBMS changes to the structure are difficult to implement since the entire structure is predefined. While in new DBMS changes are easy to implement since the structure is transparent to the user and the application.
Conclusion
The cost of changing the system is estimated sharply and it is found that the savings in data entry cost alone would pay for the installation and operation of the DBMS.
pg.
12